General Info

File name

easytether.exe

Full analysis
https://app.any.run/tasks/cedd6073-2ba2-42ec-a8d2-98012dc834e8
Verdict
Malicious activity
Analysis date
5/15/2019, 09:44:38
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

148891321baacf74d256d8020b7a78e5

SHA1

06b1aca2036cee473b71801957e2713f35e595a4

SHA256

8d9c740b013685e29d8f61e79d97790f5c7cddd9dd2ef4c53f0fe76d310e58bf

SSDEEP

98304:GfUbaFTldrQrV3sNPGlxuqcBNC3Wg2aDcezBSK778Srn9vtsh5BdYOZl+ZtmOdNe:GfU+FlOtKCWCms7778Srn9vtshH/ZkZ8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • easytthr.exe (PID: 3152)
  • easytether-bundle.exe (PID: 2388)
  • easytether.exe (PID: 292)
Changes the autorun value in the registry
  • easytether-bundle.exe (PID: 2388)
Loads dropped or rewritten executable
  • easytether.exe (PID: 292)
Creates files in the Windows directory
  • DrvInst.exe (PID: 1128)
  • DrvInst.exe (PID: 664)
  • MsiExec.exe (PID: 3808)
Searches for installed software
  • DrvInst.exe (PID: 1128)
  • DrvInst.exe (PID: 664)
  • easytether-bundle.exe (PID: 2388)
Executable content was dropped or overwritten
  • DrvInst.exe (PID: 1128)
  • MsiExec.exe (PID: 4068)
  • DrvInst.exe (PID: 664)
  • msiexec.exe (PID: 2428)
  • MsiExec.exe (PID: 3808)
  • easytether-bundle.exe (PID: 2388)
  • easytether.exe (PID: 292)
  • easytether.exe (PID: 3344)
Uses RUNDLL32.EXE to load library
  • DrvInst.exe (PID: 1128)
  • DrvInst.exe (PID: 664)
Removes files from Windows directory
  • DrvInst.exe (PID: 1128)
  • MsiExec.exe (PID: 3808)
  • DrvInst.exe (PID: 664)
Creates files in the driver directory
  • DrvInst.exe (PID: 1128)
  • MsiExec.exe (PID: 3808)
  • DrvInst.exe (PID: 664)
Changes the autorun value in the registry
  • msiexec.exe (PID: 2428)
Creates files in the program directory
  • easytether-bundle.exe (PID: 2388)
Creates a software uninstall entry
  • easytether-bundle.exe (PID: 2388)
Starts itself from another location
  • easytether.exe (PID: 292)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 4068)
  • MsiExec.exe (PID: 3116)
  • MsiExec.exe (PID: 2856)
  • MsiExec.exe (PID: 3808)
Creates or modifies windows services
  • MsiExec.exe (PID: 3808)
Creates a software uninstall entry
  • msiexec.exe (PID: 2428)
Creates files in the program directory
  • msiexec.exe (PID: 2428)
Application launched itself
  • msiexec.exe (PID: 2428)
Adds / modifies Windows certificates
  • DrvInst.exe (PID: 2524)
Changes settings of System certificates
  • DrvInst.exe (PID: 2524)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 2632)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (64.6%)
.dll
|   Win32 Dynamic Link Library (generic) (15.4%)
.exe
|   Win32 Executable (generic) (10.5%)
.exe
|   Generic Win/DOS Executable (4.6%)
.exe
|   DOS Executable Generic (4.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2017:11:18 23:00:38+01:00
PEType:
PE32
LinkerVersion:
14.11
CodeSize:
301568
InitializedDataSize:
159232
UninitializedDataSize:
null
EntryPoint:
0x2e2a6
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
1.3.4.0
ProductVersionNumber:
1.3.4.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Windows, Latin1
CompanyName:
Mobile Stream
FileDescription:
EasyTether
FileVersion:
1.3.4
InternalName:
setup
LegalCopyright:
Copyright (c) Mobile Stream. All rights reserved.
OriginalFileName:
easytether-bundle.exe
ProductName:
EasyTether
ProductVersion:
1.3.4
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
18-Nov-2017 22:00:38
Detected languages
English - United States
Debug artifacts
C:\agent\_work\8\s\build\ship\x86\burn.pdb
CompanyName:
Mobile Stream
FileDescription:
EasyTether
FileVersion:
1.3.4
InternalName:
setup
LegalCopyright:
Copyright (c) Mobile Stream. All rights reserved.
OriginalFilename:
easytether-bundle.exe
ProductName:
EasyTether
ProductVersion:
1.3.4
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000110
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
6
Time date stamp:
18-Nov-2017 22:00:38
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00049937 0x00049A00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.57001
.rdata 0x0004B000 0x0001ED60 0x0001EE00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.11423
.data 0x0006A000 0x00001730 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.15266
.wixburn8 0x0006C000 0x00000038 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 0.731255
.rsrc 0x0006D000 0x000035FC 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.15101
.reloc 0x00071000 0x00003DFC 0x00003E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.79434
Resources
1

Imports
    ADVAPI32.dll

    USER32.dll

    OLEAUT32.dll

    GDI32.dll

    SHELL32.dll

    ole32.dll

    KERNEL32.dll

    RPCRT4.dll

    Cabinet.dll (delay-loaded)

Exports

    No exports.

Screenshots

Processes

Total processes
56
Monitored processes
17
Malicious processes
6
Suspicious processes
1

Behavior graph

+
drop and start start drop and start drop and start easytether.exe easytether.exe easytether-bundle.exe vssvc.exe no specs drvinst.exe no specs msiexec.exe msiexec.exe no specs msiexec.exe drvinst.exe rundll32.exe no specs drvinst.exe no specs easytthr.exe no specs msiexec.exe no specs msiexec.exe drvinst.exe rundll32.exe no specs drvinst.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3344
CMD
"C:\Users\admin\AppData\Local\Temp\easytether.exe"
Path
C:\Users\admin\AppData\Local\Temp\easytether.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mobile Stream
Description
EasyTether
Version
1.3.4
Modules
Image
c:\users\admin\appdata\local\temp\easytether.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\msi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\feclient.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\{81c71371-2ebd-4e3d-89b1-9bcd88d2a2c9}\.cr\easytether.exe

PID
292
CMD
"C:\Users\admin\AppData\Local\Temp\{81C71371-2EBD-4E3D-89B1-9BCD88D2A2C9}\.cr\easytether.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\easytether.exe" -burn.filehandle.attached=148 -burn.filehandle.self=156
Path
C:\Users\admin\AppData\Local\Temp\{81C71371-2EBD-4E3D-89B1-9BCD88D2A2C9}\.cr\easytether.exe
Indicators
Parent process
easytether.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mobile Stream
Description
EasyTether
Version
1.3.4
Modules
Image
c:\users\admin\appdata\local\temp\{81c71371-2ebd-4e3d-89b1-9bcd88d2a2c9}\.cr\easytether.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\version.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\profapi.dll
c:\windows\system32\feclient.dll
c:\users\admin\appdata\local\temp\{dc3b4a5d-b104-4d79-9e6e-b95a766acfd3}\.ba\wixstdba.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mpr.dll

PID
2388
CMD
"C:\Users\admin\AppData\Local\Temp\{DC3B4A5D-B104-4D79-9E6E-B95A766ACFD3}\.be\easytether-bundle.exe" -q -burn.elevated BurnPipe.{88FA120A-6FB2-4BE5-BE36-41CCB494E79D} {54163E17-657B-4C9E-8004-177048BB9A0C} 292
Path
C:\Users\admin\AppData\Local\Temp\{DC3B4A5D-B104-4D79-9E6E-B95A766ACFD3}\.be\easytether-bundle.exe
Indicators
Parent process
easytether.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Mobile Stream
Description
EasyTether
Version
1.3.4
Modules
Image
c:\users\admin\appdata\local\temp\{dc3b4a5d-b104-4d79-9e6e-b95a766acfd3}\.be\easytether-bundle.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\msi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\feclient.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\profapi.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wups.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll

PID
2632
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
2524
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000005C4" "00000580"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
2428
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\propsys.dll
c:\program files\mobile stream\easytether\easytthr.exe

PID
2856
CMD
C:\Windows\system32\MsiExec.exe -Embedding A131A5C071A37117868E56FC4D52AA89
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msic9bd.tmp
c:\windows\installer\msi4634.tmp

PID
3808
CMD
C:\Windows\system32\MsiExec.exe -Embedding E19618CF243CDC34A80EE99424F521B4 M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msicb65.tmp
c:\windows\system32\wintrust.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\spfileq.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\slc.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ndiscapcfg.dll
c:\windows\system32\rascfg.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\mprmsg.dll
c:\windows\system32\tcpipcfg.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\nci.dll
c:\windows\system32\wlaninst.dll
c:\windows\system32\wwaninst.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshnetbs.dll

PID
664
CMD
DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{6d0e4786-c5bb-7347-eaf7-f02956ae507d}\easytthr.inf" "0" "63cc35f7b" "000005CC" "WinSta0\Default" "000005C0" "208" "C:\Windows\system32\DRVSTORE\easytthr_77932899B7A0A3A1A551BD93D66DAE7B655D4D4D"
Path
C:\Windows\system32\DrvInst.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\spinf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\ntmarta.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
3648
CMD
rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{39d90e6c-92e0-52f2-728b-161963fce705} Global\{5d6943ff-98a7-2c96-1987-23443a6c2664} C:\Windows\System32\DriverStore\Temp\{528b8137-6fcd-3e30-cd40-b0157416a214}\easytthr.inf C:\Windows\System32\DriverStore\Temp\{528b8137-6fcd-3e30-cd40-b0157416a214}\easytthr.cat
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
DrvInst.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\pnpui.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\duser.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\netutils.dll

PID
2148
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "00000000" "000005D4" "00000300"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
3152
CMD
"C:\Program Files\Mobile Stream\EasyTether\easytthr.exe" /s
Path
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Version:
Company
Mobile Stream
Description
EasyTether Tray
Version
1.3.4.0
Modules
Image
c:\program files\mobile stream\easytether\easytthr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wintrust.dll

PID
3116
CMD
C:\Windows\system32\MsiExec.exe -Embedding 9F6354CE47D04EB9BB7612F4ADC1C9A7
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi7545.tmp
c:\windows\installer\msi7a65.tmp

PID
4068
CMD
C:\Windows\system32\MsiExec.exe -Embedding A0820EA403241781DC91428E51C4D40F M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi768f.tmp
c:\windows\system32\wintrust.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\cabinet.dll

PID
1128
CMD
DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{3d0002b2-90f5-6e57-accb-fd44beb37920}\adb.inf" "0" "6e04f4ae3" "000005D0" "WinSta0\Default" "000005C4" "208" "C:\Program Files\Mobile Stream\EasyTether\adb"
Path
C:\Windows\system32\DrvInst.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\spinf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
944
CMD
rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{2db66b18-8aa2-0d37-50d2-317193317a5d} Global\{19e7a4b4-8d09-3230-3985-397928f4a62a} C:\Windows\System32\DriverStore\Temp\{6d8d2f5d-85e3-65e7-8cee-9031f4c2a64e}\adb.inf
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
DrvInst.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\pnpui.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\duser.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\netutils.dll

PID
1488
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot20" "" "" "65dbac317" "00000000" "00000578" "000003A0"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fveui.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

Registry activity

Total events
2137
Read events
1169
Write events
920
Delete events
48

Modification events

PID
Process
Operation
Key
Name
Value
3648
rundll32.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3648
rundll32.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF
01000000000000002A45C82BF20AD501
3648
rundll32.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{4E77131D-3629-431C-9818-C5679DC83E81} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF
010000000000000084A7CA2BF20AD501
3648
rundll32.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{08244EE6-92F0-47F2-9FC9-929BAA2E7235} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF
0100000000000000DE09CD2BF20AD501
292
easytether.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
292
easytether.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
40000000000000001A7FDF21F20AD5015409000058090000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
400000000000000074E1E121F20AD5015409000058090000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
20
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
4000000000000000C2533522F20AD5015409000058090000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
40000000000000001CB63722F20AD50154090000FC000000E8030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000A4FBFF22F20AD50154090000FC000000E8030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
4000000000000000A81D7528F20AD5015409000058090000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
4000000000000000A81D7528F20AD5015409000058090000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
40000000000000001ECE8528F20AD5015409000058090000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
400000000000000048439B28F20AD501540900006C0D0000E9030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
400000000000000080DFB728F20AD501540900006C0D0000E9030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
400000000000000080DFB728F20AD501540900008C0E0000F9030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
400000000000000034A4BC28F20AD501540900008C0E0000F9030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
4000000000000000E868C128F20AD50154090000580900000A040000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
40000000000000002C22BE29F20AD50154090000580E00000A040000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
40000000000000002C22BE29F20AD5015409000058090000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
40000000000000002C22BE29F20AD5015409000058090000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
20
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
0000000000000000
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
BundleCachePath
C:\ProgramData\Package Cache\{11e8bc09-c842-4244-bf90-2bea82be07c5}\easytether-bundle.exe
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
BundleUpgradeCode
{169C6FDB-D7E9-423E-A687-DC736DE4DA6D}
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
BundleAddonCode
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
BundleDetectCode
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
BundlePatchCode
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
BundleVersion
1.3.4.0
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
VersionMajor
1
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
VersionMinor
3
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
BundleProviderKey
{11e8bc09-c842-4244-bf90-2bea82be07c5}
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
BundleTag
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
EngineVersion
3.11.1.2318
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
DisplayIcon
C:\ProgramData\Package Cache\{11e8bc09-c842-4244-bf90-2bea82be07c5}\easytether-bundle.exe,0
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
DisplayName
EasyTether
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
DisplayVersion
1.3.4
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
Publisher
Mobile Stream
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
HelpLink
http://www.mobile-stream.com/easytether/support
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
URLUpdateInfo
http://www.mobile-stream.com/easytether/drivers
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
NoModify
1
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
QuietUninstallString
"C:\ProgramData\Package Cache\{11e8bc09-c842-4244-bf90-2bea82be07c5}\easytether-bundle.exe" /uninstall /quiet
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
UninstallString
"C:\ProgramData\Package Cache\{11e8bc09-c842-4244-bf90-2bea82be07c5}\easytether-bundle.exe" /uninstall
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
EstimatedSize
8665
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{11e8bc09-c842-4244-bf90-2bea82be07c5}
{11e8bc09-c842-4244-bf90-2bea82be07c5}
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{11e8bc09-c842-4244-bf90-2bea82be07c5}
Version
1.3.4.0
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{11e8bc09-c842-4244-bf90-2bea82be07c5}
DisplayName
EasyTether
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
Resume
1
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
{11e8bc09-c842-4244-bf90-2bea82be07c5}
"C:\ProgramData\Package Cache\{11e8bc09-c842-4244-bf90-2bea82be07c5}\easytether-bundle.exe" /burn.runonce
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
BundleResumeCommandLine
/burn.log.append "C:\Users\admin\AppData\Local\Temp\EasyTether_20190515084455.log"
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
{89FB3DAB-CA56-4174-9137-9AF239D429A5}
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
Version
1.3.4
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
DisplayName
EasyTether
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
57
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
Version
1.3.4
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
DisplayName
EasyTether ADB USB driver
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
Resume
3
2388
easytether-bundle.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11e8bc09-c842-4244-bf90-2bea82be07c5}
Installed
1
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
400000000000000038044622F20AD501480A00006C050000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
400000000000000038044622F20AD501480A0000140B0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
400000000000000038044622F20AD501480A00002C0D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
400000000000000038044622F20AD501480A0000F8050000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
4000000000000000FAEF5122F20AD501480A00006C050000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
400000000000000054525422F20AD501480A0000F8050000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
4000000000000000AEB45622F20AD501480A0000140B0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
400000000000000008175922F20AD501480A00002C0D0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
4000000000000000EEE09828F20AD501480A00002C0D000001040000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
4000000000000000EEE09828F20AD501480A00002C0D000001040000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
4000000000000000566AA228F20AD501480A0000F8050000E9030000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
4000000000000000566AA228F20AD501480A00002C0D0000E9030000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
4000000000000000566AA228F20AD501480A0000140B0000E9030000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
40000000000000000A2FA728F20AD501480A0000140B0000E9030000000000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000000A2FA728F20AD501480A0000140B000001000000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
40000000000000000A2FA728F20AD501480A00002C0D0000E9030000000000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000000A2FA728F20AD501480A00002C0D000001000000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
40000000000000006491A928F20AD501480A0000F8050000E9030000000000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000006491A928F20AD501480A0000F805000001000000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
4000000000000000DA41BA28F20AD501480A0000140B0000F9030000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
4000000000000000DA41BA28F20AD501480A0000F8050000F9030000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
400000000000000034A4BC28F20AD501480A00002C0D0000F9030000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
400000000000000034A4BC28F20AD501480A0000140B0000F9030000000000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
400000000000000034A4BC28F20AD501480A0000F8050000F9030000000000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
400000000000000034A4BC28F20AD501480A00002C0D0000F9030000000000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
4000000000000000E868C128F20AD501480A0000940E000002040000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
40000000000000007C9E3829F20AD501480A0000940E000002040000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
4000000000000000D6003B29F20AD501480A0000940E0000EA030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
4000000000000000E4274229F20AD501480A0000440C0000EA030000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
4000000000000000E4274229F20AD501480A00008C090000EA030000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
4000000000000000E4274229F20AD501480A0000800C0000EA030000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
400000000000000068FF5929F20AD501480A0000800C0000EA030000000000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
400000000000000068FF5929F20AD501480A0000800C000002000000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
4000000000000000C2615C29F20AD501480A00008C090000EA030000000000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000C2615C29F20AD501480A00008C09000002000000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
4000000000000000C2615C29F20AD501480A0000440C0000EA030000000000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000C2615C29F20AD501480A0000440C000002000000010000000100000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
400000000000000062878229F20AD501480A0000940E0000EA030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
400000000000000062878229F20AD501480A0000940E0000EB030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
400000000000000062878229F20AD501480A0000940E0000EC030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
4000000000000000BCE98429F20AD501480A0000740C0000EB030000010000000200000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
4000000000000000BCE98429F20AD501480A0000740C0000EB030000000000000200000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000BCE98429F20AD501480A0000740C000003000000010000000200000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000BCE98429F20AD501480A0000A40C0000FC030000010000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
4000000000000000164C8729F20AD501480A0000940E0000EC030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
4000000000000000164C8729F20AD501480A0000940E0000ED030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
400000000000000070AE8929F20AD501480A0000940E0000ED030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
400000000000000070AE8929F20AD501480A0000940E0000EE030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
400000000000000024738E29F20AD501480A0000440C0000EB030000010000000200000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
400000000000000024738E29F20AD501480A0000440C0000EB030000000000000200000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
400000000000000024738E29F20AD501480A0000440C000003000000010000000200000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
400000000000000024738E29F20AD501480A000054020000FC030000010000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
4000000000000000329A9529F20AD501480A0000940E0000EE030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
4000000000000000329A9529F20AD501480A0000940E0000F0030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
4000000000000000329A9529F20AD501480A0000940E0000F0030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
4000000000000000329A9529F20AD501480A0000940E0000EF030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
4000000000000000E65E9A29F20AD501480A0000800C0000EB030000010000000200000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
4000000000000000A84AA629F20AD501480A0000800C0000EB030000000000000200000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000A84AA629F20AD501480A0000800C000003000000010000000200000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000A84AA629F20AD501480A000034050000FC030000010000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
4000000000000000A84AA629F20AD501480A0000940E0000EF030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
4000000000000000A84AA629F20AD501480A0000940E0000EB030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
4000000000000000A84AA629F20AD501480A0000940E000003040000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
4000000000000000A84AA629F20AD501480A0000940E000003040000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
4000000000000000A84AA629F20AD501480A0000940E0000FD030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
4000000000000000A84AA629F20AD501480A000034070000FD030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
4000000000000000B671AD29F20AD501480A000034070000FD030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
4000000000000000B671AD29F20AD501480A0000940E0000FD030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000B671AD29F20AD501480A000034070000FE030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000001EFBB629F20AD501480A000034070000FE030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
40000000000000001EFBB629F20AD501480A000034070000FF030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
40000000000000001EFBB629F20AD501480A000034070000FF030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000B671AD29F20AD501480A0000940E0000FE030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000001EFBB629F20AD501480A0000940E0000FE030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
40000000000000001EFBB629F20AD501480A0000940E0000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
40000000000000001EFBB629F20AD501480A0000940E0000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
40000000000000001EFBB629F20AD501480A0000E803000004040000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
40000000000000001EFBB629F20AD501480A0000E803000004040000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
40000000000000001EFBB629F20AD501480A0000940E000005040000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
4000000000000000D2BFBB29F20AD501480A0000940E000005040000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
40000000000000002C22BE29F20AD501480A0000940E0000F4030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
40000000000000002C22BE29F20AD501480A0000940E0000F4030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
40000000000000002C22BE29F20AD501480A0000940E0000F2030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
40000000000000003A49C529F20AD501480A0000440C0000F2030000010000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
40000000000000003A49C529F20AD501480A0000F00C0000F2030000010000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000003A49C529F20AD501480A000054020000FC030000000000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000003A49C529F20AD501480A000034050000FC030000000000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
40000000000000003A49C529F20AD501480A00008C090000F2030000010000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
40000000000000003A49C529F20AD501480A0000440C0000F2030000000000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000003A49C529F20AD501480A0000A40C0000FC030000000000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
40000000000000003A49C529F20AD501480A0000F00C0000F2030000000000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000003A49C529F20AD501480A0000440C000004000000010000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
40000000000000003A49C529F20AD501480A00008C090000F2030000000000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000003A49C529F20AD501480A0000F00C000004000000010000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000003A49C529F20AD501480A00008C09000004000000010000000300000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
40000000000000003A49C529F20AD501480A0000940E0000F2030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
40000000000000003A49C529F20AD501480A0000940E000006040000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
4000000000000000F6BCF929F20AD501480A0000940E000006040000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
4000000000000000F6BCF929F20AD501480A0000940E0000F5030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
40000000000000002E59162AF20AD501480A00002C0E0000F5030000010000000400000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
40000000000000002E59162AF20AD501480A0000740C0000F5030000010000000400000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
40000000000000002E59162AF20AD501480A00008C090000F5030000010000000400000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
400000000000000088BB182AF20AD501480A0000740C0000F5030000000000000400000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
400000000000000088BB182AF20AD501480A00002C0E0000F5030000000000000400000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
400000000000000088BB182AF20AD501480A0000740C000005000000010000000400000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
400000000000000088BB182AF20AD501480A00002C0E000005000000010000000400000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
400000000000000024A0BF2AF20AD501480A00008C090000F5030000000000000400000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
400000000000000024A0BF2AF20AD501480A00008C09000005000000010000000400000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
400000000000000024A0BF2AF20AD501480A0000940E0000F5030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
400000000000000024A0BF2AF20AD501480A0000940E000007040000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
400000000000000002DAD92AF20AD501480A0000940E000007040000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
40000000000000006A63E32AF20AD501480A0000940E0000FB030000010000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
4000000000000000C4C5E52AF20AD501480A0000800C0000FB030000010000000500000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
4000000000000000C4C5E52AF20AD501480A0000800C0000FB030000000000000500000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
4000000000000000C4C5E52AF20AD501480A0000440C0000FB030000010000000500000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
4000000000000000C4C5E52AF20AD501480A0000440C0000FB030000000000000500000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
4000000000000000C4C5E52AF20AD501480A00008C090000FB030000010000000500000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
4000000000000000C4C5E52AF20AD501480A00008C090000FB030000000000000500000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
40000000000000001E28E82AF20AD501480A0000940E0000FB030000000000000000000000000000167FB2882604CA40A448639347B4A4200000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
4000000000000000BC510E33F20AD501480A00008C0E0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
4000000000000000BC510E33F20AD501480A0000F8050000E8030000010000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
4000000000000000BC510E33F20AD501480A0000140B0000E8030000010000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
4000000000000000BC510E33F20AD501480A00002C0D0000E8030000010000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
400000000000000070161333F20AD501480A0000F8050000E8030000000000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
400000000000000070161333F20AD501480A0000140B0000E8030000000000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
400000000000000024DB1733F20AD501480A00008C0E0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
4000000000000000D89F1C33F20AD501480A00002C0D0000E8030000000000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
400000000000000050687B39F20AD501480A00002C0D000001040000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
400000000000000050687B39F20AD501480A00002C0D000001040000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
4000000000000000B8F18439F20AD501480A00008C0E0000E9030000010000000500000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
4000000000000000B8F18439F20AD501480A0000F8050000E9030000010000000500000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
4000000000000000B8F18439F20AD501480A0000140B0000E9030000010000000500000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
40000000000000006CB68939F20AD501480A00008C0E0000E9030000000000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000006CB68939F20AD501480A00008C0E000001000000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
40000000000000006CB68939F20AD501480A0000140B0000E9030000000000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000006CB68939F20AD501480A0000140B000001000000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
40000000000000006CB68939F20AD501480A0000F8050000E9030000000000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000006CB68939F20AD501480A0000F805000001000000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
4000000000000000A452A639F20AD501480A0000F8050000F9030000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
4000000000000000A452A639F20AD501480A0000140B0000F9030000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
4000000000000000A452A639F20AD501480A00008C0E0000F9030000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
4000000000000000FEB4A839F20AD501480A00008C0E0000F9030000000000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
4000000000000000FEB4A839F20AD501480A0000140B0000F9030000000000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
4000000000000000FEB4A839F20AD501480A0000F8050000F9030000000000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
4000000000000000B279AD39F20AD501480A00008009000002040000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
4000000000000000AE382E3AF20AD501480A00008009000002040000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
4000000000000000AE382E3AF20AD501480A000080090000EA030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
400000000000000070243A3AF20AD501480A0000440C0000EA030000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
400000000000000070243A3AF20AD501480A00002C0E0000EA030000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
400000000000000070243A3AF20AD501480A0000800C0000EA030000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
4000000000000000E6D44A3AF20AD501480A0000800C0000EA030000000000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000E6D44A3AF20AD501480A0000800C000002000000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
400000000000000040374D3AF20AD501480A00002C0E0000EA030000000000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
400000000000000040374D3AF20AD501480A00002C0E000002000000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
40000000000000009A994F3AF20AD501480A0000440C0000EA030000000000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000009A994F3AF20AD501480A0000440C000002000000010000000100000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
4000000000000000EE837A3AF20AD501480A000080090000EA030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
4000000000000000EE837A3AF20AD501480A000080090000EB030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
4000000000000000EE837A3AF20AD501480A000080090000EC030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
400000000000000048E67C3AF20AD501480A0000F00C0000EB030000010000000200000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
400000000000000048E67C3AF20AD501480A0000F00C0000EB030000000000000200000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
400000000000000048E67C3AF20AD501480A0000F00C000003000000010000000200000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
400000000000000048E67C3AF20AD501480A0000240E0000FC030000010000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
4000000000000000A2487F3AF20AD501480A000080090000EC030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
4000000000000000A2487F3AF20AD501480A000080090000ED030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
4000000000000000560D843AF20AD501480A000080090000ED030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
4000000000000000560D843AF20AD501480A000080090000EE030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
4000000000000000B06F863AF20AD501480A0000F00C0000EB030000010000000200000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
4000000000000000B06F863AF20AD501480A0000F00C0000EB030000000000000200000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000B06F863AF20AD501480A0000F00C000003000000010000000200000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000B06F863AF20AD501480A000008080000FC030000010000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
400000000000000064348B3AF20AD501480A000080090000EE030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
400000000000000064348B3AF20AD501480A000080090000F0030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
400000000000000064348B3AF20AD501480A000080090000F0030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
400000000000000064348B3AF20AD501480A000080090000EF030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
4000000000000000BE968D3AF20AD501480A00002C0E0000EB030000010000000200000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
4000000000000000CCBD943AF20AD501480A00002C0E0000EB030000000000000200000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000CCBD943AF20AD501480A00002C0E000003000000010000000200000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000CCBD943AF20AD501480A0000700E0000FC030000010000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
4000000000000000CCBD943AF20AD501480A000080090000EF030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
4000000000000000CCBD943AF20AD501480A000080090000EB030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
4000000000000000CCBD943AF20AD501480A00008009000003040000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
4000000000000000CCBD943AF20AD501480A00008009000003040000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
4000000000000000CCBD943AF20AD501480A000080090000FD030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
4000000000000000CCBD943AF20AD501480A0000580D0000FD030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
400000000000000034479E3AF20AD501480A0000580D0000FD030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
400000000000000034479E3AF20AD501480A000080090000FD030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
400000000000000034479E3AF20AD501480A0000580D0000FE030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000009CD0A73AF20AD501480A0000580D0000FE030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
40000000000000009CD0A73AF20AD501480A0000580D0000FF030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
40000000000000009CD0A73AF20AD501480A0000580D0000FF030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
400000000000000034479E3AF20AD501480A000080090000FE030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000009CD0A73AF20AD501480A000080090000FE030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
40000000000000009CD0A73AF20AD501480A000080090000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
40000000000000009CD0A73AF20AD501480A000080090000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
40000000000000009CD0A73AF20AD501480A0000D00E000004040000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
40000000000000009CD0A73AF20AD501480A0000D00E000004040000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
40000000000000009CD0A73AF20AD501480A00008009000005040000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
4000000000000000F632AA3AF20AD501480A00008009000005040000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
4000000000000000F632AA3AF20AD501480A000080090000F4030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
4000000000000000F632AA3AF20AD501480A000080090000F4030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
4000000000000000F632AA3AF20AD501480A000080090000F2030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
40000000000000006CE3BA3AF20AD501480A0000740C0000F2030000010000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000006CE3BA3AF20AD501480A0000700E0000FC030000000000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
40000000000000006CE3BA3AF20AD501480A0000740C0000F2030000000000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000006CE3BA3AF20AD501480A0000740C000004000000010000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
40000000000000006CE3BA3AF20AD501480A0000440C0000F2030000010000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000006CE3BA3AF20AD501480A000008080000FC030000000000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
40000000000000006CE3BA3AF20AD501480A0000440C0000F2030000000000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
40000000000000006CE3BA3AF20AD501480A0000F00C0000F2030000010000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000006CE3BA3AF20AD501480A0000440C000004000000010000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000006CE3BA3AF20AD501480A0000240E0000FC030000000000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
40000000000000006CE3BA3AF20AD501480A0000F00C0000F2030000000000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000006CE3BA3AF20AD501480A0000F00C000004000000010000000300000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
40000000000000006CE3BA3AF20AD501480A000080090000F2030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
40000000000000006CE3BA3AF20AD501480A00008009000006040000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
40000000000000002857EF3AF20AD501480A00008009000006040000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
40000000000000002857EF3AF20AD501480A000080090000F5030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
4000000000000000F869023BF20AD501480A0000740C0000F5030000010000000400000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
4000000000000000F869023BF20AD501480A00002C0E0000F5030000010000000400000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
400000000000000052CC043BF20AD501480A00002C0E0000F5030000000000000400000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
400000000000000052CC043BF20AD501480A0000800C0000F5030000010000000400000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
400000000000000052CC043BF20AD501480A00002C0E000005000000010000000400000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
400000000000000052CC043BF20AD501480A0000740C0000F5030000000000000400000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
400000000000000052CC043BF20AD501480A0000740C000005000000010000000400000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
4000000000000000A275B03BF20AD501480A0000800C0000F5030000000000000400000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000A275B03BF20AD501480A0000800C000005000000010000000400000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
4000000000000000A275B03BF20AD501480A000080090000F5030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
4000000000000000A275B03BF20AD501480A00008009000007040000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
400000000000000080AFCA3BF20AD501480A00008009000007040000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
4000000000000000DA11CD3BF20AD501480A000080090000FB030000010000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
40000000000000008ED6D13BF20AD501480A0000F00C0000FB030000010000000500000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
40000000000000008ED6D13BF20AD501480A0000800C0000FB030000010000000500000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
40000000000000008ED6D13BF20AD501480A0000F00C0000FB030000000000000500000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
40000000000000008ED6D13BF20AD501480A00008C090000FB030000010000000500000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
40000000000000008ED6D13BF20AD501480A0000800C0000FB030000000000000500000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
40000000000000008ED6D13BF20AD501480A00008C090000FB030000000000000500000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
40000000000000008ED6D13BF20AD501480A000080090000FB030000000000000000000000000000078F1558F677FB49845493B046AB24350000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
40000000000000001A57A164F20AD501480A00008C0E0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
40000000000000001A57A164F20AD501480A0000F8050000E8030000010000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
40000000000000001A57A164F20AD501480A0000880F0000E8030000010000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
40000000000000001A57A164F20AD501480A000078080000E8030000010000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
400000000000000082E0AA64F20AD501480A0000F8050000E8030000000000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
400000000000000082E0AA64F20AD501480A0000880F0000E8030000000000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
4000000000000000DC42AD64F20AD501480A00008C0E0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
400000000000000036A5AF64F20AD501480A000078080000E8030000000000000500000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
400000000000000084F8F86AF20AD501480A0000780800000104000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
400000000000000084F8F86AF20AD501480A0000780800000104000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
4000000000000000A046076BF20AD501480A00008C0E0000E903000001000000050000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
4000000000000000A046076BF20AD501480A000078080000E903000001000000050000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
4000000000000000A046076BF20AD501480A0000880F0000E903000001000000050000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
4000000000000000FAA8096BF20AD501480A0000880F0000E903000000000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000FAA8096BF20AD501480A0000880F00000100000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
4000000000000000FAA8096BF20AD501480A000078080000E903000000000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000540B0C6BF20AD501480A0000780800000100000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
4000000000000000540B0C6BF20AD501480A00008C0E0000E903000000000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000540B0C6BF20AD501480A00008C0E00000100000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
4000000000000000241E1F6BF20AD501480A0000880F0000F903000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
4000000000000000241E1F6BF20AD501480A00008C0E0000F903000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
4000000000000000241E1F6BF20AD501480A000078080000F903000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
40000000000000007E80216BF20AD501480A00008C0E0000F903000000000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
40000000000000007E80216BF20AD501480A000078080000F903000000000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
40000000000000007E80216BF20AD501480A0000880F0000F903000000000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
40000000000000003245266BF20AD501480A0000A40700000204000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
4000000000000000C67A9D6BF20AD501480A0000A40700000204000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
4000000000000000C67A9D6BF20AD501480A0000A4070000EA03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
4000000000000000D4A1A46BF20AD501480A0000740C0000EA03000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
4000000000000000D4A1A46BF20AD501480A0000800C0000EA03000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
4000000000000000D4A1A46BF20AD501480A00008C090000EA03000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
4000000000000000A4B4B76BF20AD501480A00008C090000EA03000000000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000A4B4B76BF20AD501480A00008C0900000200000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
4000000000000000FE16BA6BF20AD501480A0000740C0000EA03000000000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000FE16BA6BF20AD501480A0000740C00000200000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
4000000000000000FE16BA6BF20AD501480A0000800C0000EA03000000000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000FE16BA6BF20AD501480A0000800C00000200000001000000010000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
40000000000000006028EC6BF20AD501480A0000A4070000EA03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
40000000000000006028EC6BF20AD501480A0000A4070000EB03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
40000000000000006028EC6BF20AD501480A0000A4070000EC03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
400000000000000014EDF06BF20AD501480A0000440C0000EB03000001000000020000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
400000000000000014EDF06BF20AD501480A0000440C0000EB03000000000000020000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
400000000000000014EDF06BF20AD501480A0000440C00000300000001000000020000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
400000000000000014EDF06BF20AD501480A0000940B0000FC03000001000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
40000000000000006E4FF36BF20AD501480A0000A4070000EC03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
40000000000000006E4FF36BF20AD501480A0000A4070000ED03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
4000000000000000C8B1F56BF20AD501480A0000A4070000ED03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
4000000000000000C8B1F56BF20AD501480A0000A4070000EE03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
40000000000000007C76FA6BF20AD501480A00002C0E0000EB03000001000000020000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
40000000000000007C76FA6BF20AD501480A00002C0E0000EB03000000000000020000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000007C76FA6BF20AD501480A00002C0E00000300000001000000020000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000007C76FA6BF20AD501480A000050090000FC03000001000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
4000000000000000D6D8FC6BF20AD501480A0000A4070000EE03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
4000000000000000D6D8FC6BF20AD501480A0000A4070000F003000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
4000000000000000D6D8FC6BF20AD501480A0000A4070000F003000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
4000000000000000D6D8FC6BF20AD501480A0000A4070000EF03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
4000000000000000303BFF6BF20AD501480A00002C0E0000EB03000001000000020000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
4000000000000000F2260B6CF20AD501480A00002C0E0000EB03000000000000020000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000F2260B6CF20AD501480A00002C0E00000300000001000000020000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000F2260B6CF20AD501480A0000100A0000FC03000001000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
4000000000000000F2260B6CF20AD501480A0000A4070000EF03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
4000000000000000F2260B6CF20AD501480A0000A4070000EB03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
4000000000000000F2260B6CF20AD501480A0000A40700000304000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
4000000000000000F2260B6CF20AD501480A0000A40700000304000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
4000000000000000F2260B6CF20AD501480A0000A4070000FD03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
4000000000000000F2260B6CF20AD501480A0000F4070000FD03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
40000000000000005AB0146CF20AD501480A0000F4070000FD03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
40000000000000005AB0146CF20AD501480A0000A4070000FD03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
40000000000000005AB0146CF20AD501480A0000F4070000FE03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000000E75196CF20AD501480A0000F4070000FE03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
40000000000000000E75196CF20AD501480A0000F4070000FF03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
40000000000000000E75196CF20AD501480A0000F4070000FF03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
40000000000000005AB0146CF20AD501480A0000A4070000FE03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000000E75196CF20AD501480A0000A4070000FE03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
40000000000000000E75196CF20AD501480A0000A4070000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
40000000000000000E75196CF20AD501480A0000A4070000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
40000000000000000E75196CF20AD501480A0000880700000404000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
40000000000000000E75196CF20AD501480A0000880700000404000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
40000000000000000E75196CF20AD501480A0000A40700000504000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
400000000000000068D71B6CF20AD501480A0000A40700000504000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
400000000000000068D71B6CF20AD501480A0000A4070000F403000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
400000000000000068D71B6CF20AD501480A0000A4070000F403000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
400000000000000068D71B6CF20AD501480A0000A4070000F203000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
4000000000000000ECAE336CF20AD501480A0000440C0000F203000001000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
4000000000000000ECAE336CF20AD501480A0000800C0000F203000001000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000ECAE336CF20AD501480A0000100A0000FC03000000000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000ECAE336CF20AD501480A0000940B0000FC03000000000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
4000000000000000ECAE336CF20AD501480A0000440C0000F203000000000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
4000000000000000ECAE336CF20AD501480A0000800C0000F203000000000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000ECAE336CF20AD501480A0000440C00000400000001000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000ECAE336CF20AD501480A0000800C00000400000001000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
4000000000000000ECAE336CF20AD501480A00008C090000F203000001000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000ECAE336CF20AD501480A000050090000FC03000000000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
4000000000000000ECAE336CF20AD501480A00008C090000F203000000000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000ECAE336CF20AD501480A00008C0900000400000001000000030000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
40000000000000004611366CF20AD501480A0000A4070000F203000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
40000000000000004611366CF20AD501480A0000A40700000604000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
40000000000000004EC0656CF20AD501480A0000A40700000604000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
4000000000000000A822686CF20AD501480A0000A4070000F503000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
4000000000000000E0BE846CF20AD501480A0000740C0000F503000001000000040000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
4000000000000000E0BE846CF20AD501480A0000F00C0000F503000001000000040000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
4000000000000000E0BE846CF20AD501480A00008C090000F503000001000000040000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
40000000000000003A21876CF20AD501480A0000F00C0000F503000000000000040000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000003A21876CF20AD501480A0000F00C00000500000001000000040000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
40000000000000003A21876CF20AD501480A0000740C0000F503000000000000040000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
40000000000000003A21876CF20AD501480A0000740C00000500000001000000040000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
4000000000000000D6052E6DF20AD501480A00008C090000F503000000000000040000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000D6052E6DF20AD501480A00008C0900000500000001000000040000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
4000000000000000D6052E6DF20AD501480A0000A4070000F503000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
4000000000000000D6052E6DF20AD501480A0000A40700000704000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
4000000000000000A618416DF20AD501480A0000A40700000704000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
40000000000000000EA24A6DF20AD501480A0000A4070000FB03000001000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
4000000000000000C2664F6DF20AD501480A00002C0E0000FB03000001000000050000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
4000000000000000C2664F6DF20AD501480A00008C090000FB03000001000000050000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
4000000000000000C2664F6DF20AD501480A0000440C0000FB03000001000000050000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
4000000000000000C2664F6DF20AD501480A00002C0E0000FB03000000000000050000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
4000000000000000C2664F6DF20AD501480A00008C090000FB03000000000000050000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
4000000000000000C2664F6DF20AD501480A0000440C0000FB03000000000000050000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2632
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
4000000000000000C2664F6DF20AD501480A0000A4070000FB03000000000000000000000000000058FB63DECA970C44B41ABA1AC76F19900000000000000000
2524
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2524
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2428
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2428
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
7C090000B8A8052AF20AD501
2428
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
CA38C7FBEB9978C049E1D7EA16093E36D82292E361246A139CD5B4F3A86B8D1A
2428
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\13c6ff.ipi
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\13c700.rbs
30739194
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\13c700.rbsLow
2360580576
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B25DDE4786BD11E4B99CA0708680CC3B
BAD3BF9865AC47141973A92F934D925A
02:\Software\Mobile Stream\EasyTether\Path
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA6B747CD2E6CCB46BC45550793623B0
BAD3BF9865AC47141973A92F934D925A
01:\Software\Mobile Stream\EasyTether\ShowHints
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B386D4A653837A9458E0FF18ABE151DA
BAD3BF9865AC47141973A92F934D925A
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92724662263DF5943BDF2ABC8D9E5C7A
BAD3BF9865AC47141973A92F934D925A
C:\Program Files\Mobile Stream\EasyTether\ndis51\easytthr.inf
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0EE109AFB29D01D4DA78F5EDF213773B
BAD3BF9865AC47141973A92F934D925A
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Mobile Stream\EasyTether\ndis51\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Mobile Stream\EasyTether\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Mobile Stream\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{89FB3DAB-CA56-4174-9137-9AF239D429A5}\
2428
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Mobile Stream\EasyTether
ShowHints
1
2428
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Run
EasyTether
"C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Mobile Stream\EasyTether
Path
C:\Program Files\Mobile Stream\EasyTether\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
LocalPackage
C:\Windows\Installer\13c701.msi
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
AuthorizedCDFPrefix
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
Comments
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
Contact
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
DisplayVersion
1.3.4
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
HelpLink
http://www.mobile-stream.com/easytether/support
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
HelpTelephone
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
InstallDate
20190515
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
InstallLocation
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
InstallSource
C:\ProgramData\Package Cache\{89FB3DAB-CA56-4174-9137-9AF239D429A5}v1.3.4\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
ModifyPath
MsiExec.exe /X{89FB3DAB-CA56-4174-9137-9AF239D429A5}
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
NoModify
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
Publisher
Mobile Stream
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
Readme
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
Size
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
EstimatedSize
84
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
SystemComponent
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
UninstallString
MsiExec.exe /X{89FB3DAB-CA56-4174-9137-9AF239D429A5}
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
URLInfoAbout
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
URLUpdateInfo
http://www.mobile-stream.com/easytether/drivers
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
VersionMajor
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
VersionMinor
3
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
WindowsInstaller
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
Version
16973828
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
Language
1033
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
AuthorizedCDFPrefix
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
Comments
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
Contact
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
DisplayVersion
1.3.4
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
HelpLink
http://www.mobile-stream.com/easytether/support
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
HelpTelephone
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
InstallDate
20190515
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
InstallLocation
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
InstallSource
C:\ProgramData\Package Cache\{89FB3DAB-CA56-4174-9137-9AF239D429A5}v1.3.4\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
ModifyPath
MsiExec.exe /X{89FB3DAB-CA56-4174-9137-9AF239D429A5}
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
NoModify
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
Publisher
Mobile Stream
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
Readme
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
Size
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
EstimatedSize
84
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
SystemComponent
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
UninstallString
MsiExec.exe /X{89FB3DAB-CA56-4174-9137-9AF239D429A5}
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
URLInfoAbout
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
URLUpdateInfo
http://www.mobile-stream.com/easytether/drivers
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
VersionMajor
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
VersionMinor
3
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
WindowsInstaller
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
Version
16973828
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
Language
1033
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\66E465F5FBDB06F47BA2C946D3420757
BAD3BF9865AC47141973A92F934D925A
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\InstallProperties
DisplayName
EasyTether
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89FB3DAB-CA56-4174-9137-9AF239D429A5}
DisplayName
EasyTether
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\BAD3BF9865AC47141973A92F934D925A
Core
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\Features
Core
2]GYMw8k*AIZH=%odqkbGZ,'i,@[email protected]+=de$a7tZ&)H(2J,V-b?97FkQovK^`XQmD0]yRY?H{-NjXwGw^^[email protected](~Op_.mbb
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAD3BF9865AC47141973A92F934D925A\Patches
AllPatches
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
ProductName
EasyTether
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
PackageCode
D48965F33792FD04F979BB2B616C34B3
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
Language
1033
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
Version
16973828
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
Assignment
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
AdvertiseFlags
388
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
ProductIcon
C:\Windows\Installer\{89FB3DAB-CA56-4174-9137-9AF239D429A5}\easytether.ico
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
InstanceType
0
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
AuthorizedLUAApp
0
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
DeploymentFlags
3
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\66E465F5FBDB06F47BA2C946D3420757
BAD3BF9865AC47141973A92F934D925A
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A\SourceList
PackageName
easytether-core-x86.msi
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A\SourceList\Net
1
C:\ProgramData\Package Cache\{89FB3DAB-CA56-4174-9137-9AF239D429A5}v1.3.4\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A\SourceList\Media
1
;
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A
Clients
:
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BAD3BF9865AC47141973A92F934D925A\SourceList
LastUsedSource
n;1;C:\ProgramData\Package Cache\{89FB3DAB-CA56-4174-9137-9AF239D429A5}v1.3.4\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
99
2428
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
2428
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62
2428
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
2428
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
2428
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
2428
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
2428
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
2272518A4FEB09D3DA00A2780F40166BD4F9154678FEBAB92D1F035F0DA607C6
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\13c704.ipi
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\13c705.rbs
30739194
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\13c705.rbsLow
2798860576
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC906BB0DA122804EA3625A6AC6A50CD
7C1924AFA60454B4B8ED84C37DFBC591
C:\Program Files\Mobile Stream\EasyTether\adb\adb.inf
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEF6F8C1828CA9147A7119F465420CA3
7C1924AFA60454B4B8ED84C37DFBC591
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Mobile Stream\EasyTether\adb\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
LocalPackage
C:\Windows\Installer\13c706.msi
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
AuthorizedCDFPrefix
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
Comments
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
Contact
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
DisplayVersion
1.3.4
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
HelpLink
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
HelpTelephone
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
InstallDate
20190515
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
InstallLocation
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
InstallSource
C:\ProgramData\Package Cache\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}v1.3.4\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
ModifyPath
MsiExec.exe /X{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
NoModify
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
Publisher
Mobile Stream
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
Readme
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
Size
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
EstimatedSize
2244
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
UninstallString
MsiExec.exe /X{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
URLInfoAbout
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
URLUpdateInfo
http://www.mobile-stream.com/easytether/drivers
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
VersionMajor
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
VersionMinor
3
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
WindowsInstaller
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
Version
16973828
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
Language
1033
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
AuthorizedCDFPrefix
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
Comments
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
Contact
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
DisplayVersion
1.3.4
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
HelpLink
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
HelpTelephone
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
InstallDate
20190515
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
InstallLocation
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
InstallSource
C:\ProgramData\Package Cache\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}v1.3.4\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
ModifyPath
MsiExec.exe /X{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
NoModify
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
Publisher
Mobile Stream
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
Readme
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
Size
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
EstimatedSize
2244
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
UninstallString
MsiExec.exe /X{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
URLInfoAbout
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
URLUpdateInfo
http://www.mobile-stream.com/easytether/drivers
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
VersionMajor
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
VersionMinor
3
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
WindowsInstaller
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
Version
16973828
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
Language
1033
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\8E406DF5517C62B4DB807BB407B9A0AF
7C1924AFA60454B4B8ED84C37DFBC591
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\InstallProperties
DisplayName
EasyTether ADB USB driver
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}
DisplayName
EasyTether ADB USB driver
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\7C1924AFA60454B4B8ED84C37DFBC591
AndroidDriver
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\Features
AndroidDriver
lHxi&e2Ag8LXZ2J}Yieo)'83,Js8*9sObXAH$!t6
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C1924AFA60454B4B8ED84C37DFBC591\Patches
AllPatches
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
ProductName
EasyTether ADB USB driver
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
PackageCode
8BB23C688F04049419A3742E7BD380AA
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
Language
1033
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
Version
16973828
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
Assignment
1
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
AdvertiseFlags
388
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
ProductIcon
C:\Windows\Installer\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}\easytether.ico
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
InstanceType
0
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
AuthorizedLUAApp
0
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
DeploymentFlags
3
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\8E406DF5517C62B4DB807BB407B9A0AF
7C1924AFA60454B4B8ED84C37DFBC591
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591\SourceList
PackageName
easytether-adb-x86.msi
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591\SourceList\Net
1
C:\ProgramData\Package Cache\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}v1.3.4\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591\SourceList\Media
1
;
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591
Clients
:
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C1924AFA60454B4B8ED84C37DFBC591\SourceList
LastUsedSource
n;1;C:\ProgramData\Package Cache\{FA4291C7-406A-4B45-8BDE-483CD7BF5C19}v1.3.4\
2428
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
100
2428
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\63\52C64B7E
2428
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\63
2856
MsiExec.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DIFxApp\Components\{26642729-D362-495F-B3FD-A2CBD8E9C5A7}
3808
MsiExec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\DIFxApp\Components\{26642729-D362-495F-B3FD-A2CBD8E9C5A7}
CleanupNeeded
1
3808
MsiExec.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\easytthr_77932899B7A0A3A1A551BD93D66DAE7B655D4D4D
creation
AAAE2F2BF20AD501
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.app.log
4096
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\easytthr_77932899B7A0A3A1A551BD93D66DAE7B655D4D4D
type
7
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\easytthr_77932899B7A0A3A1A551BD93D66DAE7B655D4D4D
INF
easytthr.inf
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\easytthr_77932899B7A0A3A1A551BD93D66DAE7B655D4D4D
ProductName
EasyTether
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\easytthr_77932899B7A0A3A1A551BD93D66DAE7B655D4D4D
ManufacturerName
Mobile Stream
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\easytthr_77932899B7A0A3A1A551BD93D66DAE7B655D4D4D
DisplayName
EasyTether
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\easytthr_77932899B7A0A3A1A551BD93D66DAE7B655D4D4D
DependentInstaller
{26642729-D362-495F-B3FD-A2CBD8E9C5A7}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\easytthr_77932899B7A0A3A1A551BD93D66DAE7B655D4D4D
DependentInstallerName
EasyTether
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\NetCfgLockHolder
DIFxLib
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\NDISTempKey\Ndi
Service
easytether
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\NDISTempKey\Ndi
HelpText
EasyTether Network Adapter
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\NDISTempKey\Ndi\Interfaces
LowerRange
ethernet
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\NDISTempKey\Ndi\Interfaces
UpperRange
ndis5_ip
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\NDISTempKey\Ndi\Interfaces
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\NDISTempKey\Ndi
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\NDISTempKey
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
NewDeviceInstall
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
NetCfgInstanceId
{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
*IfType
6
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
Characteristics
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
*MediaType
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
*PhysicalMediaType
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{6233CD27-676C-4069-BBBE-393DC4D44652}\Connection
DefaultNameResourceId
1803
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{6233CD27-676C-4069-BBBE-393DC4D44652}\Connection
DefaultNameIndex
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{6233CD27-676C-4069-BBBE-393DC4D44652}\Connection
Name
Local Area Connection
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
NetLuidIndex
9
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
DeviceInstanceID
ROOT\*EASYTETHER\0000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
InstallTimeStamp
E307050003000F0007002D003A009100
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\Ndi
Service
easytether
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\Ndi
HelpText
EasyTether Network Adapter
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\Ndi\Interfaces
LowerRange
ethernet
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\Ndi\Interfaces
UpperRange
ndis5_ip
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
ComponentId
*easytether
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions
EasyTether Network Adapter
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\*EASYTETHER\0000\Device Parameters
InstanceIndex
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList
NDIS
170000000100000002000000030000000400000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F0000001000000011000000120000001300000014000000150000001600000017000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\easytether
TextModeFlags
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\easytether
EventMessageFile
%SystemRoot%\System32\netevent.dll
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\easytether
TypesSupported
7
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\RefNames
Mobile StreamEasyTether
EasyTether
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011
InstallTimeStamp
E307050003000F0007002D003A009B01
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Linkage
Bind
\Device\Smb_Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Linkage
Route
"Smb" "Tcpip" "{6233CD27-676C-4069-BBBE-393DC4D44652}"
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Linkage
Export
\Device\LanmanServer_Smb_Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS\Linkage
LanaMap
0103010001010102
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS\Parameters
MaxLana
3
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS\Linkage
Bind
\Device\NetBT_Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS\Linkage
Route
"NetBT" "Tcpip" "{6233CD27-676C-4069-BBBE-393DC4D44652}"
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS\Linkage
Export
\Device\NetBIOS_NetBT_Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage
Bind
\Device\Smb_Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage
Route
"Smb" "Tcpip" "{6233CD27-676C-4069-BBBE-393DC4D44652}"
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage
Export
\Device\LanmanWorkstation_Smb_Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Linkage
Bind
\Device\{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Linkage
Route
"{6233CD27-676C-4069-BBBE-393DC4D44652}"
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Linkage
Export
\Device\Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb\Linkage
Bind
\Device\Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb\Linkage
Route
"Tcpip" "{6233CD27-676C-4069-BBBE-393DC4D44652}"
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb\Linkage
Export
\Device\Smb_Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage
Bind
\Device\Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage
Route
"Tcpip" "{6233CD27-676C-4069-BBBE-393DC4D44652}"
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage
Export
\Device\NetBT_Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\Linkage
RootDevice
{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\Linkage
UpperBind
Tcpip
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\Linkage
Export
\Device\{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters
SearchList
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters
UseDomainNameDevolution
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters
IPEnableRouter
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters
EnableICMPRedirect
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters
DeadGWDetectDefault
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters
DontAddDefaultGatewayDefault
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Adapters\{6233CD27-676C-4069-BBBE-393DC4D44652}
LLInterface
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Adapters\{6233CD27-676C-4069-BBBE-393DC4D44652}
IpConfig
Tcpip\Parameters\Interfaces\{6233CD27-676C-4069-BBBE-393DC4D44652}
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4040CF00-1B3E-486A-B407-FA14C56B6FC0}
EnableDHCP
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4040CF00-1B3E-486A-B407-FA14C56B6FC0}
NameServer
192.168.100.2
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4040CF00-1B3E-486A-B407-FA14C56B6FC0}
Domain
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4040CF00-1B3E-486A-B407-FA14C56B6FC0}
RegistrationEnabled
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4040CF00-1B3E-486A-B407-FA14C56B6FC0}
RegisterAdapterName
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{4040CF00-1B3E-486A-B407-FA14C56B6FC0}\Parameters\Tcpip
EnableDHCP
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{4040CF00-1B3E-486A-B407-FA14C56B6FC0}\Parameters\Tcpip
IPAddress
192.168.100.205
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{4040CF00-1B3E-486A-B407-FA14C56B6FC0}\Parameters\Tcpip
SubnetMask
255.255.255.0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{4040CF00-1B3E-486A-B407-FA14C56B6FC0}\Parameters\Tcpip
DefaultGateway
192.168.100.2
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp\Configurations
Options
32000000000000000400000000000000FFFFFF7F0000000001000000000000000400000000000000FFFFFF7F00000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6233CD27-676C-4069-BBBE-393DC4D44652}
UseZeroBroadcast
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6233CD27-676C-4069-BBBE-393DC4D44652}
EnableDeadGWDetect
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6233CD27-676C-4069-BBBE-393DC4D44652}
EnableDHCP
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6233CD27-676C-4069-BBBE-393DC4D44652}
NameServer
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6233CD27-676C-4069-BBBE-393DC4D44652}
Domain
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6233CD27-676C-4069-BBBE-393DC4D44652}
RegistrationEnabled
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6233CD27-676C-4069-BBBE-393DC4D44652}
RegisterAdapterName
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{6233CD27-676C-4069-BBBE-393DC4D44652}\Parameters\Tcpip
EnableDHCP
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters
EnableLMHOSTS
1
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\Interfaces\Tcpip_{4040CF00-1B3E-486A-B407-FA14C56B6FC0}
NameServerList
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\Interfaces\Tcpip_{4040CF00-1B3E-486A-B407-FA14C56B6FC0}
NetbiosOptions
0
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\Interfaces\Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
NameServerList
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\Interfaces\Tcpip_{6233CD27-676C-4069-BBBE-393DC4D44652}
NetbiosOptions
0
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000800000030185F8D73C2CF1195C800805F48A1921B040000010000000000000000000000000000000000000000000000000000000000000002000000110000001400000014000000050000000000008000000000000000000000000000FA0000000000004D00530041004600440020004E0065007400420049004F00530020005B005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D00460041006600020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192E90300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
ProtocolName
@%SystemRoot%\System32\wshtcpip.dll,-60100
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000800000030185F8D73C2CF1195C800805F48A1921B040000010000000000000000000000000000000000000000000000000000000000000002000000110000001400000014000000050000000000008000000000000000000000000000FA0000000000004D00530041004600440020004E0065007400420049004F00530020005B005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D00460041000906020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192EA0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
ProtocolName
@%SystemRoot%\System32\wshtcpip.dll,-60101
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000800000030185F8D73C2CF1195C800805F48A1921B040000010000000000000000000000000000000000000000000000000000000000000002000000110000001400000014000000050000000000008000000000000000000000000000FA0000000000004D00530041004600440020004E0065007400420049004F00530020005B005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D0046004100090602000000000000000000000000000C000000A01A0FE78BABCF118CA300805F48A192EB0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000300000000000000FF0000000000000000000000008000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
ProtocolName
@%SystemRoot%\System32\wshtcpip.dll,-60102
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000800000030185F8D73C2CF1195C800805F48A1921B040000010000000000000000000000000000000000000000000000000000000000000002000000110000001400000014000000050000000000008000000000000000000000000000FA0000000000004D00530041004600440020004E0065007400420049004F00530020005B005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D00460041006600020000000000000000000000000008000000C0B0EAF9D426D011BBBF00AA006C34E4EC030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
ProtocolName
@%SystemRoot%\System32\wship6.dll,-60100
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000800000030185F8D73C2CF1195C800805F48A1921B040000010000000000000000000000000000000000000000000000000000000000000002000000110000001400000014000000050000000000008000000000000000000000000000FA0000000000004D00530041004600440020004E0065007400420049004F00530020005B005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D00460041000906020000000000000000000000000008000000C0B0EAF9D426D011BBBF00AA006C34E4ED030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
ProtocolName
@%SystemRoot%\System32\wship6.dll,-60101
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000800000030185F8D73C2CF1195C800805F48A1921B040000010000000000000000000000000000000000000000000000000000000000000002000000110000001400000014000000050000000000008000000000000000000000000000FA0000000000004D00530041004600440020004E0065007400420049004F00530020005B005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D0046004100090602000000000000000000000000000C000000C0B0EAF9D426D011BBBF00AA006C34E4EE030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000300000000000000FF0000000000000000000000008000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
ProtocolName
@%SystemRoot%\System32\wship6.dll,-60102
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000800000030185F8D73C2CF1195C800805F48A1921B040000010000000000000000000000000000000000000000000000000000000000000002000000110000001400000014000000050000000000008000000000000000000000000000FA0000000000004D00530041004600440020004E0065007400420049004F00530020005B005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D00460041006620020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AF3030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0077007300680071006F0073002E0064006C006C002C002D0031003000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
ProtocolName
@%SystemRoot%\System32\wshqos.dll,-100
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000800000030185F8D73C2CF1195C800805F48A1921B040000010000000000000000000000000000000000000000000000000000000000000002000000110000001400000014000000050000000000008000000000000000000000000000FA0000000000004D00530041004600440020004E0065007400420049004F00530020005B005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D00460041006620020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AF40300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0077007300680071006F0073002E0064006C006C002C002D0031003000310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
ProtocolName
@%SystemRoot%\System32\wshqos.dll,-101
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000800000030185F8D73C2CF1195C800805F48A1921B040000010000000000000000000000000000000000000000000000000000000000000002000000110000001400000014000000050000000000008000000000000000000000000000FA0000000000004D00530041004600440020004E0065007400420049004F00530020005B005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D00460041000926020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AF5030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0077007300680071006F0073002E0064006C006C002C002D0031003000320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
ProtocolName
@%SystemRoot%\System32\wshqos.dll,-102
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C0000000800000030185F8D73C2CF1195C800805F48A1921B040000010000000000000000000000000000000000000000000000000000000000000002000000110000001400000014000000050000000000008000000000000000000000000000FA0000000000004D00530041004600440020004E0065007400420049004F00530020005B005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D00460041000926020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AF60300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0077007300680071006F0073002E0064006C006C002C002D0031003000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
ProtocolName
@%SystemRoot%\System32\wshqos.dll,-103
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9
Num_Catalog_Entries
10
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9
Next_Catalog_Entry_ID
1057
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9
Serial_Access_Num
24
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\00000017
3808
MsiExec.exe
delete key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\NetBIOS
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\NetBIOS
WinSock 1.1 Provider Data
0E10000011000000140000001400000005000000FDFFFFFF00FA0000420400000912000011000000140000001400000002000000FDFFFFFF00FA0000CC0300000E100000110000001400000014000000050000000000008000FA00005603000009120000110000001400000014000000020000000000008000FA0000E00200000E10000011000000140000001400000005000000FFFFFFFF00FA0000680200000912000011000000140000001400000002000000FFFFFFFF00FA0000F00100000E10000011000000140000001400000005000000FEFFFFFF00FA0000780100000912000011000000140000001400000002000000FEFFFFFF00FA0000000100005C004400650076006900630065005C004E0065007400420054005F005400630070006900700036005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D004600410031003400430035003600420036004600430030007D0000005C004400650076006900630065005C004E0065007400420054005F005400630070006900700036005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D004600410031003400430035003600420036004600430030007D0000005C004400650076006900630065005C004E0065007400420054005F005400630070006900700036005F007B00370031003400410032004600420031002D0031003100300046002D0034003800450039002D0038004600460036002D004200460032003600380045003600450045004400300036007D0000005C004400650076006900630065005C004E0065007400420054005F005400630070006900700036005F007B00370031003400410032004600420031002D0031003100300046002D0034003800450039002D0038004600460036002D004200460032003600380045003600450045004400300036007D0000005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D004600410031003400430035003600420036004600430030007D0000005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00340030003400300043004600300030002D0031004200330045002D0034003800360041002D0042003400300037002D004600410031003400430035003600420036004600430030007D0000005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00360032003300330043004400320037002D0036003700360043002D0034003000360039002D0042004200420045002D003300390033004400430034004400340034003600350032007D0000005C004400650076006900630065005C004E0065007400420054005F00540063007000690070005F007B00360032003300330043004400320037002D0036003700360043002D0034003000360039002D0042004200420045002D003300390033004400430034004400340034003600350032007D000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\NetBIOS
WinSock 2.0 Provider ID
30185F8D73C2CF1195C800805F48A192
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00450051005000410043004B0045005400200032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000FD41000090003C0290003C0238003C0238003C0200703C026600020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192E90300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00450051005000410043004B0045005400200032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000FD41000090003C0290003C0238003C0238003C0200703C020906020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192EA0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00450051005000410043004B0045005400200032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000FD41000090003C0290003C0238003C0238003C0200703C02090602000000000000000000000000000C000000A01A0FE78BABCF118CA300805F48A192EB0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000300000000000000FF0000000000000000000000008000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00770073006800740063007000690070002E0064006C006C002C002D00360030003100300032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00450051005000410043004B0045005400200032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000FD41000090003C0290003C0238003C0238003C0200703C026600020000000000000000000000000008000000C0B0EAF9D426D011BBBF00AA006C34E4EC030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00450051005000410043004B0045005400200032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000FD41000090003C0290003C0238003C0238003C0200703C020906020000000000000000000000000008000000C0B0EAF9D426D011BBBF00AA006C34E4ED030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00450051005000410043004B0045005400200032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000FD41000090003C0290003C0238003C0238003C0200703C02090602000000000000000000000000000C000000C0B0EAF9D426D011BBBF00AA006C34E4EE030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000300000000000000FF0000000000000000000000008000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730068006900700036002E0064006C006C002C002D0036003000310030003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00450051005000410043004B0045005400200032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000FD41000090003C0290003C0238003C0238003C0200703C026620020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AF3030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0077007300680071006F0073002E0064006C006C002C002D0031003000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00450051005000410043004B0045005400200032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000FD41000090003C0290003C0238003C0238003C0200703C026620020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AF40300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000100000006000000000000000000000000000000000000000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0077007300680071006F0073002E0064006C006C002C002D0031003000310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00450051005000410043004B0045005400200032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000FD41000090003C0290003C0238003C0238003C0200703C020926020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AF5030000010000000000000000000000000000000000000000000000000000000000000002000000170000001C0000001C0000000200000011000000000000000000000000000000F7FF00000000000040002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0077007300680071006F0073002E0064006C006C002C002D0031003000320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3808
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
PackedCatalogItem
2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C00450051005000410043004B0045005400200032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000