General Info

File name

click_install.exe

Full analysis
https://app.any.run/tasks/59299947-52f9-4b51-9b39-fd855beabc85
Verdict
Malicious activity
Analysis date
8/13/2019, 18:18:32
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

1dde7914c7e30db8e6f63a50d43204c4

SHA1

af6249c78ece8e4549830262c2b71eb83305472e

SHA256

af691967f586dfdb1b906e4822423540f0244a3b581d99babed0a7a25b41138f

SSDEEP

393216:N2s8qD9nenkXjaEdns7JUo9vAb2w/7n4taDcqnfOIsZKNdpMM3kB:ks8+6kXGHtUohAb2wDCqcq98IpMBB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Click.exe (PID: 1716)
  • PollingSupport.exe (PID: 2764)
Loads dropped or rewritten executable
  • javaw.exe (PID: 2212)
  • MsiExec.exe (PID: 2900)
Executable content was dropped or overwritten
  • javaw.exe (PID: 2212)
  • Click.exe (PID: 1716)
  • msiexec.exe (PID: 2072)
  • msiexec.exe (PID: 4080)
  • click_install.exe (PID: 2144)
Creates files in the user directory
  • Click.exe (PID: 1716)
  • javaw.exe (PID: 2212)
  • wscript.exe (PID: 3664)
  • click_install.exe (PID: 2144)
Executes JAVA applets
  • PollingSupport.exe (PID: 2764)
Executes scripts
  • javaw.exe (PID: 2212)
Creates files in the program directory
  • Click.exe (PID: 1716)
Starts Internet Explorer
  • MsiExec.exe (PID: 1444)
Executed as Windows Service
  • vssvc.exe (PID: 1748)
Executed via COM
  • DrvInst.exe (PID: 3968)
Creates files in the user directory
  • iexplore.exe (PID: 360)
Application launched itself
  • iexplore.exe (PID: 360)
  • msiexec.exe (PID: 4080)
Reads internet explorer settings
  • iexplore.exe (PID: 3084)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 1444)
Changes internet zones settings
  • iexplore.exe (PID: 360)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 1748)
Creates a software uninstall entry
  • msiexec.exe (PID: 4080)
Searches for installed software
  • msiexec.exe (PID: 4080)
Creates files in the program directory
  • msiexec.exe (PID: 4080)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (64.6%)
.dll
|   Win32 Dynamic Link Library (generic) (15.4%)
.exe
|   Win32 Executable (generic) (10.5%)
.exe
|   Generic Win/DOS Executable (4.6%)
.exe
|   DOS Executable Generic (4.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2009:05:27 11:57:29+02:00
PEType:
PE32
LinkerVersion:
7.1
CodeSize:
135680
InitializedDataSize:
40448
UninitializedDataSize:
null
EntryPoint:
0x20b90
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
1.22.0.0
ProductVersionNumber:
1.22.0.0
FileFlagsMask:
0x003f
FileFlags:
Debug
FileOS:
Win32
ObjectFileType:
Dynamic link library
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
C3 SoftWorks
FileDescription:
This installer database contains the logic and data required to install Click.
FileVersion:
1.22
InternalName:
click_install
LegalCopyright:
Copyright (C) C3 SoftWorks
OriginalFileName:
click_install.exe
ProductName:
Click
ProductVersion:
1.22
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
27-May-2009 09:57:29
Detected languages
English - United States
CompanyName:
C3 SoftWorks
FileDescription:
This installer database contains the logic and data required to install Click.
FileVersion:
1.22
InternalName:
click_install
LegalCopyright:
Copyright (C) C3 SoftWorks
OriginalFileName:
click_install.exe
ProductName:
Click
ProductVersion:
1.22
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000108
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
27-May-2009 09:57:29
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000210A1 0x00021200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.47012
.rdata 0x00023000 0x00003BA6 0x00003C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.60439
.data 0x00027000 0x00000700 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.86115
.rsrc 0x00028000 0x00005A2C 0x00005C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.29574
Resources
1

2

3

4

9

10

11

12

13

14

15

128

201

202

203

206

210

211

212

213

214

216

217

218

219

221

222

223

Imports
    VERSION.dll

    KERNEL32.dll

    USER32.dll

    GDI32.dll

    ADVAPI32.dll

    SHELL32.dll

    ole32.dll

    OLEAUT32.dll

    COMCTL32.dll

    WININET.dll (delay-loaded)

Exports

    No exports.

Screenshots

Processes

Total processes
50
Monitored processes
13
Malicious processes
3
Suspicious processes
1

Behavior graph

+
start click_install.exe msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs drvinst.exe no specs msiexec.exe no specs iexplore.exe iexplore.exe no specs click.exe pollingsupport.exe no specs javaw.exe wscript.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2144
CMD
"C:\Users\admin\AppData\Local\Temp\click_install.exe"
Path
C:\Users\admin\AppData\Local\Temp\click_install.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
C3 SoftWorks
Description
This installer database contains the logic and data required to install Click.
Version
1.22
Modules
Image
c:\users\admin\appdata\local\temp\click_install.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msiexec.exe

PID
2072
CMD
/i "C:\Users\admin\AppData\Roaming\C3 SoftWorksinstall\Click\install\click_install_final.msi" AI_SETUPEXEPATH="C:\Users\admin\AppData\Local\Temp\click_install.exe" SETUPEXEDIR="C:\Users\admin\AppData\Local\Temp\"
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
click_install.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\msihnd.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\msls31.dll

PID
4080
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samlib.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
1444
CMD
C:\Windows\system32\MsiExec.exe -Embedding A049248CF3A5741B9FCEAAAD54462B85 C
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\msifa76.tmp
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\comdlg32.dll
c:\users\admin\appdata\local\temp\msi9c74.tmp
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\internet explorer\iexplore.exe
c:\users\admin\appdata\local\temp\msia32c.tmp
c:\program files\c3 softworks\click\click.exe

PID
1748
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
3968
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot22" "" "" "695c3f483" "00000000" "00000540" "000005DC"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
2900
CMD
"C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\C3 SoftWorks\Click\Reply2005.ocx"
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\program files\c3 softworks\click\reply2005.ocx
c:\windows\system32\olepro32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\devrtl.dll

PID
360
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Program Files\C3 SoftWorks\Click\help\index.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll

PID
3084
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:360 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\program files\microsoft office\office14\winword.exe

PID
1716
CMD
"C:\Program Files\C3 SoftWorks\Click\Click.exe"
Path
C:\Program Files\C3 SoftWorks\Click\Click.exe
Indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
C3 SoftWorks
Description
BRAVO! Click
Version
3.0.0.0
Modules
Image
c:\program files\c3 softworks\click\click.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\users\admin\appdata\local\temp\wrd370548.~lk\0.mdd
c:\users\admin\appdata\local\temp\wrd370548.~lk\1.mdd
c:\users\admin\appdata\local\temp\wrd370548.~lk\2.mdd
c:\users\admin\appdata\local\temp\wrd370548.~lk\3.mdd
c:\users\admin\appdata\local\temp\wrd370548.~lk\4.mdd
c:\users\admin\appdata\local\temp\wrd370548.~lk\5.mdd
c:\users\admin\appdata\local\temp\wrd370548.~lk\6.mdd
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winspool.drv
c:\users\admin\appdata\local\temp\wrd370548.~lk\7.mdd
c:\users\admin\appdata\local\temp\wrd370548.~lk\8.mdd
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\speech\common\sapi.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mlang.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wship6.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wpdshext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shdocvw.dll
c:\program files\c3 softworks\click\drivers_tt\pollingsupport.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll
c:\windows\system32\rpcrtremote.dll

PID
2764
CMD
"C:\Program Files\C3 SoftWorks\Click\drivers_tt\PollingSupport.exe"
Path
C:\Program Files\C3 SoftWorks\Click\drivers_tt\PollingSupport.exe
Indicators
No indicators
Parent process
Click.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\program files\c3 softworks\click\drivers_tt\pollingsupport.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\program files\java\jre1.8.0_92\bin\java.dll

PID
2212
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -classpath "C:\Users\admin\AppData\Local\Temp\temp0.jar;C:\Users\admin\AppData\Local\Temp\temp1.jar;" com.c3softworks.c3pollingsupport.C3PollingSupport
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
Parent process
PollingSupport.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\management.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\program files\java\jre1.8.0_92\bin\fontmanager.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\icm32.dll
c:\windows\system32\wscript.exe
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\t2k.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\users\admin\appdata\local\temp\hidapi-jni-321045883430289939269.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\hid.dll
c:\windows\system32\wintrust.dll

PID
3664
CMD
wscript.exe C:\Users\admin\AppData\Local\Temp\c3pollingsupportshortcutscript.vbs
Path
C:\Windows\system32\wscript.exe
Indicators
No indicators
Parent process
javaw.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft ® Windows Based Script Host
Version
5.8.7600.16385
Modules
Image
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\scrobj.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\scrrun.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\c3 softworks\click\drivers_tt\pollingsupport.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\userenv.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\accessibilitycpl.dll
c:\windows\system32\ie4uinit.exe
c:\windows\system32\wucltux.dll
c:\windows\ehome\ehres.dll
c:\program files\windows sidebar\sidebar.exe
c:\windows\system32\windowsanytimeupgradeui.exe
c:\program files\dvd maker\dvdmaker.exe
c:\windows\system32\xpsrchvw.exe
c:\windows\system32\displayswitch.exe
c:\program files\common files\microsoft shared\ink\mip.exe
c:\windows\system32\mblctr.exe
c:\windows\system32\netprojw.dll
c:\windows\system32\mstsc.exe
c:\windows\system32\snippingtool.exe
c:\windows\system32\soundrecorder.exe
c:\windows\system32\sntsearch.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\oobefldr.dll
c:\windows\system32\speech\speechux\sapi.cpl
c:\windows\system32\dfrgui.exe
c:\windows\system32\wdc.dll
c:\windows\system32\msinfo32.exe
c:\windows\system32\rstrui.exe
c:\windows\system32\migwiz\wet.dll
c:\program files\common files\microsoft shared\ink\shapecollector.exe
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\program files\windows journal\journal.exe
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\comres.dll
c:\windows\system32\mycomput.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\miguiresource.dll
c:\windows\system32\iscsicpl.dll
c:\windows\system32\mdsched.exe
c:\windows\system32\pmcsnap.dll
c:\windows\system32\wsecedit.dll
c:\windows\system32\filemgmt.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\authfwgp.dll
c:\windows\system32\gameux.dll
c:\windows\system32\sdcpl.dll
c:\windows\system32\recdisc.exe
c:\windows\system32\msra.exe
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
1940
Read events
1369
Write events
564
Delete events
7

Modification events

PID
Process
Operation
Key
Name
Value
4080
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72\52C64B7E
4080
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72
4080
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
4080
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
4080
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
4080
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
40000000000000008EC8F8E9F251D501F00F0000A0050000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
40000000000000008EC8F8E9F251D501F00F0000A0050000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
24
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
4000000000000000D48B1CEAF251D501F00F0000A0050000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
40000000000000002EEE1EEAF251D501F00F000008060000E803000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000D281F5EAF251D501F00F000008060000E803000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
40000000000000001C678EF0F251D501F00F0000A0050000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
40000000000000001C678EF0F251D501F00F0000A0050000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
4000000000000000EC79A1F0F251D501F00F0000A0050000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
40000000000000007051B9F0F251D501F00F0000900B0000E903000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
40000000000000000250D8F0F251D501F00F0000900B0000E903000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
40000000000000000250D8F0F251D501F00F000014010000F903000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
40000000000000006AD9E1F0F251D501F00F000014010000F903000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
40000000000000001E9EE6F0F251D501F00F0000A00500000A04000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
400000000000000038E2CDF1F251D501F00F0000A80D00000A04000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
400000000000000038E2CDF1F251D501F00F0000A0050000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
400000000000000038E2CDF1F251D501F00F0000A0050000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
24
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
8EC8F8E9F251D501
4080
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
F00F00005256A2DFF251D501
4080
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
5E98ADE89BF9D87E78D6200B685D89930870125A2F58BCD4FEEA5FFA118DA7B5
4080
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\3770b1.ipi
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\3770b2.rbs
30757371
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\3770b2.rbsLow
1417251184
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5F1ACE21845F7944A3FB4E29DBB1508
B9969973359E5AF4799AFF517B7AFFB0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C3 SoftWorks\Click\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6BD899AE88759A94DBE9B9516317719F
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\Click.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F0E0587387CA4E4EA6E9E5871A90B9F
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\ClickerBaseCommunication.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\318480CA027E4534E93E7E1AAA1EDF87
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\InputSerializer.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\341BB1D42D9B8AF41BC4C50D6F5478BD
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\Interop.ReplyXControl1.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67F5298B1715C5748BCD685EBB9D5FF1
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\Reply2005.ocx
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67F5298B1715C5748BCD685EBB9D5FF1
00000000000000000000000000000000
C:\Program Files\C3 SoftWorks\Click\Reply2005.ocx
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1497EA323E08F745A52566D0B057B06
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\C3_icon.ico
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B555F09471F6D8409E415646B31BA5F
B9969973359E5AF4799AFF517B7AFFB0
02:\Software\Caphyon\Advanced Installer\LZMA\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}\1.22\AI_ExePath
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25710C1B9EDEA5346A0A14740453A29C
B9969973359E5AF4799AFF517B7AFFB0
02:\Software\C3 SoftWorks\ocx_registered
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25710C1B9EDEA5346A0A14740453A29C
00000000000000000000000000000000
02:\Software\C3 SoftWorks\ocx_registered
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33BB6656DEE55054C9A55D1013A2FE78
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\response_drivers.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63DA765B0DCCCB144A6969C51C4311BC
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftbusui.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\58C21F9294A4F4941A355E70764CCB1D
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftcserco.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6A6FC91D12DF464D9C99FD42DBA571F
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftd2xx.lib
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C16CA16D89166AE4C9D57CDF17AFE6DB
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftd2xx64.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09DD2327CFDA1246884808061A56E5E
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftlang.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2774433FF47AF54A982C508C6BD3C96
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftserui2.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F570C3A143874AA4FB71079D0763C55B
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\CDM 2 04 16 Release Info.doc
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBCE871BA890004B9793DEE81BE7E43
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftbusui.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B20B208BF2F55A4692053F9F0A14540
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftcserco.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23156AEDAA6854B4380D5A5BAFB546A6
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftd2xx.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C098289260F5FB947BE204FD8CB89576
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftd2xx.lib
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E391B71A779C3DB40B8B1C8B7430D93B
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftlang.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4E1D3474C9F4E3A4BB76B4BA28C9138F
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftserui2.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\964E9368C4BC3AD4390691180C527F2E
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\help\images\1.jpg
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB57BDA058F313542B9CB3782D63C8D3
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\help\index.html
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A37DBC2C0E372B84A970C1B762EC7047
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\deviceservices.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07F123BBB5E6A8C4B92C7563B73FE831
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\IKVM.GNU.Classpath.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1754752FC0F738D4991576E0E5C18E19
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\IKVM.Runtime.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FE69B665BDAA1E438ACA3510FD0520E
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\InputSerializer.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9AF98008AE26F474591B02DF57DA1796
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_iclicker\C3.Controllers.iClicker.xml
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\463154843F850DB4A88B443D4D90C4D8
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_iclicker\ClickerBaseCommunication.dll
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F647E93E3EE72E444A632D14B713CAC0
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_iclicker\InputSerializer.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1CDA26644E9099C4E8FD5C686A34992E
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_tt\PollingSupport.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A226D6A0A9FA7254984C98B4B78BB34F
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_tt\inputSerializer.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCBC019A6BD28DE4096D0E6E512E9F73
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_tt\response_card_sdk.log
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F224F1BFE4296E429D9AD7555062628
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\inputSerializer.application
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4505AFD04B24AE34C910225B0730D657
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\inputSerializer.vshost.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98E31477D0A876E4482DDCCF342DFCD3
B9969973359E5AF4799AFF517B7AFFB0
C:\Program Files\C3 SoftWorks\Click\drivers_tt\PollingSupport_RRRF-01.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C3 SoftWorks\Click\
1
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C3 SoftWorks\
1
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\C3 SoftWorks\Click\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\C3 SoftWorks\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\C3 SoftWorks\Click\drivers\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\C3 SoftWorks\Click\drivers\i386\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\C3 SoftWorks\Click\help\images\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\C3 SoftWorks\Click\help\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\C3 SoftWorks\Click\drivers_iclicker\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\C3 SoftWorks\Click\drivers_tt\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Caphyon\Advanced Installer\LZMA\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}\1.22
AI_ExePath
C:\Users\admin\AppData\Local\Temp\click_install.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\C3 SoftWorks
ocx_registered
true
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
LocalPackage
C:\Windows\Installer\3770b3.msi
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
AuthorizedCDFPrefix
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
Comments
This installer database contains the logic and data required to install Click.
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
Contact
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
DisplayVersion
1.22
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
HelpLink
www.c3softworks.com
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
HelpTelephone
1-888-333-1969
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
InstallDate
20190813
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
InstallLocation
C:\Program Files\C3 SoftWorks\Click\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
InstallSource
C:\Users\admin\AppData\Roaming\C3 SoftWorksinstall\Click\install\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
ModifyPath
MsiExec.exe /I{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
Publisher
C3 SoftWorks
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
Readme
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
Size
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
EstimatedSize
32042
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
UninstallString
MsiExec.exe /I{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
URLInfoAbout
www.c3softworks.com
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
URLUpdateInfo
www.c3softworks.com
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
VersionMajor
1
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
VersionMinor
22
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
WindowsInstaller
1
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
Version
18219008
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
Language
1033
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
AuthorizedCDFPrefix
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
Comments
This installer database contains the logic and data required to install Click.
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
Contact
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
DisplayVersion
1.22
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
HelpLink
www.c3softworks.com
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
HelpTelephone
1-888-333-1969
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
InstallDate
20190813
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
InstallLocation
C:\Program Files\C3 SoftWorks\Click\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
InstallSource
C:\Users\admin\AppData\Roaming\C3 SoftWorksinstall\Click\install\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
ModifyPath
MsiExec.exe /I{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
Publisher
C3 SoftWorks
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
Readme
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
Size
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
EstimatedSize
32042
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
UninstallString
MsiExec.exe /I{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
URLInfoAbout
www.c3softworks.com
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
URLUpdateInfo
www.c3softworks.com
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
VersionMajor
1
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
VersionMinor
22
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
WindowsInstaller
1
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
Version
18219008
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
Language
1033
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\36C591A11FB75994A9579B21D094BC9A
B9969973359E5AF4799AFF517B7AFFB0
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\InstallProperties
DisplayName
Click
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}
DisplayName
Click
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\B9969973359E5AF4799AFF517B7AFFB0
MainFeature
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\Features
MainFeature
G?8&3rer]?6njs26zU8QF`!JtPlEb?1nAy)2&v'ynEuaNbXq1A(iG&S*[email protected]`s7L_90P*&]&][email protected][AS?3{ks8?WoI6ACd5wQx=%YKjr!D-?-Pg5x6SX,.?*2&vmA}2*Ge^+ZVXCuJ?Ix~Z==jHzwY2y-bHu(`9Mn_u=82[`i4W2ZHj%Y3=KH*Z!PeXcS$]kAcoMs-9VdJiEPZX=jJ{mP1TzgW?`udU%4KlJl7(,A+XNpZ=TC4(AdvJ[vQV+nmmO^?A96zWzlc,teaY'B.'jv89]}LY%fg[trDMXP4-0gQ=sS`9QHdH~I6=dL+od0~?Ij1tn2^[email protected]*[email protected][[email protected]$,1VWp?[[email protected](9KHcMXS4JjI!E1A]dd?)ozhp92J6IGaPu[[email protected]=G'9r?B,Y'`rAHjx2Dv.S,u%[email protected]=jMyq?f[Q&d%=8=h^LOSPBKk7tV][[email protected][email protected]}1etf![@[email protected])$?Qtv*[email protected]^'sk!uVVoB$II=f+AqR{n)'rH&qOlg0Qb],w=4H2Fz}=]tI([email protected])f]ul1b)KU5GA1r]cq.=mb119445)'@Sq]=Q7X]@4(qBS53Loq'9rE&0A87=K[][email protected]{=cD_.2yDAWoD5sQN5~5?=R4bI!+5A17)8Dn-zuQ%vqQ'M$Go9H`E6c$8ygMSLvCNvMw4AJbC9zKW^r7
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9969973359E5AF4799AFF517B7AFFB0\Patches
AllPatches
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
ProductName
Click
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
PackageCode
F7EB1E144B1541F4A93C76FBFB890957
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
Language
1033
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
Version
18219008
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
Assignment
1
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
AdvertiseFlags
388
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
ProductIcon
C:\Windows\Installer\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}\C3_icon_click.exe
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
InstanceType
0
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
AuthorizedLUAApp
0
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
DeploymentFlags
2
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\36C591A11FB75994A9579B21D094BC9A
B9969973359E5AF4799AFF517B7AFFB0
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0\SourceList
PackageName
click_install_final.msi
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0\SourceList\Net
1
C:\Users\admin\AppData\Roaming\C3 SoftWorksinstall\Click\install\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0\SourceList\Media
DiskPrompt
[1]
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0\SourceList\Media
1
Disk1;Disk1
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0
Clients
:
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B9969973359E5AF4799AFF517B7AFFB0\SourceList
LastUsedSource
n;1;C:\Users\admin\AppData\Roaming\C3 SoftWorksinstall\Click\install\
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
115
4080
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
1444
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1444
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
4000000000000000FE0032EAF251D501D406000018040000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
4000000000000000FE0032EAF251D501D406000000060000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
4000000000000000FE0032EAF251D501D4060000A80A0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
4000000000000000FE0032EAF251D501D4060000C40D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
4000000000000000668A3BEAF251D501D406000018040000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
4000000000000000C0EC3DEAF251D501D4060000A80A0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
400000000000000074B142EAF251D501D4060000C40D0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
4000000000000000287647EAF251D501D406000000060000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
400000000000000016EFB6F0F251D501D4060000000600000104000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
400000000000000016EFB6F0F251D501D4060000000600000104000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
40000000000000007E78C0F0F251D501D406000000060000E903000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
40000000000000007E78C0F0F251D501D4060000C40D0000E903000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
40000000000000007E78C0F0F251D501D4060000A80A0000E903000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
4000000000000000323DC5F0F251D501D4060000C40D0000E903000000000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000323DC5F0F251D501D4060000C40D00000100000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
4000000000000000323DC5F0F251D501D4060000A80A0000E903000000000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000323DC5F0F251D501D4060000A80A00000100000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
4000000000000000323DC5F0F251D501D406000000060000E903000000000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000323DC5F0F251D501D4060000000600000100000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
40000000000000006AD9E1F0F251D501D406000000060000F903000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
40000000000000006AD9E1F0F251D501D4060000A80A0000F903000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
40000000000000006AD9E1F0F251D501D4060000C40D0000F903000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
40000000000000006AD9E1F0F251D501D406000000060000F903000000000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
40000000000000006AD9E1F0F251D501D4060000A80A0000F903000000000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
40000000000000006AD9E1F0F251D501D4060000C40D0000F903000000000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
40000000000000007800E9F0F251D501D4060000580C00000204000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
400000000000000058715BF1F251D501D4060000580C00000204000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
4000000000000000B2D35DF1F251D501D4060000580C0000EA03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
4000000000000000C0FA64F1F251D501D4060000340B0000EA03000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
4000000000000000C0FA64F1F251D501D4060000600D0000EA03000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
4000000000000000C0FA64F1F251D501D4060000880D0000EA03000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
4000000000000000DC4873F1F251D501D4060000880D0000EA03000000000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000DC4873F1F251D501D4060000880D00000200000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
400000000000000036AB75F1F251D501D4060000340B0000EA03000000000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
400000000000000036AB75F1F251D501D4060000340B00000200000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
400000000000000036AB75F1F251D501D4060000600D0000EA03000000000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
400000000000000036AB75F1F251D501D4060000600D00000200000001000000010000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
40000000000000008A95A0F1F251D501D4060000580C0000EA03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
40000000000000008A95A0F1F251D501D4060000580C0000EB03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
40000000000000008A95A0F1F251D501D4060000580C0000EC03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
4000000000000000E4F7A2F1F251D501D4060000CC0F0000EB03000001000000020000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
4000000000000000E4F7A2F1F251D501D4060000CC0F0000EB03000000000000020000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000E4F7A2F1F251D501D4060000CC0F00000300000001000000020000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000E4F7A2F1F251D501D4060000480F0000FC03000001000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
40000000000000003E5AA5F1F251D501D4060000580C0000EC03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
40000000000000003E5AA5F1F251D501D4060000580C0000ED03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
4000000000000000F21EAAF1F251D501D4060000580C0000ED03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
4000000000000000F21EAAF1F251D501D4060000580C0000EE03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
40000000000000004C81ACF1F251D501D4060000880D0000EB03000001000000020000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
40000000000000004C81ACF1F251D501D4060000880D0000EB03000000000000020000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000004C81ACF1F251D501D4060000880D00000300000001000000020000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000004C81ACF1F251D501D4060000E80E0000FC03000001000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
40000000000000000046B1F1F251D501D4060000580C0000EE03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
40000000000000000046B1F1F251D501D4060000580C0000F003000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
40000000000000000046B1F1F251D501D4060000580C0000F003000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
40000000000000000046B1F1F251D501D4060000580C0000EF03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
40000000000000005AA8B3F1F251D501D4060000CC0F0000EB03000001000000020000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
40000000000000000E6DB8F1F251D501D4060000CC0F0000EB03000000000000020000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000000E6DB8F1F251D501D4060000CC0F00000300000001000000020000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
40000000000000000E6DB8F1F251D501D4060000580C0000EF03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000000E6DB8F1F251D501D4060000800E0000FC03000001000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
40000000000000000E6DB8F1F251D501D4060000580C0000EB03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
40000000000000000E6DB8F1F251D501D4060000580C00000304000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
40000000000000000E6DB8F1F251D501D4060000580C00000304000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
40000000000000000E6DB8F1F251D501D4060000580C0000FD03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
40000000000000000E6DB8F1F251D501D4060000980C0000FD03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
400000000000000076F6C1F1F251D501D4060000980C0000FD03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
400000000000000076F6C1F1F251D501D4060000580C0000FD03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
400000000000000076F6C1F1F251D501D4060000980C0000FE03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000DE7FCBF1F251D501D4060000980C0000FE03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
4000000000000000DE7FCBF1F251D501D4060000980C0000FF03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
4000000000000000DE7FCBF1F251D501D4060000980C0000FF03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
400000000000000076F6C1F1F251D501D4060000580C0000FE03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000DE7FCBF1F251D501D4060000580C0000FE03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
4000000000000000DE7FCBF1F251D501D4060000580C0000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
4000000000000000DE7FCBF1F251D501D4060000580C0000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
4000000000000000DE7FCBF1F251D501D4060000A80900000404000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
4000000000000000DE7FCBF1F251D501D4060000A80900000404000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
4000000000000000DE7FCBF1F251D501D4060000580C00000504000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
400000000000000038E2CDF1F251D501D4060000580C00000504000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
400000000000000038E2CDF1F251D501D4060000580C0000F403000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
400000000000000038E2CDF1F251D501D4060000580C0000F403000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
400000000000000038E2CDF1F251D501D4060000580C0000F203000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
4000000000000000A06BD7F1F251D501D4060000600D0000F203000001000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
4000000000000000A06BD7F1F251D501D4060000F8030000F203000001000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
4000000000000000A06BD7F1F251D501D4060000A8030000F203000001000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000A06BD7F1F251D501D4060000480F0000FC03000000000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000A06BD7F1F251D501D4060000E80E0000FC03000000000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
4000000000000000A06BD7F1F251D501D4060000600D0000F203000000000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
4000000000000000A06BD7F1F251D501D4060000F8030000F203000000000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000A06BD7F1F251D501D4060000800E0000FC03000000000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000A06BD7F1F251D501D4060000600D00000400000001000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000A06BD7F1F251D501D4060000F80300000400000001000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
4000000000000000A06BD7F1F251D501D4060000A8030000F203000000000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000A06BD7F1F251D501D4060000A80300000400000001000000030000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
4000000000000000A06BD7F1F251D501D4060000580C0000F203000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
4000000000000000A06BD7F1F251D501D4060000580C00000604000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
40000000000000006A0613F2F251D501D4060000580C00000604000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
40000000000000006A0613F2F251D501D4060000580C0000F503000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
4000000000000000865421F2F251D501D4060000340B0000F503000001000000040000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
4000000000000000865421F2F251D501D4060000F8030000F503000001000000040000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
4000000000000000865421F2F251D501D4060000880D0000F503000001000000040000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
4000000000000000E0B623F2F251D501D4060000340B0000F503000000000000040000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000E0B623F2F251D501D4060000340B00000500000001000000040000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
4000000000000000E0B623F2F251D501D4060000F8030000F503000000000000040000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000E0B623F2F251D501D4060000F80300000500000001000000040000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
4000000000000000AC88B7F2F251D501D4060000880D0000F503000000000000040000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000AC88B7F2F251D501D4060000880D00000500000001000000040000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
4000000000000000AC88B7F2F251D501D4060000580C0000F503000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
4000000000000000AC88B7F2F251D501D4060000580C00000704000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
4000000000000000D6FDCCF2F251D501D4060000580C00000704000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
40000000000000004CAEDDF2F251D501D4060000580C0000FB03000001000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
4000000000000000B437E7F2F251D501D4060000CC0F0000FB03000001000000050000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
4000000000000000B437E7F2F251D501D4060000CC0F0000FB03000000000000050000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
4000000000000000B437E7F2F251D501D4060000A8030000FB03000001000000050000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
4000000000000000B437E7F2F251D501D4060000A8030000FB03000000000000050000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
4000000000000000B437E7F2F251D501D4060000600D0000FB03000001000000050000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
4000000000000000B437E7F2F251D501D4060000600D0000FB03000000000000050000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
1748
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
4000000000000000B437E7F2F251D501D4060000580C0000FB03000000000000000000000000000063D26E1B76D1CC4EBAC90780C193E3240000000000000000
3968
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EF407A9E-045C-4D8E-841D-673C43709E63}\6.0
Reply2005 ActiveX Control
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EF407A9E-045C-4D8E-841D-673C43709E63}\6.0\FLAGS
2
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EF407A9E-045C-4D8E-841D-673C43709E63}\6.0\0\win32
C:\Program Files\C3 SoftWorks\Click\Reply2005.ocx
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EF407A9E-045C-4D8E-841D-673C43709E63}\6.0\HELPDIR
C:\Program Files\C3 SoftWorks\Click\
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A06675D8-8126-4EE5-AC11-0B17B6DB1D5E}
IReplyX
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A06675D8-8126-4EE5-AC11-0B17B6DB1D5E}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A06675D8-8126-4EE5-AC11-0B17B6DB1D5E}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A06675D8-8126-4EE5-AC11-0B17B6DB1D5E}\TypeLib
{EF407A9E-045C-4D8E-841D-673C43709E63}
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A06675D8-8126-4EE5-AC11-0B17B6DB1D5E}\TypeLib
Version
6.0
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D801385B-EDC8-4497-8602-2E943CD889DA}
IReplyXEvents
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D801385B-EDC8-4497-8602-2E943CD889DA}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D801385B-EDC8-4497-8602-2E943CD889DA}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D801385B-EDC8-4497-8602-2E943CD889DA}\TypeLib
{EF407A9E-045C-4D8E-841D-673C43709E63}
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D801385B-EDC8-4497-8602-2E943CD889DA}\TypeLib
Version
6.0
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}
ReplyX Control
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\InprocServer32
C:\PROGRA~1\C3SOFT~1\Click\REPLY2~1.OCX
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\InprocServer32
ThreadingModel
Apartment
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ReplyXControl1.ReplyX
ReplyX Control
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ReplyXControl1.ReplyX\Clsid
{69FC1183-7937-4BB1-A1C8-725B778511C9}
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\ProgID
ReplyXControl1.ReplyX
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\Version
6.0
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\TypeLib
{EF407A9E-045C-4D8E-841D-673C43709E63}
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\MiscStatus
0
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\MiscStatus\1
131473
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\ToolboxBitmap32
C:\Program Files\C3 SoftWorks\Click\Reply2005.ocx,1
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\Control
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\Verb
2900
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69FC1183-7937-4BB1-A1C8-725B778511C9}\Verb\0
Properties,0,2
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{36B22C8B-BDE6-11E9-9885-5254004A04AF}
0
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307080002000D001000140009003500
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307080002000D001000140009005400
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
DED9BEFAF251D501
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
0B0BC0FAF251D501
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
360
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3084
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307080002000D001000140009001903
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307080002000D001000140009006A03
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
68
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307080002000D00100014000A001000
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
36
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3084
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Word
3084
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor
Last
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CachePrefix
:2019081320190814:
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheLimit
8192
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheOptions
11
3084
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheRepair
0
1716
Click.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1716
Click.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
Click.exe
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1233683714
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASAPI32
EnableFileTracing
0
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASAPI32
EnableConsoleTracing
0
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASAPI32
FileTracingMask
4294901760
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASAPI32
ConsoleTracingMask
4294901760
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASAPI32
MaxFileSize
1048576
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASAPI32
FileDirectory
%windir%\tracing
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASMANCS
EnableFileTracing
0
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASMANCS
EnableConsoleTracing
0
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASMANCS
FileTracingMask
4294901760
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASMANCS
ConsoleTracingMask
4294901760
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASMANCS
MaxFileSize
1048576
1716
Click.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Click_RASMANCS
FileDirectory
%windir%\tracing
1716
Click.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1716
Click.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2212
javaw.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
javaw.exe
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
LanguageList
en-US
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@sendmail.dll,-4
Mail recipient
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\AccessibilityCpl.dll,-10
Ease of Access Center
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\System32\ie4uinit.exe,-737
Internet Explorer (No Add-ons)
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\wucltux.dll,-1
Windows Update
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\ehome\ehres.dll,-100
Windows Media Center
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Program Files\Windows Sidebar\sidebar.exe,-1005
Desktop Gadget Gallery
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\WindowsAnytimeUpgradeUI.exe,-1
Windows Anytime Upgrade
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Program Files\DVD Maker\DVDMaker.exe,-61403
Windows DVD Maker
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-114
Windows Fax and Scan
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\XpsRchVw.exe,-102
XPS Viewer
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\displayswitch.exe,-320
Connect to a Projector
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291
Math Input Panel
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\mblctr.exe,-1008
Windows Mobility Center
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\NetProjW.dll,-501
Connect to a Network Projector
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\mstsc.exe,-4000
Remote Desktop Connection
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\SnippingTool.exe,-15051
Snipping Tool
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\SoundRecorder.exe,-100
Sound Recorder
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\SNTSearch.dll,-505
Sticky Notes
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\System32\SyncCenter.dll,-3000
Sync Center
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\OobeFldr.dll,-33056
Getting Started
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\Speech\SpeechUX\sapi.cpl,-5555
Windows Speech Recognition
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\dfrgui.exe,-103
Disk Defragmenter
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\wdc.dll,-10030
Resource Monitor
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\msinfo32.exe,-100
System Information
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\rstrui.exe,-100
System Restore
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\migwiz\wet.dll,-591
Windows Easy Transfer Reports
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\migwiz\wet.dll,-588
Windows Easy Transfer
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe,-298
Personalize Handwriting Recognition
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Program Files\Common Files\Microsoft Shared\Ink\TipTsf.dll,-80
Tablet PC Input Panel
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Program Files\Windows Journal\Journal.exe,-3074
Windows Journal
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-101
Windows PowerShell ISE
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\comres.dll,-3410
Component Services
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\mycomput.dll,-300
Computer Management
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\odbcint.dll,-1310
Data Sources (ODBC)
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\miguiresource.dll,-101
Event Viewer
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\iscsicpl.dll,-5001
iSCSI Initiator
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\MdSched.exe,-4001
Windows Memory Diagnostic
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\wdc.dll,-10021
Performance Monitor
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\pmcsnap.dll,-700
Print Management
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\wsecedit.dll,-718
Local Security Policy
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\filemgmt.dll,-2204
Services
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\msconfig.exe,-126
System Configuration
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\System32\AuthFWGP.dll,-20
Windows Firewall with Advanced Security
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\gameux.dll,-10082
Games Explorer
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\sdcpl.dll,-101
Backup and Restore
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\recdisc.exe,-2000
Create a System Repair Disc
3664
wscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\73\52C64B7E
@C:\Windows\system32\msra.exe,-100
Windows Remote Assistance

Files activity

Executable files
45
Suspicious files
14
Text files
93
Unknown types
30

Dropped files

PID
Process
Filename
Type
2144
click_install.exe
C:\Users\admin\AppData\Roaming\C3 SoftWorksinstall\Click\install\click_install_final.msi
executable
MD5: b16201da0c46cbb528bc84796e49dbc9
SHA256: cc8b906e9beddf8997c2983f30380eb233b68398c5b2fc92cc07d80efd13503e
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftdibus.sys
executable
MD5: 82d4bd620f7e27ea268ea0e2f701a7ae
SHA256: 744014a791c07cf3b9387adecb94552d8b6ac523433f7063411198509155f3e9
4080
msiexec.exe
C:\Windows\Installer\3770b3.msi
executable
MD5: b16201da0c46cbb528bc84796e49dbc9
SHA256: cc8b906e9beddf8997c2983f30380eb233b68398c5b2fc92cc07d80efd13503e
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftd2xx64.dll
executable
MD5: a3adc8788f4fa4b52907c86b202afffe
SHA256: 58443c89ab3ee6d65353dcebc7b8527f428c40b9a93d0a4703c530cc95d57c41
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_tt\PollingSupport_RRRF-01.exe
executable
MD5: ad469b736bd23357181acbde270fd580
SHA256: 0ff3562c48b42f5cd0e11aaef86ae4b70fa0b4bbd04c9f7656ec61af3e3a85f3
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftbusui.dll
executable
MD5: 14bad8e06578c1712ff51a5d10f89243
SHA256: 085a23d070814f8b2c441eac4255663d8bc5571925b1952d1cadd1e89e9262ad
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\5.mdd
executable
MD5: 438ab951ae6dd30491e3104a2fa41c06
SHA256: 568e58448f91d3e40550a44c3eb39b217f05b64846bc9232c8f49c255da42cf8
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftcserco.dll
executable
MD5: 095eeb537074cebbc939755c45cc0b4d
SHA256: 7d9a19a324a8b95d98ef405856a56d0c6942107e5dab9d7d03a27db08d7a5d62
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\8.mdd
executable
MD5: 7a0f15d75990d2ec8cf4f27e4f869ce3
SHA256: ab3b111bb61f23a1cdd13bd4883cc6f6615c19997260f3c1a99e3eda4019a2eb
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\response_drivers.exe
executable
MD5: 51fb6b4df226b4ce04edeb397d308f6a
SHA256: ca685412bfb694ddcbe6d20686d5472d793507cbcb90f63d04e5d3a14d1d8748
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftlang.dll
executable
MD5: ef977a5a4ef8a59efbc2c621ba556941
SHA256: 0c21209f357de18ccdb12941e44eaed96e9e5f7a379d5d07ddd01e87f0af5048
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\3.mdd
executable
MD5: 3bdf6eec89aa9ad5747bf2fd8ef97ca7
SHA256: f9dae9ece1066f019b72d68b0852094f0ae2559e288eaee1dab1df0c5bea2ad0
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\inputSerializer.vshost.exe
executable
MD5: b4d5137244bb4259a208b815e7c9f7b9
SHA256: 7e2cab589582f46ff463d9dcbc659df25128ce23bd896184f5f6f6233818b249
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\Reply2005.ocx
executable
MD5: ff7b7f70b3915152e2c3b6f41131cdbd
SHA256: ae53c0e9756e5eca310210830f0d7129466b7628cf8746e9964543f89301b6f1
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftser2k.sys
executable
MD5: 1fa21ff2d7b50b528d8b73db34ad06bc
SHA256: 77b670ca00ac56c59307f154608462197ddf9a367701a5c687b4a93afb759554
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\6.mdd
executable
MD5: 57665bf1a0b369bf873652b3674558d7
SHA256: 79b3da63619fd8e4141963996407ffec5bc602d686aee67b2ab4358817ef9f31
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_tt\inputSerializer.exe
executable
MD5: bebd6059ef2ea5c3866168b5d4f0bc3b
SHA256: 470e0ad8f0ba53e8e5fd1d0de6b571204fdff58c63aa814d2794195a8915d8ff
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\Interop.ReplyXControl1.dll
executable
MD5: 4a275856d64b88365a8f30df63e38bb8
SHA256: 7b6bc820ab0fe17d794c916fc1ae03e8556546d35e2a2dfd5c36264c89b8f365
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftserui2.dll
executable
MD5: 34a7d002607651d273cab6b4a16966bd
SHA256: 7519b86d35a40266b5878634e2a24e79ec5f8ba9c30d1e19f5bcda70de92a4cc
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\4.mdd
executable
MD5: 531e313e46a021bccf5a1107bedbc8fc
SHA256: c20f4c514fd93f30f699b1c1daf997c861f52e4b9222232cc44a4f79bc3baca5
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_tt\PollingSupport.exe
executable
MD5: 6c921592924969d8666e9c658093b3ec
SHA256: bf6bd03f6fc07cdf16b445fd4a108814bfb109a81d5a7d4e13f99fb3714101f5
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\InputSerializer.exe
executable
MD5: 6a2e73ef86a6b347a88ed261c51694b5
SHA256: 33ee48b28bd129bc40002e89f34d5f3855d5a2decd846d67728fe3674955050a
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftbusui.dll
executable
MD5: 9427dfe0d3662724ef9857814d9d3d31
SHA256: 530b8a556b9cb94f9834084581fff0720b8b89dfa027d3b5191f2c4a203b963d
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\0.mdd
executable
MD5: 5187f8899a5864676a23d670a70b59d0
SHA256: 576581ba31bffd976c473410c2eee1b6e8cd9430fbd91b10187e3fa980994643
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_iclicker\InputSerializer.exe
executable
MD5: a8f371985a9938b340eaeb27d7d2b64a
SHA256: 86b15e7e890688148a71395fd7723dc1d75e7c66d00358afd8255c801f924f6f
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\ClickerBaseCommunication.dll
executable
MD5: 8a0b1354aa55da9813df5e42a7e43390
SHA256: 153d8a5fc7e4e6e868c002aabb0721e65af02da813c635fc59ca69488e9f5e6b
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_iclicker\ClickerBaseCommunication.dll
executable
MD5: 8a0b1354aa55da9813df5e42a7e43390
SHA256: 153d8a5fc7e4e6e868c002aabb0721e65af02da813c635fc59ca69488e9f5e6b
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\1.mdd
executable
MD5: a648fb9a0cc12dc1feb9790422e4a485
SHA256: fd3b80e1ec51752d301e0e72bcadf5f597b5da125d5bbce07a1c8d7151635de6
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\IKVM.Runtime.dll
executable
MD5: 2a0a9d9b1da3c570b51fe80d43710c1d
SHA256: 07323321c56a0d714b09412ffbf6564b5c4f43fda28258b669499b692c934592
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\Click.exe
executable
MD5: 967074f510273f1672a65afd36d97e93
SHA256: 79d2e73af1594d362f3c495bdaa107c12a644e649d6ab927d93ddfdf3e4b8e5a
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\IKVM.GNU.Classpath.dll
executable
MD5: 2ec8f1b5d074bc5c2844478bf62ea4e1
SHA256: 009594eb20075480b108a681dea7ee272b8b143fc09e0b6e8e6fde4271269c67
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\2.mdd
executable
MD5: ced7fe843a51d3a4571a97f0a14f7c6f
SHA256: 297fa21020621d6d884ceb3f80b97a5ff868585a346c20e56a5fc6d1d32ac380
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftser2k.sys
executable
MD5: 23220a4709cc5785f9633ba71416145c
SHA256: 8e9e314efdddb511aae612b5494c09e6a5ea2559b4682c7413aee02dfbde3161
4080
msiexec.exe
C:\Windows\Installer\3770b0.msi
executable
MD5: b16201da0c46cbb528bc84796e49dbc9
SHA256: cc8b906e9beddf8997c2983f30380eb233b68398c5b2fc92cc07d80efd13503e
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftcserco.dll
executable
MD5: d5539f183f59bf8a81889b5b65111ade
SHA256: 29a575c415e90090d9e921d42d5294faa8cda447d4eed59ae63bd74fe3b6df44
2072
msiexec.exe
C:\Users\admin\AppData\Local\Temp\MSI9C74.tmp
executable
MD5: ff1591dd7cc76baa17a7b11d8b4908fe
SHA256: 0f73b21436520f5c3854d2d98d13d97626462836e214b0746c2a7f4dc654a09d
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftserui2.dll
executable
MD5: 1b1d0ff44a80315ba86b090b8316a89a
SHA256: 2ae839886e5f3333db2d64296f524c6597b17ad682e9afbf032c0a64966efcfc
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftlang.dll
executable
MD5: 7baecfeaed505c6dfcd9ae2731fec83f
SHA256: a227f19705ca331c727c787746cb2a85527dc05c74e2b84bd1209fbb45e593a0
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftdibus.sys
executable
MD5: 7c17235845d5ae3fb33ead47b5881521
SHA256: ed490a72561507e7c6cac8c218b62ef4cec1eba9d4728fc12ef22fd6695a380e
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\InputSerializer.exe
executable
MD5: e581479e7d882ac3d5e6d31e6e0929c0
SHA256: 39e7720da6111f0065d1a255722b241ed04b20acf50fc989d32ba7957a3ad1a8
2212
javaw.exe
C:\Users\admin\AppData\Local\Temp\hidapi-jni-321045883430289939269.dll
executable
MD5: 6d5bd5bcc0860a646c81720df7d9f8cf
SHA256: 8adcc782c2e62afbc332d78f32985629560950c32a2d00180a3ee791e2cf95cf
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftd2xx.dll
executable
MD5: 00a8f4e6891008ae34a16ebb560ba08d
SHA256: e68dad2bab57aac8a11d4b0dc73d8a6ee478652a98d7e4bc194a67343db50d78
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\7.mdd
executable
MD5: 42f3e68559a8a7faed6d19b73621814a
SHA256: 299a0fec37397bc95effdef889de539ccaa537a1fc91189d5b925317669cb2eb
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\BRAVO!-Click-new-poll.jpg
image
MD5: fe7665f4a20cade4dbaf0662945f89b0
SHA256: d242538bddc7edaeba2c13d017e2e49fee252b6fb308901223b2b7d71c3338e8
2072
msiexec.exe
C:\Users\admin\AppData\Local\Temp\MSIA32C.tmp
––
MD5:  ––
SHA256:  ––
4080
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFBDAC7C0B1A282C6C.TMP
––
MD5:  ––
SHA256:  ––
4080
msiexec.exe
C:\Config.Msi\3770b2.rbs
binary
MD5: 2f2d32eeafb224281dd00ba0f0c99328
SHA256: 256fca2d047b93b87f73d9b10db8add18974b58e5d5e958ff7b4c5e20724fc99
1716
Click.exe
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
––
MD5:  ––
SHA256:  ––
4080
msiexec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C3 SoftWorks\Click\Uninstall Click.lnk
lnk
MD5: cc7f9dbe264b7b7afadbfbde77680c70
SHA256: 56fb46f604fd859d709af7481add39232f8d1b377e257238417b02f70aa3da86
4080
msiexec.exe
C:\Users\Public\Desktop\Click.lnk
lnk
MD5: 8792333eeda9523170bd0103271fffa0
SHA256: 5f279d3f9848a204bb84f88f74d110d66c35fb64350c8dcad416fcfc0641a3b0
4080
msiexec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C3 SoftWorks\Click\Click.lnk
lnk
MD5: 034bb515ea6827e4e27256ce962c65ff
SHA256: e6336d0f8cffa2953d3ba6bd292f1d09c9a042b97eb29ac10eae3626d2e9daca
4080
msiexec.exe
C:\Windows\Installer\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}\C3_icon_click.exe
image
MD5: b8f885d0f02ad9ebdddc8474c248f8f8
SHA256: 79b1d6881587c1311d0a290287bada6b070c598d0c6f113ac798d833496501ad
4080
msiexec.exe
C:\Windows\Installer\{3799699B-E953-4FA5-97A9-FF15B7A7FF0B}\SystemFolder_msiexec.exe
image
MD5: 647bb3355f403c398d73cf8be8837fa6
SHA256: 7c4e22d91293bf9ce8683e9dd395315824e36794a612b5a0dae4eecb82d13d53
1716
Click.exe
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
sol
MD5: 76e4661633f52a44ebc7562269412a30
SHA256: 1b8986ad348d7ff94e4638439268323c9647ebe8b855cfb3eac2cde09afffa5f
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\version_num
text
MD5: a0b6088d1b3816cbfcb6fac444185aab
SHA256: 7f1bfb468d99e5451444f5ee3327293b7082b4a81087357ea826ee8ad176d485
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\SampleDotNetClient.vshost.exe.manifest
xml
MD5: 7c7f7bea119cc35c02c9e6972d824d10
SHA256: 1ddeef984b3cbda2d0993730b3007f34be988bed5c3182e12c21f12afd2e03c7
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\SampleDotNetClient.vshost.application
xml
MD5: d6bfe7f02d9adba0b3bca3d8bb2e5222
SHA256: 4a99b40ec76f0b497e23698221b4794a6995688d9c4e3c7bf4d6a6e8228a4eb1
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\inputSerializer.vshost.exe.manifest
xml
MD5: 3c5127dbbb318697491186615240ef57
SHA256: ed8756371f561b36d13def90c780b647ac611256ecb401367bb2a4110f5ad032
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\inputSerializer.vshost.exe.config
xml
MD5: feb8a12f54cdbca11133449147e40b28
SHA256: b115cf3bc35c222b952386a332bb3b827c6dcb48fa0a12bb3a8ac4e9b334c5f4
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\inputSerializer.pdb
pdb
MD5: cdf39ec2b4008ad9a30a77fe54836e8d
SHA256: c6e2ad074fcd0e726cc3f45aaf8765ae0fd384837ab4a4b79bb1c40f25dc9567
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\~swd1.dat
swf
MD5: c28f38b67790e79f1616df46fe6cf242
SHA256: 7a435db192fd6721ee73e9ad45b08cafbe12d15a7aa5df236bb03b3949797c02
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\inputSerializer.vshost.application
xml
MD5: addebbcdd0c700c0cfa813cf3bbe061d
SHA256: 1afdc376e179397b4fc19fc55bb3e7091e237d93894fbf4814ffd17f339b34bc
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\inputSerializer.exe.manifest
xml
MD5: 67917d589e8e773a4b30b7f5fee6b6c1
SHA256: 8cb3285ef6bf1cae3d9e46cfd42d4d70790f1d0aa62f2a0a8e27fb3e558b249a
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\inputSerializer.application
xml
MD5: addebbcdd0c700c0cfa813cf3bbe061d
SHA256: 1afdc376e179397b4fc19fc55bb3e7091e237d93894fbf4814ffd17f339b34bc
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\inputSerializer.exe.config
xml
MD5: feb8a12f54cdbca11133449147e40b28
SHA256: b115cf3bc35c222b952386a332bb3b827c6dcb48fa0a12bb3a8ac4e9b334c5f4
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_tt\response_card_sdk.log
text
MD5: 5841fa3efd80e8549617bf1dff902367
SHA256: d5aa80840f8b0e1b96abbfe2d8a608683ed85207026997710ee50f168485af71
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\replyChannel.ini
text
MD5: 6bb61e3b7bce0931da574d19d1d82c88
SHA256: 1bad6b8cf97131fceab8543e81f7757195fbb1d36b376ee994ad1cf17699c464
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\C3.Controllers.ReplyMini.xml
xml
MD5: e7c923e2b868d75ab5402ee2a058c166
SHA256: 1aeaa8d4442b94658c19247509f574b2d4c58642f7e998bca6d0c5c7b382e958
1716
Click.exe
C:\Users\admin\AppData\Local\Temp\wrd370548.~lk\~swd1.swf
swf
MD5: eeb736d65f89dbabdc5670f801c6d53b
SHA256: 110cc62dfe0d51671099bc36e39f9c07331a1af2cbc1265e6bcf19991268e425
1716
Click.exe
C:\ProgramData\c3\options.xml
xml
MD5: 60f3c1b956066c8123370400e945c268
SHA256: 493104f12f15309a4684422c3d1b712cfb92c48461bac4b01be9256d30bdb720
3084
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814\index.dat
dat
MD5: 08249dcc70ab1a477750c11c387ff97b
SHA256: 7b7b02dff8ad1e2e9a0e9d4f30e0aa2e0a7f6bf5eea22a1d1bb14842f0c77f45
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\custom_skin_example.png
image
MD5: 2620fb00d5016ce2f846505d3510c847
SHA256: 32bfc8ee978dd44a783edb86c344fa7f7d2b57ae5505a778aa093ff210d77a63
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_iclicker\C3.Controllers.iClicker.xml
xml
MD5: 6ba6639feed362322aa30206dd8dd98c
SHA256: bb2a2167ebe077b3428cc0995300bad0b9bb9c0a222284fa6f9540f17397ebb6
2212
javaw.exe
C:\Users\admin\C3PollingSupport.lock
text
MD5: 2754219e5ba0f1aeb3ba3e02ccd07bf1
SHA256: 7efe1f49c3998486901cd3798d4f2d12ae40a91377660e60c8dec68fcec5eb88
2764
PollingSupport.exe
C:\Users\admin\AppData\Local\Temp\temp0.jar
java
MD5: 7bedb2e434b6d3101d52058e4c6929f4
SHA256: 046b98f874efdbd3f76b50be4d616fb6ff241cdcb146db69fb9c38f488688130
2764
PollingSupport.exe
C:\Users\admin\AppData\Local\Temp\temp1.jar
java
MD5: 86cf28d78ea5ffd10bfc190a6cd70410
SHA256: 1895971812dd97715d0c27877291aa33fd24b49d60d751bb6e5720829b2cb76f
2212
javaw.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: f60ea312f4ebbef978328a2d0e8fb689
SHA256: fab48a6e496779dad2cc08de5fd2068e0717a4a7fb7c5d9bf2d4a5fb89fe48c1
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers_einstruction\deviceservices.dll
odttf
MD5: 0dbe9a2ddaa226e9ca0e3aa16b7bf1e4
SHA256: 8cd51548fe5ec620726bee731833946f6916e1affc895eaf5264481d31e35746
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\bravoclick_CD.jpg
image
MD5: 85588cec5d62349f3b4615b60f86b46a
SHA256: ca07c27fdf61ea5ee56cc76a9205606464dcad0ed526590295e94a078ded5c30
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\index.html
html
MD5: d42f5bb03a6cc90cdbbe0db82b583a37
SHA256: 67d342719503b2a7ba69e9b3ddd1fa649f7c5a5eb53231bf61c658db9645d530
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\menu_pullup.jpg
image
MD5: e8294a7f8034e50d9f52ebfd3017ab9f
SHA256: 83c8d51fe9090e53299f6ee2b2b56090c649316eec1bd8002d3e2b6c8d46beaf
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\mini.jpg
image
MD5: 71acb02187ca928c20fcc85bffd7e463
SHA256: 4288078e99a70dad0dc8d8be54b8fe9f0b0e1c2064377cc1c17d6f54d064246e
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\mini_frontback.jpg
image
MD5: d6f193cbb615122a9646f11e4399ceb8
SHA256: de5944af1c7496ca1a02bafb9fe11b4f27d8a5a17cb31abcd5e89380e54c4a93
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\Click-options.jpg
image
MD5: d898b9de40159fd419cb6e137590b9b2
SHA256: 343c9113a8a2f9b99aaa6de509a9937bc9cc7ae9eacca8755d77c09f67ea7306
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\menuoptions.jpg
image
MD5: e2365b1984a279b436ee581c6eb04cf5
SHA256: 604949a74279b0cb75f0b1994ec16c128903c268da2cd9afcb719fc598cc124d
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\how-many-answers.jpg
image
MD5: c7391d6d2a1d3c396a03c174801c4a7d
SHA256: b5cd33c29045462539fddf68cd516a4176c54eb1d7d02ef2d49dde77151fbe17
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\bravoclicklogo.jpg
image
MD5: 74115eb325e4067d903f02cd96a657bd
SHA256: e0462bc1dbb01eab40f4a427216ab6cffbd8e8706326c95ac080325a7675030a
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\c3eblasttoplogo.gif
image
MD5: 7dca0ef6d120f6989249c6679762e7e7
SHA256: 00056fa952da9fd20d330738daf709f3c098209e6429bb3f3c4fc3135e0d1c1b
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\bravoclickbar.jpg
image
MD5: 2d26852f1625e4b54286778994ee27fc
SHA256: d32032112a55c77bee8dca1b1471a926bfce9a1f873733bfde65c6bd94f401f2
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\Bravo-resutls.jpg
image
MD5: c6029df79992001e154056893d1c9058
SHA256: a4bc1e07d57b909cec620b6b327c1223bb69476f959afe09eb9fbb0cbe7148b4
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\BRAVO!-Interface-1.jpg
image
MD5: eb18f8d7ca53fb8f2b894353f26839be
SHA256: bf1f775e3663019f09577843058d5fce67f58bc842e1dc6888d8bf05642ae55b
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\Bravo-results.jpg
image
MD5: 65792cb5fa407286aebe248d3ceb382b
SHA256: 45c26ace746088ee01093236ae2e4f3e24be7ff5690d06278956376a76b62174
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\BRAVO!-interface2.jpg
image
MD5: 106634acdc5f1e8c7d69a3baac5c2ee0
SHA256: 89ff2fcbe37b4fc4911bc34e770417e741efb9d930fc5a5176532fa5f56c5eb9
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\battery_replacement.jpg
image
MD5: 5f3a5830dc547a113f650428c2d54af1
SHA256: d768f53b204712b17e2d2f0fe3fe73e59e7e7bddc5447e35d978ffef9cd4f5e5
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\BRAVO!-click-initializing.jpg
image
MD5: 0255446c906c0dc588a1bb333a8083b9
SHA256: 6dfa78e72e4b74c70df1081cf50585735e070c95d788aa7820ba8ffb3f7aa679
4080
msiexec.exe
C:\Windows\Installer\3770b1.ipi
––
MD5:  ––
SHA256:  ––
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\assignnames.jpg
image
MD5: 84f370d126d1ee0390ea8ef824e4a40f
SHA256: a2901c23e6594a785134aaabe41e351051d1129e033fbeddcbcbb5bc10c6ebed
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\2.jpg
image
MD5: 70153409e29662438b20618f18a849ea
SHA256: 58393650a01220ef21853c63f07e9a2fb626257b260153db95cf133d23643601
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\1.jpg
image
MD5: d0303d4c12ddaac64e3990ead055c161
SHA256: ec50fdb4e26e72d1a9bb3367eb4dcf0ae94c7fab7eeb47c7c6db5524a6e239e1
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\4.jpg
image
MD5: 30f2d2a2ed52b5c2979f0621a7b121ba
SHA256: b3ee1880cf77b0f8b6a2951abd4e2f0247dd5d618e41e44958943966640c791d
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\help\images\3.jpg
image
MD5: b31e4c64778a084c918ff70801c4ec75
SHA256: 0b5f374c175435ea2995e8e1e5e112a964a347f9c2d3c122f1999d44f1771bb6
2212
javaw.exe
C:\Users\admin\C3PollingSupport.lock
text
MD5: 82d552f352ac1494acf9d55c9a058984
SHA256: 51de29e6f0319eacfb25d7f7dba5fdbaf0bee19183e92b12365df0e0a7324501
2212
javaw.exe
C:\Users\admin\AppData\Local\Temp\c3pollingsupportshortcutscript.vbs
text
MD5: 403efcbe5ef1e058fcb66ea198a3b1cb
SHA256: fcafe877abdfff214ea3758c5d73766a463596687a841a61e8a1c4b913df154f
2212
javaw.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\83aa4cc77f591dfc2374580bbd95f6ba_90059c37-1320-41a4-b58d-2b75a9850d2f
dbf
MD5: c8366ae350e7019aefc9d1e6e6a498c6
SHA256: 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
3664
wscript.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\PollingSupport.lnk
lnk
MD5: b84c422bb23d1e43582dcdcfdbe4c907
SHA256: 0dacfb736fc78daf86b203c2fd34afcc4c2ee4e894a0863cb597e83e4ebe550f
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\i386\ftd2xx.lib
obj
MD5: 0477573b89bad0dd5d207b4229f2eaeb
SHA256: d46d12b7ca7799202575e89fac31d07d735a0a7f1750daffbb42011d42337af4
2212
javaw.exe
C:\Users\admin\C3PollingSupport.lock
text
MD5: f12f97069b067d8f875e5b384e32ea78
SHA256: 96400ab5f1e0598f412317c14c9ccc041031c9b1bcd1f36d051c74936ddc9e5b
360
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
360
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\ftdiport.inf
binary
MD5: 273405d922f10b578b6f882795524b15
SHA256: 93f291bcb48855bcf32d4e7b40bff7584067b5aa522350e38a644b7cf3a045c3
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\ftdiport.cat
cat
MD5: 248d025b987ba9f8dd8f6088d55ba34f
SHA256: b04a0e08791e61e005e9a55e13e6f0be5b417ce3b9e4da6c667f4d3cc0787bbd
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\ftdibus.inf
binary
MD5: 9cb69d51d7ca54c49ed02c20464fe832
SHA256: 147a593046e11ce839599c881d47b55b5d66d52a7a8788de2fb9c062caf01e3f
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\ftdibus.cat
cat
MD5: 469224422e9d93a81195a5285f96332b
SHA256: 9db85ad31c44f4e07651205348262f69f8db07d6b4be3c0b505411c211d807db
360
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\CDM 2 04 16 Release Info.doc
document
MD5: 85694542480a9a8a4aca97b2a2bfc8c6
SHA256: b54c10bd1dbd06819c47f703d46c9c483fb46a8279afd744a597075785599c52
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\ftd2xx.h
text
MD5: 3b584f7365b32f928c1a8924d0e1b402
SHA256: c1e81b4b9be73bb1aaf7bbf2d086377c45ea590024417ba0ee60d0f6bb8d46c0
1716
Click.exe
C:\ProgramData\c3\exit
text
MD5: ad80d6c28d0aa8ec8edf7d75f60bdc9f
SHA256: 04204b53b004de5e5b67abb422c0924af28164060821acbecd0e3fe3dea3186d
2212
javaw.exe
C:\Users\admin\C3PollingSupport.lock
text
MD5: 039853310ecef0fe742d3522883b19c8
SHA256: 7daa35592afca306de737865f63ed9c799438e49a6864cf72b37ac6a2b2c6a43
360
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFD3D76843090A4164.TMP
––
MD5:  ––
SHA256:  ––
360
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF668429612504EA54.TMP
––
MD5:  ––
SHA256:  ––
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\drivers\amd64\ftd2xx.lib
obj
MD5: 887417040483343eead96a40c349094e
SHA256: 0cdadbc533243e82f75fd799f6a388c1e42a2a9b5097bee8a0f63146047739fd
360
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{4D7E36B9-BDE6-11E9-9885-5254004A04AF}.dat
binary
MD5: 31ae98efa3162bb09496d2919077b167
SHA256: b3a4776374471771c29eff1be9e495585e401a365290f6ed9e7ebd41011bf251
360
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4D7E36B8-BDE6-11E9-9885-5254004A04AF}.dat
binary
MD5: 229805cf2df18a6b22dd85788b9e0b1c
SHA256: 074c8aaef43adc316279450ca9ae31bf82bb17c98628737572f4430c0c232f9a
360
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF3B7BF9E4DAC572E8.TMP
––
MD5:  ––
SHA256:  ––
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\options.xml
xml
MD5: 60f3c1b956066c8123370400e945c268
SHA256: 493104f12f15309a4684422c3d1b712cfb92c48461bac4b01be9256d30bdb720
360
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{36B22C8C-BDE6-11E9-9885-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
3084
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: 58135712403cbe779c2e2d28fda70b28
SHA256: 7064c816716ee936b706bdf541717b152e2529385848721e39695befe704d665
360
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QFE70X3ALV7QE2YCE3OD.temp
––
MD5:  ––
SHA256:  ––
360
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF1D6330437A751CDC.TMP
––
MD5:  ––
SHA256:  ––
360
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{36B22C8B-BDE6-11E9-9885-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
4080
msiexec.exe
C:\Program Files\C3 SoftWorks\Click\C3_icon.ico
image
MD5: b8f885d0f02ad9ebdddc8474c248f8f8
SHA256: 79b1d6881587c1311d0a290287bada6b070c598d0c6f113ac798d833496501ad
1748
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––
4080
msiexec.exe
C:\Windows\Installer\MSI75D0.tmp
binary
MD5: 8f3b192a04954561256221f7a58b08cc
SHA256: 6d11f9c2acb829c1033c6b8f60afca903a608369960e97b0995f9f7262a5dd01
4080
msiexec.exe
C:\Windows\Installer\3770b1.ipi
binary
MD5: b55329b14ef254f5e517ed8ceefa6aed
SHA256: c5501391023b52cfcdc0b9a257a0f142fec95fe35b82bbf9cd612a26d4265306
4080
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF8C10FC92FA0F3EE8.TMP
––
MD5:  ––
SHA256:  ––
360
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: 46edd791365c230d91143348e8711c5f
SHA256: a746fafae6254626057445cd1070c13fbd7af86f7e4e74b4ca2e7a7288bbce2f
3968
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: 33c3fc932d40c8cafb9efb4ed82d3f75
SHA256: 40648636e6ac599dd0ce88f3fd0e14787e9bf0ff8da89f38423fff2ec6c5e321
3968
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: e849f97b496496ff8aa2ddccabcce6e7
SHA256: ef4721a55df99cc29f23ae73ef6a33567ceb6911517267e045452381f4968402
3968
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: d3eec9e5d954d0939fee7e27851abb6d
SHA256: 0fb711ee824b95f8c503f15a48b35702f8d4b1012efce66db1fef4a64605d046
3968
DrvInst.exe
C:\Windows\INF\setupapi.ev1
binary
MD5: 1da8e9c1da42257542108a357fa63908
SHA256: 4385e2847e1b7d34c156ca985ef12b6089ab283b8fa5ea1143fdf8831dd3dc36
3968
DrvInst.exe
C:\Windows\INF\setupapi.ev3
binary
MD5: 8f761032829fb6121aee77e26dc667a6
SHA256: f83e1592023b7c8f6c15847f26d30770c0a52e6c7304dba951eea437e2737649
4080
msiexec.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
4080
msiexec.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{1b6ed263-d176-4ecc-bac9-0780c193e324}_OnDiskSnapshotProp
binary
MD5: 2a88e0e18c8429c676d2d7b080aba722
SHA256: c4733ad762f04262081c5ba09af86cf4d9f0e64ca4878273e9135c01b0abf800
4080
msiexec.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: 2a88e0e18c8429c676d2d7b080aba722
SHA256: c4733ad762f04262081c5ba09af86cf4d9f0e64ca4878273e9135c01b0abf800
2072
msiexec.exe
C:\Users\admin\AppData\Local\Temp\MSIFA76.tmp
––
MD5:  ––
SHA256:  ––
2144
click_install.exe
C:\Users\admin\AppData\Roaming\C3 SoftWorksinstall\Click\install\disk1.cab
––
MD5:  ––
SHA256:  ––
360
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF383623.TMP
binary
MD5: 46edd791365c230d91143348e8711c5f
SHA256: a746fafae6254626057445cd1070c13fbd7af86f7e4e74b4ca2e7a7288bbce2f

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
3
DNS requests
3
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
360 iexplore.exe GET 200 13.107.21.200:80 http://www.bing.com/favicon.ico US
image
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
360 iexplore.exe 13.107.21.200:80 Microsoft Corporation US whitelisted
1716 Click.exe 162.242.144.107:80 Rackspace Ltd. US suspicious
1716 Click.exe 162.242.144.107:443 Rackspace Ltd. US suspicious

DNS requests

Domain IP Reputation
www.bing.com 13.107.21.200
204.79.197.200
whitelisted
virtual.c3softworks.com 162.242.144.107
suspicious

Threats

PID Process Class Message
1716 Click.exe Potential Corporate Privacy Violation ET POLICY Outdated Flash Version M1

Debug output strings

Process Message
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0
Click.exe size = 0