General Info

File name

WindowsUpdateAgent30-x86.exe

Full analysis
https://app.any.run/tasks/62303f3f-9181-47af-8237-61c40fa1f71a
Verdict
Malicious activity
Analysis date
9/11/2019, 09:01:34
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

f723820b8656e82958fa7ed854a7eefe

SHA1

50186ec913a4896a92d72e5e5384693bf3a71182

SHA256

b2512e0c2786f72ed41559580261c782a13fb5ea7fe23878873f83ecaeeec25f

SSDEEP

196608:JCYrZoYags7mTwGklC0ZLeTWrDccd4sieKCfO7:JCgZJdHkl7ZJd4sVKJ7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • wusetup.exe (PID: 3596)
Executed via COM
  • DrvInst.exe (PID: 3860)
  • DllHost.exe (PID: 2816)
Searches for installed software
  • DllHost.exe (PID: 2816)
  • wusetup.exe (PID: 3596)
Executed as Windows Service
  • vssvc.exe (PID: 4016)
Executable content was dropped or overwritten
  • WindowsUpdateAgent30-x86.exe (PID: 2200)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 4016)
Dropped object may contain Bitcoin addresses
  • WindowsUpdateAgent30-x86.exe (PID: 2200)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (82.5%)
.exe
|   Win32 Executable MS Visual C++ (generic) (7.3%)
.exe
|   Win64 Executable (generic) (6.5%)
.dll
|   Win32 Dynamic Link Library (generic) (1.5%)
.exe
|   Win32 Executable (generic) (1%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2005:06:28 18:55:01+02:00
PEType:
PE32
LinkerVersion:
7.1
CodeSize:
31232
InitializedDataSize:
72704
UninitializedDataSize:
null
EntryPoint:
0x5a45
OSVersion:
5.2
ImageVersion:
5.2
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
6.2.29.0
ProductVersionNumber:
6.2.29.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
Microsoft Corporation
FileDescription:
Self-Extracting Cabinet
FileVersion:
6.2.0029.0 (SRV03_QFE.031113-0918)
InternalName:
SFXCAB.EXE
LegalCopyright:
© Microsoft Corporation. All rights reserved.
OriginalFileName:
SFXCAB.EXE
ProductName:
Microsoft® Windows® Operating System
ProductVersion:
6.2.0029.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
28-Jun-2005 16:55:01
Detected languages
English - United States
Debug artifacts
db
CompanyName:
Microsoft Corporation
FileDescription:
Self-Extracting Cabinet
FileVersion:
6.2.0029.0 (SRV03_QFE.031113-0918)
InternalName:
SFXCAB.EXE
LegalCopyright:
© Microsoft Corporation. All rights reserved.
OriginalFilename:
SFXCAB.EXE
ProductName:
Microsoft® Windows® Operating System
ProductVersion:
6.2.0029.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
28-Jun-2005 16:55:01
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00002000 0x00007982 0x00007A00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.61008
.data 0x0000A000 0x000110D4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0.513491
.rsrc 0x0001C000 0x00000988 0x0066CE00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 7.99967
Resources
1

100

107

Imports
    KERNEL32.dll

    msvcrt.dll

    ADVAPI32.dll

    USER32.dll

    ntdll.dll

    COMCTL32.dll

    SHELL32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
44
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

+
drop and start start windowsupdateagent30-x86.exe no specs windowsupdateagent30-x86.exe wusetup.exe no specs vssvc.exe no specs SPPSurrogate no specs drvinst.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3700
CMD
"C:\Users\admin\AppData\Local\Temp\WindowsUpdateAgent30-x86.exe"
Path
C:\Users\admin\AppData\Local\Temp\WindowsUpdateAgent30-x86.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Microsoft Corporation
Description
Self-Extracting Cabinet
Version
6.2.0029.0 (SRV03_QFE.031113-0918)
Modules
Image
c:\users\admin\appdata\local\temp\windowsupdateagent30-x86.exe
c:\systemroot\system32\ntdll.dll

PID
2200
CMD
"C:\Users\admin\AppData\Local\Temp\WindowsUpdateAgent30-x86.exe"
Path
C:\Users\admin\AppData\Local\Temp\WindowsUpdateAgent30-x86.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Self-Extracting Cabinet
Version
6.2.0029.0 (SRV03_QFE.031113-0918)
Modules
Image
c:\users\admin\appdata\local\temp\windowsupdateagent30-x86.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\feclient.dll
c:\95f2a22b31ec5089dcb17509054f\wusetup.exe

PID
3596
CMD
c:\95f2a22b31ec5089dcb17509054f\wusetup.exe
Path
c:\95f2a22b31ec5089dcb17509054f\wusetup.exe
Indicators
No indicators
Parent process
WindowsUpdateAgent30-x86.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Update Setup
Version
7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834)
Modules
Image
c:\95f2a22b31ec5089dcb17509054f\wusetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mpr.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\servicing\cbsapi.dll
c:\windows\system32\riched20.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\sxproxy.dll

PID
4016
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\temp\windowsupdateagent30-x86.exe
c:\windows\system32\cryptnet.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\shell32.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctfmonitor.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wmsgapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\consent.exe
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\msasn1.dll

PID
2816
CMD
C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}
Path
C:\Windows\system32\DllHost.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
COM Surrogate
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\sxproxy.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
3860
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot22" "" "" "695c3f483" "00000000" "000005B8" "000002D4"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

Registry activity

Total events
340
Read events
167
Write events
172
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2200
WindowsUpdateAgent30-x86.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\c:\95f2a22b31ec5089dcb17509054f
3596
wusetup.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\SetupInProgress
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
400000000000000084BBD8D46E68D5010C0E0000E00D0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
400000000000000084BBD8D46E68D5010C0E0000E00D0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
24
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
4000000000000000D22D2CD56E68D5010C0E0000E00D0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
4000000000000000D22D2CD56E68D5010C0E0000840C0000E80300000100000000000000000000003883AA308A84294EBE2CCBF77A853ED70000000000000000
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000560544D56E68D5010C0E0000840C0000E80300000000000000000000000000003883AA308A84294EBE2CCBF77A853ED70000000000000000
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
40000000000000000ACA48D56E68D5010C0E0000E00D0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
40000000000000000ACA48D56E68D5010C0E0000E00D0000D007000001000000000000000A0100813883AA308A84294EBE2CCBF77A853ED70000000000000000
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
40000000000000000ACA48D56E68D5010C0E0000E00D0000D507000001000000000000000A010081000000000000000000000000000000000000000000000000
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
40000000000000000ACA48D56E68D5010C0E0000E00D0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
4000000000000000A0443FDD6E68D5010C0E0000E00D0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
25
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
84BBD8D46E68D501
3596
wusetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
4000000000000000941938D56E68D501B00F0000380D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
4000000000000000941938D56E68D501B00F000020080000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
4000000000000000941938D56E68D501B00F000010090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
4000000000000000941938D56E68D501B00F000018090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
4000000000000000A2403FD56E68D501B00F000010090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
4000000000000000A2403FD56E68D501B00F000020080000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
4000000000000000FCA241D56E68D501B00F0000380D0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
4000000000000000560544D56E68D501B00F000018090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
4000000000000000E80363D56E68D501B00F0000380D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
4000000000000000E80363D56E68D501B00F000018090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
4000000000000000E80363D56E68D501B00F000020080000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
4000000000000000E80363D56E68D501B00F000010090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
40000000000000009CC867D56E68D501B00F000018090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
4000000000000000508D6CD56E68D501B00F000020080000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
4000000000000000508D6CD56E68D501B00F0000380D0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
4000000000000000045271D56E68D501B00F000010090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
4000000000000000A0170EDC6E68D501B00F00001009000001040000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
4000000000000000A0170EDC6E68D501B00F00001009000001040000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
400000000000000054DC12DC6E68D501B00F0000380D0000E9030000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
400000000000000054DC12DC6E68D501B00F000010090000E9030000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
400000000000000054DC12DC6E68D501B00F000020080000E9030000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
400000000000000008A117DC6E68D501B00F000010090000E9030000000000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
400000000000000008A117DC6E68D501B00F00001009000001000000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
400000000000000062031ADC6E68D501B00F000020080000E9030000000000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
400000000000000062031ADC6E68D501B00F00002008000001000000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
400000000000000062031ADC6E68D501B00F0000380D0000E9030000000000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
400000000000000062031ADC6E68D501B00F0000380D000001000000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
400000000000000032162DDC6E68D501B00F000010090000F9030000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
400000000000000032162DDC6E68D501B00F0000380D0000F9030000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
400000000000000032162DDC6E68D501B00F000018090000F9030000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
400000000000000032162DDC6E68D501B00F0000380D0000F9030000000000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
400000000000000032162DDC6E68D501B00F000010090000F9030000000000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
400000000000000032162DDC6E68D501B00F000018090000F9030000000000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
4000000000000000403D34DC6E68D501B00F0000080F000002040000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
40000000000000008837B0DC6E68D501B00F0000080F000002040000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
4000000000000000E299B2DC6E68D501B00F0000080F0000EA030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
4000000000000000A485BEDC6E68D501B00F0000980E0000EA030000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
4000000000000000A485BEDC6E68D501B00F0000B00E0000EA030000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
4000000000000000A485BEDC6E68D501B00F0000880E0000EA030000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
4000000000000000CEFAD3DC6E68D501B00F0000B00E0000EA030000000000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000CEFAD3DC6E68D501B00F0000B00E000002000000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
4000000000000000DC21DBDC6E68D501B00F0000980E0000EA030000000000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000DC21DBDC6E68D501B00F0000980E000002000000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
400000000000000090E6DFDC6E68D501B00F0000880E0000EA030000000000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
400000000000000090E6DFDC6E68D501B00F0000880E000002000000010000000100000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
4000000000000000300C06DD6E68D501B00F0000080F0000EA030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
4000000000000000300C06DD6E68D501B00F0000080F0000EB030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
4000000000000000300C06DD6E68D501B00F0000080F0000EC030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
4000000000000000E4D00ADD6E68D501B00F00006C0E0000EB030000010000000200000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
4000000000000000E4D00ADD6E68D501B00F00006C0E0000EB030000000000000200000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000E4D00ADD6E68D501B00F00006C0E000003000000010000000200000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000E4D00ADD6E68D501B00F000004070000FC030000010000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
4000000000000000E4D00ADD6E68D501B00F0000080F0000EC030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
4000000000000000E4D00ADD6E68D501B00F0000080F0000ED030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
400000000000000098950FDD6E68D501B00F0000080F0000ED030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
400000000000000098950FDD6E68D501B00F0000080F0000EE030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
40000000000000004C5A14DD6E68D501B00F0000980E0000EB030000010000000200000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
40000000000000004C5A14DD6E68D501B00F0000980E0000EB030000000000000200000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000004C5A14DD6E68D501B00F0000980E000003000000010000000200000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000004C5A14DD6E68D501B00F000078080000FC030000010000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
40000000000000005A811BDD6E68D501B00F0000080F0000EE030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
40000000000000005A811BDD6E68D501B00F0000080F0000F0030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
40000000000000005A811BDD6E68D501B00F0000080F0000F0030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
40000000000000005A811BDD6E68D501B00F0000080F0000EF030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
40000000000000000E4620DD6E68D501B00F00006C0E0000EB030000010000000200000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
4000000000000000C20A25DD6E68D501B00F00006C0E0000EB030000000000000200000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000C20A25DD6E68D501B00F00006C0E000003000000010000000200000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000C20A25DD6E68D501B00F0000C8090000FC030000010000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
4000000000000000C20A25DD6E68D501B00F0000080F0000EF030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
4000000000000000C20A25DD6E68D501B00F0000080F0000EB030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
4000000000000000C20A25DD6E68D501B00F0000080F000003040000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
4000000000000000C20A25DD6E68D501B00F0000080F000003040000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
4000000000000000C20A25DD6E68D501B00F0000080F0000FD030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
4000000000000000C20A25DD6E68D501B00F0000D0090000FD030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
400000000000000084F630DD6E68D501B00F0000D0090000FD030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
400000000000000084F630DD6E68D501B00F0000080F0000FD030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
400000000000000084F630DD6E68D501B00F0000D0090000FE030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000EC7F3ADD6E68D501B00F0000D0090000FE030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
4000000000000000EC7F3ADD6E68D501B00F0000D0090000FF030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
4000000000000000EC7F3ADD6E68D501B00F0000D0090000FF030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
400000000000000084F630DD6E68D501B00F0000080F0000FE030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
4000000000000000EC7F3ADD6E68D501B00F0000080F0000FE030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
4000000000000000EC7F3ADD6E68D501B00F0000080F0000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
4000000000000000EC7F3ADD6E68D501B00F0000080F0000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
4000000000000000EC7F3ADD6E68D501B00F0000E409000004040000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
4000000000000000EC7F3ADD6E68D501B00F0000E409000004040000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
4000000000000000EC7F3ADD6E68D501B00F0000080F000005040000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
400000000000000046E23CDD6E68D501B00F0000080F000005040000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
400000000000000046E23CDD6E68D501B00F0000080F0000F4030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
400000000000000046E23CDD6E68D501B00F0000080F0000F4030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
400000000000000046E23CDD6E68D501B00F0000080F0000F2030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
400000000000000008CE48DD6E68D501B00F0000980E0000F2030000010000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
400000000000000008CE48DD6E68D501B00F0000B00E0000F2030000010000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
400000000000000008CE48DD6E68D501B00F000078080000FC030000000000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
400000000000000008CE48DD6E68D501B00F0000C8090000FC030000000000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
400000000000000008CE48DD6E68D501B00F0000A00E0000F2030000010000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
400000000000000008CE48DD6E68D501B00F000004070000FC030000000000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
400000000000000008CE48DD6E68D501B00F0000980E0000F2030000000000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
400000000000000008CE48DD6E68D501B00F0000B00E0000F2030000000000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
400000000000000008CE48DD6E68D501B00F0000980E000004000000010000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
400000000000000008CE48DD6E68D501B00F0000A00E0000F2030000000000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
400000000000000008CE48DD6E68D501B00F0000B00E000004000000010000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
400000000000000008CE48DD6E68D501B00F0000A00E000004000000010000000300000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
400000000000000008CE48DD6E68D501B00F0000080F0000F2030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
400000000000000008CE48DD6E68D501B00F0000080F000006040000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
40000000000000002CCB86DD6E68D501B00F0000080F000006040000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
40000000000000002CCB86DD6E68D501B00F0000080F0000F5030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
4000000000000000FCDD99DD6E68D501B00F0000980E0000F5030000010000000400000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
4000000000000000FCDD99DD6E68D501B00F00006C0E0000F5030000010000000400000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
4000000000000000FCDD99DD6E68D501B00F0000880E0000F5030000010000000400000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
400000000000000056409CDD6E68D501B00F0000980E0000F5030000000000000400000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
400000000000000056409CDD6E68D501B00F0000980E000005000000010000000400000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
400000000000000056409CDD6E68D501B00F00006C0E0000F5030000000000000400000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
400000000000000056409CDD6E68D501B00F00006C0E000005000000010000000400000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
400000000000000014EB28DE6E68D501B00F0000880E0000F5030000000000000400000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
400000000000000014EB28DE6E68D501B00F0000880E000005000000010000000400000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
400000000000000014EB28DE6E68D501B00F0000080F0000F5030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
400000000000000014EB28DE6E68D501B00F0000080F000007040000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
40000000000000004C8745DE6E68D501B00F0000080F000007040000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
40000000000000001C9A58DE6E68D501B00F0000080F0000FB030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
400000000000000076FC5ADE6E68D501B00F0000B00E0000FB030000010000000500000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
400000000000000076FC5ADE6E68D501B00F0000880E0000FB030000010000000500000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
400000000000000076FC5ADE6E68D501B00F0000980E0000FB030000010000000500000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
400000000000000076FC5ADE6E68D501B00F0000B00E0000FB030000000000000500000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
400000000000000076FC5ADE6E68D501B00F0000880E0000FB030000000000000500000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
400000000000000076FC5ADE6E68D501B00F0000980E0000FB030000000000000500000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
4016
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
4000000000000000D05E5DDE6E68D501B00F0000080F0000FB030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
4000000000000000CCB554D56E68D501000B0000980C0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
25
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
4000000000000000807A59D56E68D501000B0000980C0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
4000000000000000807A59D56E68D501000B0000AC0D0000E8030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000CAAB2DD66E68D501000B0000AC0D0000E8030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
400000000000000000F2E7DB6E68D501000B0000980C0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
400000000000000000F2E7DB6E68D501000B0000980C0000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
4000000000000000D004FBDB6E68D501000B0000980C0000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
4000000000000000A0170EDC6E68D501000B0000CC0E0000E9030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
40000000000000007E5128DC6E68D501000B0000CC0E0000E9030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
40000000000000007E5128DC6E68D501000B0000D00E0000F9030000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
400000000000000032162DDC6E68D501000B0000D00E0000F9030000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
4000000000000000403D34DC6E68D501000B0000980C00000A040000010000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
400000000000000046E23CDD6E68D501000B0000100F00000A040000000000000000000000000000DF90DC5610E8C24B8A62CD3BBF0E43540000000000000000
2816
DllHost.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
400000000000000046E23CDD6E68D501000B0000980C0000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
3860
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US

Files activity

Executable files
157
Suspicious files
7
Text files
80
Unknown types
25

Dropped files

PID
Process
Filename
Type
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_it
executable
MD5: 55afd9b62119f2a93b8181f48c25195f
SHA256: 8b6bebc9b8f907b93de7b269a2ba378b76a4ec6edd95901aa1b20419a69a4e91
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_hu
executable
MD5: 76d4326f6da32c1cd4693c0a275a0e0f
SHA256: 6a88af1b01541ba5dd5fb1ee176f036d354a7014878ea4012accd4d397fbfd54
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\de\msxml3r.dll
executable
MD5: b9ed34dec348a4b1edd9d30f61bacecc
SHA256: f86d8e8077ed5a1c7d9f5042d99656417f3e44d0a8f5f7431bee402d6e99edf7
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_es
executable
MD5: 23e8fdb06ca263a15c2fb18908305e98
SHA256: f0607189fc3bb4320c0b57ee7e28a3a4786390623e32dd8211112fa9b5009ca4
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\fi\msxml3r.dll
executable
MD5: 14ae0224b64eb3b1cf583f5de9d868bb
SHA256: 8f9caf687b508ee835851460fa49fbd2e75a968a2cd6c990a1bfc641399f6910
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\cs\wusetup.exe.mui
executable
MD5: 5ccb8a406f22c1e99070bd8b4340f2ee
SHA256: 7375eadd6aa259ad56763ef92e75d26d1ec179228493ee49b731228dbcc7689e
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\es\wusetup.exe.mui
executable
MD5: 5603911e8e0c185f391c2470a954a858
SHA256: 79f77d3f7878dc32df96185d33c8a5e460d0472e4e560f617e1cc44ca9d2cd2c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_pt
executable
MD5: 0a2fea50e4d258a5b923b5b34ebc3f1c
SHA256: 7450a7d554b2aeabbd01c87ff0b37101e52c828c44a34f724056b4704550c82e
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\es\msxml3r.dll
executable
MD5: 363f1dd9c77a27859c20174d617c3a3f
SHA256: d615c6bbbed70760df1b73c07bb6a8cbdf8b5add23e93341aea7628e8dfedada
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_ko
executable
MD5: 30de2858a5b66551d0c3861773f22580
SHA256: 48b8f656c81341c5eac6ff271c84e9b01f40907e3754bc847921b157412de092
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\el\wusetup.exe.mui
executable
MD5: bae2803b2478777629a940a3144eea9f
SHA256: 72d1d34224f1561dee673ef66f4ebef899f335bdb30cd1e3f32be9cb2ada06e1
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_pl
executable
MD5: 7378124c5858f35a61a0dade425dda15
SHA256: 9d262ecd774155862aaae60ad45b3cd6cd5752bf271569d4946143b1aa2e12ba
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl
executable
MD5: 37bf196917fa0c591bafcd7949524ff3
SHA256: e581aab156fa68c1c4fc45f15d279e585dae9736feaa05a0a5dac207c7c09c88
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\cs\msxml3r.dll
executable
MD5: cc2cfd223b1a6ce92b505811f521801a
SHA256: a54ad2ad89786d73ddd449ed49a9bc163b049b3c59bc2515a86ae1e53d47a9c7
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\en\msxml3r.dll
executable
MD5: 572334e13e0d4c8a2986cca2a736dce5
SHA256: 188147d153843641521993fe9b8addf6d6338927e9c0ee041de062f9900a8f9c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_fi
executable
MD5: 09a565e20b5c4fcd0df40d69014d4507
SHA256: fc61da2576f4419fec8885e9e0fbf38589adeee274492a0e8d2925ab5a8e6560
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_de
executable
MD5: 02da0d1276efafc3457db188ae336b9f
SHA256: 53da983e44ee4a4cee208338e386b16f0b0afc893d942f4360bf2f6694001eb9
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\el\msxml3r.dll
executable
MD5: 3d3ce937e5c9b158a17135569613fc97
SHA256: 36392fecd8f2704afb4798443ef3278a1072726e8236ebb91c746979e939a119
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\en\wusetup.exe.mui
executable
MD5: d8e96312dfce0658561127d33f2fa8b6
SHA256: c8712cf175bfded306cd02e7e9138c03d11d4278da69147620715adc3ae118f4
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_he
executable
MD5: f7a158d5c8375bd8e9404b945a631515
SHA256: e7d95b2e8a19a366f2ebf10f71d9dadaf746c6b14dae408ba4486972505fd107
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_zhcn
executable
MD5: bbc5021194d08274c9d81777f48bc329
SHA256: 9e226efe03c0da551988ed9ef312fcbf23e7d981e154dca09ea6b6ab1eb0887b
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\de\wusetup.exe.mui
executable
MD5: 0792740d3815595fabc60e7f2f557940
SHA256: 4ac29a4022075e8a7b2afd82db7a42ed24fe58a951af294f1f4d59169b29df89
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\fi\wusetup.exe.mui
executable
MD5: 9db4042798f04775e0e4b428f30d74f0
SHA256: 792db50ba87032c3701cfc39dd630c94f0cf0aaf95d1d5ed2cba47afa9c32345
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_nl
executable
MD5: 64a532363e05a61e9865ebebf6ffdbd9
SHA256: b9b22ec4a4389628710c229604834dfb53bc9f3ac4f713ff7aace8c95010a0ec
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_da
executable
MD5: 58d59d7d0e87e1f94e0b0e52a8b3b8c9
SHA256: eb5279069c77e1bf35e334f7b414131ba6cfc47b5f23a86d2c55adb82b4cdcbc
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ar\msxml3r.dll
executable
MD5: b865f1b2c8101a8438340e3108c91262
SHA256: 89e47c73ae778599dd371ad6239f8babdc656b497fa31a866d2cbebff1c89a0b
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\fr\msxml3r.dll
executable
MD5: 8535a075efd0e12ea617a7731f8b0715
SHA256: 959b56c419efb2cd6af4e4a412fff418932fd3bd931fa24f64d2f77339dc0e92
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_ja
executable
MD5: 6301f1c11b2c6fdf16ca0cd52f5c4a05
SHA256: 6292fa0b6ea20c1bc516cc8b8231dfda9d510bd79e1c7d41eb78ddb083723bef
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_zhtw
executable
MD5: 95eeb7c4d96270e255a518cae8de49c1
SHA256: 4e4196681013f1185af0605c0d31e5d83f8b754e8b4259b32e590e2de41c1d3a
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ar\wusetup.exe.mui
executable
MD5: da55a9c3f1066ef59395bc908a65ddfc
SHA256: 8ed7f9320fc4b52b7ddb2554eca67e676f5d8aa3681470b38405cf57821347d1
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\hu\wusetup.exe.mui
executable
MD5: 650702de7e2ab2dd952518c4a9bdddec
SHA256: f455fbc1f51e862ae326173889d12461273b79043899f13bbe3273b85fb97f4f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_it
executable
MD5: 045136d81d4622606827e15b330bfbb0
SHA256: 704719ad67c8e4e239459a7894570d66dcd2dcaf61775cf616cec7dc580be215
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_ar
executable
MD5: 2ea2d35eeb00cf8d89fc167477fc42a5
SHA256: b5accb650bb46dfe356668626d4312264788e40bbcd6f2bd210db11eb8efbc3a
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\da\wusetup.exe.mui
executable
MD5: 4c3f53e4f0ac58e5a2276479b52905b7
SHA256: da5dfdabb0af7032524fd88960cc8d7f337af96dafecd4a648f536942b02cc98
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\it\msxml3r.dll
executable
MD5: 03672518e79206ee57cfb314b07d2fb9
SHA256: 16e363db8c4d475fc71093a8841aaa61e1b01f1ceec7b572707b66474de3e8df
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_sv
executable
MD5: a551930d1372c5f635804ba3cff48662
SHA256: 099dfb7a4c7ecf74e5fcbdad72014ab191d927d538ce2e37f3f736b37103b7e3
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_tr
executable
MD5: c2e338df4aeff095aa8e3ab186dfba37
SHA256: 2428f5072c1461b54a40a6b274215b155ec16ef357502fe81b7b84e13ba74619
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\da\msxml3r.dll
executable
MD5: fbb99ef22db4e5a7113e84726c451a18
SHA256: f98ee40e7bb5a8c8a0d8e5c2139c2668600c77a36b4bc0d8ab9dd0697d52cb1b
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\he\wusetup.exe.mui
executable
MD5: fdb79141bd3ee5ddfb814268ce1a3554
SHA256: 79012f64dfdcef4fcbcc09086d86f271320c56a41b3ecefca24e5932c04735a6
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_ru
executable
MD5: e7fde721eca7afbb17303eaff95cd799
SHA256: 2658148611a1db787eef16fd29b745047346a1b4f87ef740246b53d420bb59fc
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_el
executable
MD5: 2b8590d2224318e6fffe437cf6bc72c3
SHA256: dc7b8b4df2c8862a008116bac7120439a562be1398c72d0e0ba04fd17b6f13ca
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wusetup.exe
executable
MD5: 98490b58355574f9e86364def2ca3413
SHA256: 576db32e52c616ba8ef845025adfd1de882d7b8cbe3d2fd8743f77dec41b950d
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\he\msxml3r.dll
executable
MD5: 859293b895d3bad9ca48ac63f3d39977
SHA256: 7eaa6b3ff1c710445f8db575171d4d6a4d00c1090b6c9826e2c0823ed3f0af9e
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_tr
executable
MD5: d4898022fa33cd07dd1c955bb49e8e4b
SHA256: d3cd5825978d42b92ed0954b9c4198de8220f6e8d918528559ef45fc4f57e6c9
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_cs
executable
MD5: 2901987a78e9a850c50b2f5a13922169
SHA256: 6974b6846cf4f59b226b22469c40417636721533dccac4875a956f9347fff8ff
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuweb.dll
executable
MD5: 033af4ce25b6d871f0de2c982658e049
SHA256: e3112c1c5f2663bb991650a4d047b13ebd3b5305d2eebc5f35fec513d1e091e2
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\hu\msxml3r.dll
executable
MD5: 0d7a49e50e64e06bdaff4bc7126a292e
SHA256: 40235450e3bf47a1fa2bd9bfa309fde8075d7463f4769f814960e5014ae973cc
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_no
executable
MD5: 924d75e8a3ee7c6671d3b60d7aa1c028
SHA256: 4c94e648ff0db99241b1e5fe9f64ba7b874c27da6eae76e88cf8dd3358cdc6d0
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauclt.exe
executable
MD5: 62bb79160f86cd962f312c68c6239bfd
SHA256: 2fa2506b5c8b4469d2b36c803cceac15e831c3f8a4af065aca72da8f385f24c0
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wups.dll
executable
MD5: 1d326842006c4be77ecd848cf89f01ab
SHA256: d79ebba1184ddf1c0be3781ab8490faf3baca26d2a062a4c9a6debc348f9b827
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\fr\wusetup.exe.mui
executable
MD5: ec42aec322a249232e6d4b4fa1868e37
SHA256: a39009b79fb9ec9ed5ff6da5cacbced6c5ad3dcf3d9180737da02e6bdd531de0
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_zhtw
executable
MD5: c0202b86adf4968ecf417095253a04f0
SHA256: cacd07039f3708ca895593b0e138676fa82a73909d4efc364dbaca7f6336d9b1
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_en
executable
MD5: b63d7016211f2323bb5b4ff1f8cb1cf6
SHA256: 8a3f6b2698926b51bb02fcf873e08355c4380d331cb32c47842210dbc52ae0db
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_zhcn
executable
MD5: 2474c9604ffedfb9e73d357a92106628
SHA256: 45ae212d37f62574659472a6983a3e7a5f82b0a806062c276fb4e6e5455ae8eb
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\it\wusetup.exe.mui
executable
MD5: db7e81b1321df0978f8591d8e287fdb1
SHA256: 6f6647d37464f5ec9fe7fe74f7805a8a6c2c874c3f04dc51579ed91ff7ff92bc
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_zhcn
executable
MD5: 33b98df1c9db760d33842a7af27451e1
SHA256: a0ea78a76dcc4ae4a2c2159ec2f928cc96a5ee45edfe5a91dd16e25627c59398
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_hu
executable
MD5: c3b4ba2f61ec175253932f85902ddcf8
SHA256: 377ccc99f7c638c3f899fcfcaffabd2ef64a4c1b9c91602b63dbe69f8b6b2921
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_tr
executable
MD5: 773fbe039720462412fa382467e7be59
SHA256: 9f393466767f7b6fa544b720c149997a52c02dea1ce7314c8c1c1003dec744c7
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\nl\wusetup.exe.mui
executable
MD5: b41e8f55d6bf30ccb3d28a79c8239335
SHA256: 62066901fff646ac8de240b280955b7223d03420f33202829ed773cf81150dda
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_ptbr
executable
MD5: 94fd7134a543e46f8b857dc981d912ec
SHA256: 4681842a9700cf0b4b3110d73c6e1bf6ca6ac34f1897e4e408cd16a61e05c166
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_ptbr
executable
MD5: fe54072148316e51a939bc66533122ef
SHA256: daea45bc2fd89a6debcd22e7658e8b07cc61dd31ae187eae6d26c2723df14578
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_sv
executable
MD5: 7d4e35334b31a4af47bff2f6bd7049d6
SHA256: 9a455c20ee44fe285d330635e689985e430f46de8b099fd8009ffcbe4542578b
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ko\msxml3r.dll
executable
MD5: 73772caaeeeee0a057d4c9e861a2eb0a
SHA256: 55973f9c2ee321c21e9a6adfc9248ca497ae219fe0dd4ed787ae3bf8d18b69c2
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_da
executable
MD5: e245850a1d9411ff72f0f946fd80a4e0
SHA256: 5bccff5232bfc962de30262adbb5db1f3b59b2c00ca94d9f61a31f0fb8910a01
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_ar
executable
MD5: fcd9f6a1575f561175763cf5baddc68b
SHA256: 57d7e569464ffefdf9baad3f90fee6f29caa648eb1513a72ca1c87e8c8a4e35f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wups2.dll
executable
MD5: 5bd1234e11b39c63bba87022af6d43c2
SHA256: 4306b6f88bb42cdacb6bf691b94dd4e621ee856d4a5d3a95499bcc951686d626
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\nl\msxml3r.dll
executable
MD5: 8b098f9a1c8de260ff141da237ef15d7
SHA256: 51b0fa31c7e6d24b4a199a13ed7625e391fa56cb54da7954a0e78d43af4c75e1
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_ar
executable
MD5: 7718037a23ef0305fde20c954029a963
SHA256: 1ae61021d3e047416b7da9302ae03f5a3215d0b11520f142ff9c05a6c1ba41b7
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_es
executable
MD5: 6a9198c1916ce4fd1dc4ac06832a955b
SHA256: 16fe1153a2fba562ec7ffdec9b9f61a2a9089ce9bfe56ad0b3545b598274368b
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_zhtw
executable
MD5: 19aa01048be4316ce068f2faf26c20dd
SHA256: 37909fb992521e6ccf1ad947f0019dc3fd1b52239246cbbdd8fe94e73af12654
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ja\wusetup.exe.mui
executable
MD5: 844ada518d96a90cf603bd2bdd516903
SHA256: d1dea6af61d7ff79605416bead7cd89764b1bc6bebf5f4e1a898372877ee1beb
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_cs
executable
MD5: c3718b449f0300d68cc0a7c94c15e08c
SHA256: 58655d77ceeea5e2cfa372c80f4f41eab659ca665558037a56cb2b33a54a8f6d
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_pl
executable
MD5: e41af7078955fe69bd992d62a8b539be
SHA256: 79ef15f750d97f6563f38069244afc4f0565979da0230304d1ddde0c0505c91c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_hu
executable
MD5: aa7e99da3ecec7dfb425f094cb0b9f4e
SHA256: 832e12520557356f6ee8e039bd51025a40a8e1d47c27cd92dc22b89db65ad440
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ko\wusetup.exe.mui
executable
MD5: 6842049fe623b8304742253f32eee92c
SHA256: 639902c9c627e20eea44a1845c1253c3d54e25ca77af2a2059810af7ec071732
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll
executable
MD5: 6298277b73c77fa99106b271a7525163
SHA256: 9e076697f025167b57d8d66ed0862b184d70324e058bfa36e42d0c6728720b31
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_pt
executable
MD5: 94e2e51d50b7b457b4e000329646128d
SHA256: 35bc2ad0b1a97987dbc31bc16a938dd9e03c3ac9cc6ac2ad87edabc05d50909c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_ptbr
executable
MD5: e5561380871891a4c6c88eb1a60d30d7
SHA256: 638dbfad77070806d14fb53120766a580cc9a9f5b41362805fa20d1f4dc03afd
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ja\msxml3r.dll
executable
MD5: 28062f5e4bdca6f0947ee8a3b2252eec
SHA256: c72f3196f449be09fa23f5c6d1abe8a6e814e17684ca9eddd96de08326f12c8c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_he
executable
MD5: f83595a64c6eefbdb5b547335dd383a6
SHA256: 9d76546693caf7793aa63a89bc56228a87242bc4cfd8691f23df34357d006448
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_ru
executable
MD5: f9ed425eb81957b7be866c8604ff462b
SHA256: 2e24e44df1f129481ca37028be274835991089e5f45c4e8e86a612878b1ff7a2
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_ru
executable
MD5: 8e0111ea5dea70110940e46aeb3d2e6e
SHA256: 24ce656eb384761efef4c6d25a81ada3207241b818fd27e06395b06b77a81356
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\no\wusetup.exe.mui
executable
MD5: 4f7a15f256cd3cbfede5c1087105f8d8
SHA256: d6d013da9cc2500f32481191b3c4bf7e927c0bb095c9d916ff158036e15e6366
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_pt
executable
MD5: fc2c7332d6a7b89009d82cf822e6ee03
SHA256: 25ea21f8a3b656a6b94d5225572d9b5fc20c0b024949b599f77c55413fd6e6b6
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_de
executable
MD5: 5ce0c6bd83aff5604254840d9a109ebc
SHA256: d752c3a68ad1d59a8eee0ea526e11cf2764f362eb168f90768eb5ccbad9b2767
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_fr
executable
MD5: d00c80b228838df9e2a38bf38039e682
SHA256: c82262ef22eedf54c0f48d2bef18409017d6474d7db884c8374f17dcfa77ba58
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\pt\wusetup.exe.mui
executable
MD5: 8f3882bd91bc8633ead6380624ea8493
SHA256: ccf787a8f1cbe01657d933b8540d8bcc1a03fee59a22f150ab92ebd85d9fadc2
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_fi
executable
MD5: d8067f01790eba49c4ca36583a2e26d4
SHA256: 5a68c12c52887a06d4189a465c2ba127ce29fac8a315a166a062e6c85e596f16
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_no
executable
MD5: 223cd969a9531512ef4ac7edc71dd95f
SHA256: 54dda898bab3f164aa0c07fd311691c53157ee7b7308d627cb1904b6c599d265
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_he
executable
MD5: b199e2b9dcd3f5d3d0f30f5ce1519d98
SHA256: b9f9ba6bcf2599c9c46a6cab90ff49e706f1241b7dc01b14b5c820f115c6cbb9
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\pl\msxml3r.dll
executable
MD5: 99b519a35de2380d20eee16e7a8bd9fb
SHA256: 7025bed24a6428f3e9758760c04cdecca599bac0f570a3fb64b5e77b06cd838d
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_es
executable
MD5: 3ce09d1ad0dcefb3ae22a1afe117156f
SHA256: e25f19caeb6e016cd2988f7045049001e25b7732e975c9154e7629131f7f43fb
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_he
executable
MD5: 010ba2dff88b257355d7f4a90210bc54
SHA256: 674a6c2b8d903f5587e93a542ca2ed7ce691c73865225b92957da4eae3f56e25
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_ja
executable
MD5: 6392235cbf492bff4f4704d8bc59be09
SHA256: c9d4f16a0ba301dde9ebf0aa26d830e106026e8add21a1f5b73eac6beb6a889a
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ptbr\msxml3r.dll
executable
MD5: 45c504fdf96879f70747b56d395ba652
SHA256: 2fc21a9168361fc6771a3d1918dca3341d48af20979a6f27f0316854e4ede2a7
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_nl
executable
MD5: 6ac4100da68ac735ca4a15b42a30905d
SHA256: 390304207540e2d85efefc8182c824165c86ca8a062c55de074ed135065bfd38
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_it
executable
MD5: ed704918b8060b4d565dd20ae0e27829
SHA256: 6166c55a4c8935d2de86ab448fee6cb8d749f726b0800833f5788c750a593425
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_no
executable
MD5: f1303fa449536512536c4e0d9d87d74a
SHA256: 8a512a3d13335b78e01040e8bd24a00ddeca55262ce4643388592751c9249ff3
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\no\msxml3r.dll
executable
MD5: 553bbaa9861a6c27da6c19f95486c3ce
SHA256: c4ce4c30871a8b14d4fe64ee4d0a013bf4f31ee1aaaf06e9f0bbce1f244d6ad2
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_ja
executable
MD5: b4709492ecce614c5eb38d1d9358a54f
SHA256: 1b188f7330a9bd88e260596e3cd171a002f08a4b4d5d861ebd90e55b6810a2ec
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_ko
executable
MD5: 4af16dd006abad28477d0716ea080743
SHA256: cd8a5d3e223571d1e2b2d7e3a1e04f5f1cf4ed7133419cae459d6217bf40e2b5
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_nl
executable
MD5: edb121bc9b220209a3a2e151a4cb9fc8
SHA256: 4a58459142e01fe874a986b82240c6c97ebb600b01e67e5a7f0510651517687d
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\pl\wusetup.exe.mui
executable
MD5: a86c80ff1d79c6d5cc0ebfeb6db7a6de
SHA256: dbf95c2dad132fd93a526004e6d99754d72a54c639688fb32af680eb76dc22a7
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_it
executable
MD5: 75606b4011da11d377637f0c73416fc4
SHA256: 71ab840a5c3689d2fef8ff4eee0827ba409bae606f433c12044b6debc3dfe794
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_ja
executable
MD5: ed949724f55b276b2d7b52735d39e73f
SHA256: 4e49d66d6eaf2b2b92cf0a5d123e94fec57eaf9a20776b8774f97827007baef7
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_pt
executable
MD5: 427104c5b57d8a21ef09107e6b682855
SHA256: b6dd8c02763518590ce7d641e33bc1fca7ba3690255a52af200993f38cf3ba5f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ptbr\wusetup.exe.mui
executable
MD5: dc42b8fa091dc9fb450215343d501fba
SHA256: 41ab85452d0cb9ef330dca50be6836cb1b1580bf95afa194efc33897a3216c1f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_en
executable
MD5: 8b62dc7855287089dbe9ab25cfb50431
SHA256: 6b03df6762203adb1d7c634bfa88844302ca22b823e76ecd81aff3bb35e9eade
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_en
executable
MD5: 52cf3b23095c47043fc060d9f1a74d2e
SHA256: d33206182504c9afc64b7a7f3cd0574e3c1f79361d0e459527fa4f788f666401
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_pl
executable
MD5: d85f2bce4d2308556b88f7d20989c239
SHA256: 03f588742a3da94f9f107909a29f43a5d0a526eda3bca02f528a600ab618e2a0
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\pt\msxml3r.dll
executable
MD5: d9984436ce76a1ca8016f53b6e9a56db
SHA256: 1cb15bff9ef1c0c9f246cce0b1c6d1b7e8028eaf7b0615704613794b3644a154
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_hu
executable
MD5: 4f7613656173a3075b664d254bcb155a
SHA256: af397d0393f4c7a9129a4b255476f65111cb8f34b9d2404935806b74d9bf82c5
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_nl
executable
MD5: 7442fb33405e9b4e4967ce8f97129521
SHA256: 239077eecce3bd805a87acfbaeaa4f5c1f74c224e81ed40d638e90f244144bea
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_ko
executable
MD5: 633b6523abeddebef405dd809083d1ce
SHA256: e2f83dc062683461e74403a389b631b167838d6ec4e09a432b232d3260925b8b
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\zhcn\wusetup.exe.mui
executable
MD5: 19e974645b0114aa0f837a402b997e5c
SHA256: 933c89f1cd699b9ad10d46c611b693265d851b74f43796884e9260b1bfd077bb
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_el
executable
MD5: b0f5d10bc648937f8abf4008ef8b3f3d
SHA256: aa03228920ae8526f1b009c428fa7eed775f4995460b5a5ed576aeccf06baacf
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_sv
executable
MD5: b2e2797120a0ea6efa860163ab8b414e
SHA256: bbd6ad09ab6101a00f42fd1cd2a85807538e7de52c48d293ac3760dca47fe705
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_fi
executable
MD5: 6838f2228d6b50e326d2f9ee55f61c39
SHA256: 6fc6ebda3bf705ba07eaf1019b29f446d4f4415d1afd9377ac625b1cdb1eb18b
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\tr\wusetup.exe.mui
executable
MD5: 65b4a2b165d7c0a629595b5bf7712abf
SHA256: 113bf5682e47d57c959955796ba5484e67ff4dcac32d5d3dca9816bfd6d6b936
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_no
executable
MD5: c6a80592e317fbfc75dfd2353d798f32
SHA256: 916f3090b419b9b3bd766f30ae7d4d4b4eed3a4116d1c01201239bc9f9821069
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_fr
executable
MD5: 813c46354d3771e829b5350611b3f2de
SHA256: b0acd1e2968f84d2128bae0cb304b0d4fa92bd45e98f8c64cf5eba0aa5523ecc
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_da
executable
MD5: 0006827e4684d6dfb6c00e6ec440e3fa
SHA256: cf9f7be1e179d9871d8fd76aa95383676837a31598d8333392fe0dbd829b5031
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\sv\wusetup.exe.mui
executable
MD5: bb647f7d846f3aab51b59a75d843268c
SHA256: 65ab3574676e8b40d37b85e21071bd3ad50d72d82b87d4aa864d2fb44e217b72
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_ru
executable
MD5: ebfd9c35702edf64907fb0b3c7a32862
SHA256: e04c176cd0d71a722c0227e73fb349345270dcb55b546757acd65246d3345266
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_fi
executable
MD5: 7566307c21a344fddbb52b407a5d410f
SHA256: d428743c5e7258b60903a1ac27962d8fca4f3e8d2391f5a36bf49664b6848670
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_cs
executable
MD5: 6be627a8b79e8202f2e46aefc8adf6c9
SHA256: c0d5ed0ab05f39ed4f37e70b740069a84e4a78b22963d474ed117f3e66d4de42
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\tr\msxml3r.dll
executable
MD5: 85c7cee6878fedae559eb30c9808f2ef
SHA256: c69126ecf63bd9f3dc10ece4387c3dbe6f6f552ea7f113666137d2b28de5d3d7
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_fr
executable
MD5: 37a2f64e1415e71d5df51e567cfa3221
SHA256: 06ba20a349d96702b3683ffd9beead3f70e689885f695154e66a9344d51d6751
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_de
executable
MD5: 4d8e7e2aab4dc36e3c4e91e4cd5f020f
SHA256: 49f4698bb700b07f351f5a9ef89aeececc93077d5cfb5ae7fd72f4307f69eb18
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_es
executable
MD5: a0af00ad1991381d62dc5f1a53097ed0
SHA256: d90fec08cf824301c007583cce63ca0b3cf66cb12a44fb7840360d19497e1911
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\sv\msxml3r.dll
executable
MD5: ce9666fdd059654ae4740fcdd1b4a16b
SHA256: ba41208cd4577b82b3a7a54732f9358bba312c548a75a5a09ebd4196636567f4
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_ptbr
executable
MD5: 1bcec62b129a6e0bab042a5387da6319
SHA256: aadf417aa437ad32e5c5843a1e5093b0dab41e4b9e21719b26b4d0ab658877eb
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_da
executable
MD5: 966ca3c3f82c2250c8013b30fd9c343c
SHA256: e4f08b0bd61f7040b3626118bd577a96f9351ac71edd4865f940f4a9d21be149
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_el
executable
MD5: 6dbaf9a370444bd65ffe8d60bd248459
SHA256: 54b90490faeb84087ea73203e93f0d01e7576460178d787abd9a1485c00198ec
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ru\wusetup.exe.mui
executable
MD5: 11759e4a2dae643f6dc127649b095464
SHA256: 75c26cc3558199d32bf786cff8045d88e8d1fec1621bf8fb31c5cac1e7a007e9
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_ko
executable
MD5: a541838a4006ccece7e0997e24c8d824
SHA256: fb08ff79a768782716ed0b208695926b056c3842e18fb6de7a5a7bf508e242b8
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_cs
executable
MD5: 5bf1513cbbc13bec47aac5ddf4a69fdc
SHA256: 5f39e907fc7b29db086cf5b33df23ced1410f1104e904b1d98635a875e826db6
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_en
executable
MD5: c2a03905ae2dade0fa91ff0c26a6421c
SHA256: 298a1fded22759e2552d428da1c467b08702b157942b1a1d91bce76b10f8f517
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ru\msxml3r.dll
executable
MD5: 0d59e8b72db7455db9cadb56fddaeec2
SHA256: 4707390fa30733d9bf95846809cdc92d155b28dd1c655afe4634d4377e89ff72
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_pl
executable
MD5: 6f26cd930d33755003e4a812878d987d
SHA256: 11049c999a6934f8b96dd3e693d3270e49e7ab77450be199808c002c1091d724
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\winhttp.dll
executable
MD5: d9cccbca7dbfb45d91fcb6faf3b9ac08
SHA256: 4e0c219b0a0c7399fbd3c0728340becf159b97035d4da17be1e5829a093b027c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_de
executable
MD5: 5e2a96635f0f6c4ce7303fd1fbead4cc
SHA256: ef15a409bbb0729777d69798dc7ab047a09f030cdced4e77c2b45b0355effe0f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\zhcn\msxml3r.dll
executable
MD5: 7010d89b083c6e252ad781793daa5cbb
SHA256: 30f80d16e911417e961fd6c2a5b3f3ad552831dfdb2f1ba97c325cfc048b8b76
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_zhcn
executable
MD5: 314072d24f14baea13e246cca9ce08db
SHA256: cc91f650759b42180326f143620dae0c86f89ce3384f572955fe405f727eb80e
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\msxml3.dll
executable
MD5: e7a3fcb568797785750308dd6db2bdc0
SHA256: e56faac4ea3c7c392fde178851599ee4df244b0af743f8d2239eb093704afa71
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_sv
executable
MD5: 0624a76da158b8999d1c67a04741c8ed
SHA256: 7950dc8e7e8d3e0bfe25c93447884f23b6b36abcd50cf2cc8a089df318be1074
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\zhtw\wusetup.exe.mui
executable
MD5: c39fc76df38448aa262263485278a0be
SHA256: d59ee4da36830a8c7cdd3e838d9c8991290e229d84f0745f5ced064f9c68cbdd
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_zhtw
executable
MD5: 197a2708bb370b2cf12f2b5b61002aa5
SHA256: 496621f4224a21a2ec98a1faaa35402ebbf026668a19888d99cc47767ea9fd0b
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll
executable
MD5: 009758cc06b7f55b4a4d16a66e243c24
SHA256: b3993d09584736b0fa80839450b1a4f46c6c8fe393ce25ecb0b51ee9545b5e55
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauserv.dll
executable
MD5: 02e4055488047729b333f99d93877038
SHA256: de0c57ae8b828537b57d9eadedee3aaebe5484a6c5a3fbe827f80987cdc0c5b2
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\zhtw\msxml3r.dll
executable
MD5: c8e8f0df2fe68dacdf303e4c15e7df58
SHA256: 7e87f2a52ab1bb217f41aedc1b5058b14352499584960ff2af43f9481439ce90
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll.mui_ar
executable
MD5: 958ea4ab9b636e83283c15fe81492acf
SHA256: 098b5b5c5d9fd988e84fcb9237a20c35d6deca80153b52416a6de0f832826636
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\cdm.dll
executable
MD5: 5627047f35ea56a7ed8e513434b45d6c
SHA256: 1a055c9d9c99da731ac2f4aaba13b28abd1cc6e45196fb52298b6164d907a9bd
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wucltui.dll
executable
MD5: 39aa47a1acbb6a92bf875b535eeaf911
SHA256: f3c9c563ce26b9973689d154024a1b7bfbddf6376bd3e0ae49b77d68741c7a0c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaueng.dll.mui_tr
executable
MD5: 2dd3680bf95f7cfe64dd4b9e41093493
SHA256: 92965b5ac43829094184aa0fee605afb9d0f7e0334eb246f45a1a2e51d4a53bf
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuaucpl.cpl.mui_fr
executable
MD5: ea1e84f2287f744d5cb168f7a94bf6d1
SHA256: 1edd47ad381985fd8309673b2265a21204b1a988365b1fd761be6cf8bb306cee
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuapi.dll.mui_el
executable
MD5: 9b5bb7ddf4bad4b06138448da6de89fb
SHA256: 72ab1b6891b08d1cc781e58f0cdbe11c7df34942b241e34ee165224f4c6ee422
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\tr\wuau.adm
text
MD5: 314a89897239301ca9db4571dfac9e30
SHA256: e64d549a7e669f7e44e76b5bea11b6895113077c2b7592e6f6819f1c297631e4
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_fi
chm
MD5: 715e36aa6dd31f874b4f2d756ae34fb3
SHA256: e7237733b7301e7e1202c6949b62442ea4edb565d87b2dd1004dd6ca37e0001e
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_cs
chm
MD5: 72707337f245faaef4f018e2dd47b902
SHA256: 9cf95240c005e3fd8b4400bb1358de45595d60df3354805047487510201643da
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_es
chm
MD5: f9c792ff407626626995f2cacff97dad
SHA256: 88a757e6b474450293cbf30a0952720538a46242806b6e21b44c1f6e848ab626
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_en
chm
MD5: a88a092b049444329b9c3f421b81e2fa
SHA256: 1bae17ef43a7b9ba064f5170a3dbebf50a8d5b1225e8c076b95045f7833a0e17
3860
DrvInst.exe
C:\Windows\INF\setupapi.ev1
binary
MD5: 68a96687162cec532694a4d4e351b76e
SHA256: fbe3a3a07c73d61c10770c0afacb2ff3ff14ca947cd259079da55b187738e231
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\pl\wuau.adm
text
MD5: c5528f6e5fcf4c56c798bdbda16bf152
SHA256: 7d520ae55a21c97e93370f375fc24815dfc52d025821b74e6a766ab4a9b1900c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\en\wuau.adm
text
MD5: 03e49e3e55d951d6b7ffbe80e899efe0
SHA256: 1315a847db3417dfabe5d829e9329db5f4438a2c3945d3660656fbf0cb7df7af
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\fi\eula.rtf
text
MD5: 5869f2d4c8fce095bec334e46a13353a
SHA256: 25cac0e778571e48f445b8bcb37c3fa73f8dbc3d1297cc50db67fdc12adaa90f
3860
DrvInst.exe
C:\Windows\INF\setupapi.ev3
binary
MD5: 8f761032829fb6121aee77e26dc667a6
SHA256: f83e1592023b7c8f6c15847f26d30770c0a52e6c7304dba951eea437e2737649
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\es\eula.rtf
text
MD5: ba4c8ac855119a09c60c9c570ead9557
SHA256: d98b706157426a61e5347471386de1e4c8cc1293855874df23bea643ed138ca0
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\el\wuau.adm
text
MD5: 226b73f6fbe84925061548d5dcb1c3e4
SHA256: f16f05825945edb1d5434212a605e046581dc5cc0f88356b047c328eaed7ed5c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\el\eula.rtf
text
MD5: ec45b6e1f6bbf0f77b616c685c56a059
SHA256: 93ab618230eeb9d2bd5b2fd17e5652ebad6b2e8cdda78f6e8984625aebe49e86
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\pt\wuau.adm
text
MD5: ae7eaebc08a46e6f8f2ea18ebf671d56
SHA256: 07aeb019e36e301c5b6345aa7a044d29e739edd81b3d9530d7aae97791fdb13e
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\de\wuau.adm
text
MD5: c655dba4f968596d85da2464544c9543
SHA256: 0b003638255c6e19bcd9a0cfc3b64262aa059e673c8c6acac6bc6794a1e02714
2816
DllHost.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\no\wuau.adm
text
MD5: 4f8718d11d272e1a02d2c447dda622ab
SHA256: 29787e1d9b2cd679b58cbbd458d4faf9f2d72ff12240c2f10ee00a48cc207130
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ru\wuau.adm
text
MD5: e344c639a49833c9df058f6a5e757aad
SHA256: 529a53a34de22e26027ce6819a783ea077f7213535786ef7f198fe559ba1152f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ja\eula.rtf
text
MD5: bc47a9b5c722c83d4ed6aeec95a885c5
SHA256: 32b2f558481e597e06a4a56d3cfad9ea03fe373c34561b35f75575f28e85139a
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\no\eula.rtf
text
MD5: 553c0098608580a77d8165d61e723889
SHA256: 43b1bbb2bf7bffff4d5c4c3e40d911cb26d20a02c28b3ff4763207ed9d18fb3f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ar\wuau.adm
text
MD5: 8c31edf313dd782384b3b2abfe1350fc
SHA256: 2b1dbbf1c0648ada970daa6565a3ec29a403371fe94424a683761eaf513eb969
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\da\eula.rtf
text
MD5: 429082df95c252e7feea76a2a2eb3a6b
SHA256: b7f55103c1fcb33223e205630efc71569d5254c0f0fbf0b1db7c40a7640aa357
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\cs\eula.rtf
text
MD5: 6940f05f9c0fa1c65c789cf3d17cc3e9
SHA256: 91ade4761c4a29a761334ab27145edca214b09fdacbeec37012993427c5826e4
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\cs\wuau.adm
text
MD5: 7ee1931eb8726e4b30be678c8d4400c1
SHA256: 72982212c61b7a47ee843b815c3f0281e0a9386d4417a0cace1cd8fa7ca7e6fc
2816
DllHost.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{56dc90df-e810-4bc2-8a62-cd3bbf0e4354}_OnDiskSnapshotProp
binary
MD5: 95ddc722c9cc199148fec8d8ee469bcb
SHA256: 656d3fd68a566f6fd0b786fc30ffa255c2581bf7afc00098073c274ff10e2770
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\de\eula.rtf
text
MD5: 268fab270c3d34ecc4a2965433cd9d17
SHA256: 56dafaf5170111fc23317a86d66e7c91a7456fb4e41112dac53e22ab95fa404d
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\da\wuau.adm
text
MD5: c570c0349ec3004d24068e3b2f6901b0
SHA256: 520497aacde764e3fe8bd174413b38de05acee80b487aca4934f7e5aa7320dbc
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ko\eula.rtf
text
MD5: d08b24c093b1287754fbc9d51ded837b
SHA256: 2465099735f4855cd20239f163681556ec35f3701cecc63f8575253fd140f185
2816
DllHost.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: 95ddc722c9cc199148fec8d8ee469bcb
SHA256: 656d3fd68a566f6fd0b786fc30ffa255c2581bf7afc00098073c274ff10e2770
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ja\wuau.adm
text
MD5: 8cebc920f8b204ab3c6ab34b3665e192
SHA256: c203ba4e5bc0c875eeb5598f27a35845f06f514280226ab402c0142e9fcabf47
3596
wusetup.exe
C:\Windows\WindowsUpdate.log
text
MD5: 01748cb39abe374ad92e4b8cb53e70ed
SHA256: ba1fb94a59c1f57ff2904361731e09fc0784b717f05ee3e46ed8d2b3a315d99c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\zhcn\eula.rtf
text
MD5: 74d554bf24ce5e9d8d43bb7c0f8341b1
SHA256: 92a74f59e0eb0081faa0c331554bb92d964cb15fd5fb2777af4571f27b21afb4
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\it\wuau.adm
text
MD5: 7dd4ea92c7b35b2d5c3698934d2e839a
SHA256: 7311d8bf5c6b48f86f887f75ce29013994c7111e155919f905fe8954dbed4bc9
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\zhtw\eula.rtf
text
MD5: f21a3dd76017429a7756fab8279b4dab
SHA256: 520dcd125303b6d75da98a3c4a1802b537cb42ef126c9ddf0df4e29cb87b366c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ko\wuau.adm
text
MD5: bf0beceab1a599078126d39913a9d93e
SHA256: b919c04e62a1d8f88b7ac21e96f095e6f30af4833924657fbeab3eaa4dfc667a
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\nl\eula.rtf
text
MD5: 6a35457f665c953797bbcd875c03ad32
SHA256: 54781b5b049c1b870627d48d0dc106f4c352772394c417946eac00778f30821c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wusetup.inf
ini
MD5: 601a1f5b24a3a9fd82f5485690cadf6b
SHA256: 4a894a382f3dc9977d9e1ee895731d27b638611bfc7be276584ba550d6dc3605
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ru\eula.rtf
text
MD5: 540e94e590e586b84eb227e3ce016e40
SHA256: 4aebccdf735625eca3664c2a2efded9f4684117ae817706b7347d188a3946764
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ar\eula.rtf
text
MD5: ea0452127753235f882f39d384b7f6c9
SHA256: 70db47b92090502a5e39099920478473eb6c8e984fa7ecccd078704ca9414388
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\tr\eula.rtf
text
MD5: 10d4757ba6620d501bc8b7f2754c0743
SHA256: bedbe81ff60b7e79dea6cd3d1e0b9b565bb9586379c7d97e458041a984c3f99c
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\nl\wuau.adm
text
MD5: fba532c6a8aa0e08600c4f4a501fb5cf
SHA256: 29b1acead30d9bb2d57b9e38ac495abe51d7e4a7a9adbc5a54a4173b145f6583
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\zhcn\wuau.adm
text
MD5: 90570006c0eb43c57baa663f9a0f30d0
SHA256: 55840dfd7b1bf9c0ee09b563bac4e42c87e82fd668eb9db23c5a090796477051
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\sv\eula.rtf
text
MD5: 5e48b3fc5f2d3f0fd005567f3a857721
SHA256: fd9f6f61794ff3c89d4e87c1484d30c491b352bdaa3e6e4110b6e25e9d4e41e0
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_de
chm
MD5: 26fb1d28382ea38b50bef736cf1e9780
SHA256: 99d5e4179b9b28131f3a446b5da9647f8c20e27e7c2224272a278373abaae2fb
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\hu\wuau.adm
text
MD5: db575724e2153588bca3618a249b5feb
SHA256: 4840f7ce295d3828baeb29ad594d3081626c168dae0749f2de201ba9600d70cb
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\hu\eula.rtf
text
MD5: 395b0bdefaa8f07a7d9424493e3f4048
SHA256: e80ced6740f9f2d00b2810bfa504c1c29499f0d0d5fe42ca0296fecb3691ce4e
4016
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ptbr\eula.rtf
text
MD5: 265845218b03d458fd643d32889feee4
SHA256: 8ffdbb3fc45eb424b204ea164aec39f6978ad2d8bbcff3a3bebaea091e1d6482
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\it\eula.rtf
text
MD5: f7dfa27413450a1ee978bd2ad66132b1
SHA256: f6f7b9be4ba2129391091b69d78aad61d0ab3024db8370ec13e6a10505f85142
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\he\wuau.adm
text
MD5: 6c74dc5489bdd0fd7101253c50088f1a
SHA256: d7bc9b5cc794c5107a0193b53a59c187a3c2f6d2e8842f1e035d4fae372657d1
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\he\eula.rtf
text
MD5: 2ab2c1ae0b042bd4fcdd43c56e7c1f99
SHA256: bde875a9dc1a397c4efab9fcac0d0973d449412376e8f3d030867a528914f632
3860
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 0e08be0b19f7e3c485dea891f2844feb
SHA256: 3a692bd75b2f1633b7846f37338fa8d2eb5177a2b85673531b05b33d3104a4fe
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\zhtw\wuau.adm
text
MD5: 06805b3f3f7d371858eb3d16a8d8e1a5
SHA256: 80d51bd3c4d023403023f93c940d6ff62c1da78d143f0424772383d5bf0392dd
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\pl\eula.rtf
text
MD5: 915dcc15c1f3fc4d8009ed98d3f2f58c
SHA256: 09d2754d5b55ad785f8e6cdab34098eedb115b79e98f29712e6bcbb4fe0473da
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\fr\eula.rtf
text
MD5: 2c9868dcc3482f5c5ac3d6d321435332
SHA256: 384187c6d7464fd6adba423f27040bf4ac8d79d3314d66c07a6f37b026db5c77
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\ptbr\wuau.adm
text
MD5: d59505e5035d8aa6f51231f02956f712
SHA256: e993942c74661b6ab901e15afac2c20bc605270ae371a305c67bcf595d8006bc
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\fr\wuau.adm
text
MD5: 66e0b5941a057ecb0452edcbabfea2cf
SHA256: 5099f17fcf02f0a4d663a0861771dad3c65d32b1b5deef0d215469ca1e73b340
3860
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 6bfce9ec1eb7e6eef6564ce89a98bbac
SHA256: 38fdbb06b9346d533a39d965dc57b7217a3482a244cceea60dbcd6c5078bb4cc
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\es\wuau.adm
text
MD5: a6ce19b479cf26c2ed648955e40336d1
SHA256: 4aa2ba96b8184dfad7830966ef90c391bf3fbdf47d986f5fc1f7212a67bcc926
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\pt\eula.rtf
text
MD5: 518f48594f9f6c71c5f85f97400d3a1d
SHA256: c6675e4a6f2b4d54c515d80b236d69524fc15ed655d1d035577cff7db13bf8d2
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\fi\wuau.adm
text
MD5: a565873293bb874a047d9caca35427f0
SHA256: 3ab878e8a7b939cec8cb5b24dc99d4e52b97804ac97e9063cd0f59061ab37920
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_no
chm
MD5: 189c00894088993b9910c71917739fa4
SHA256: f56b7430bf35751731ccbfd89a1a2ba52a28af63fe84a01f79ec995e883252c5
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_ru
chm
MD5: 22e56dc9f442c7e1ed294e1b4a76ec57
SHA256: 7985819e2a77e35eaad7e81c6abce8737d32d64f1815f6490925cdafd667f6c1
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_tr
chm
MD5: 861f75693b8eb4c21eee5d385f346708
SHA256: ab6280963188e40a7a5d993ea20f465944c9d6c7924888af09dcbc1a3ec42e9d
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_zhcn
chm
MD5: 03b33ad30eb83480c1562ec1e8b24088
SHA256: c78b8c8b9c04b24368d99413ce5b12d12ccb2e75d906e6a61d208a868eafcb70
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_pt
chm
MD5: ef01af7846f7ec1100f0d0583fb9f293
SHA256: c03eef5a9805eac2ad250c566249036a7b7adb52845ccf33a198ea6b3d1cb38f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_sv
chm
MD5: 0b03b06dddd5702785fdc51dd3953865
SHA256: a5b81a5b433ae0964eec6df3695b2988fa6a7b3cdfab9fa77482e591d2fa70ad
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_ptbr
chm
MD5: 5b1fef72df5041db0ac814ec7cb23513
SHA256: 67d59717e6cda01b602e440d512c3ce45b6da488b39b6ddf1b561a9f0273caeb
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_pl
chm
MD5: 250b6268044cd086f53a3dbb5bc6017f
SHA256: c6fd62d1906b06cf6fe9fa67a627e413a302ff4cf3fcce2243e525e91471672f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_zhtw
chm
MD5: e7cb20114135c075e35719fbe759f021
SHA256: 95f6e81e3e04616f971140ac7897f4dc79cd9bd56e34d22fbf8992799d88e924
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_ko
chm
MD5: a5d6fad7f9f492b53f337354a3a56335
SHA256: 0b39e1798cf9f0af14b971d2983228bbd935eb98043564d2c3b75bd8d41ab93f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_ja
chm
MD5: 4560ade608579ec363d5348808fc9514
SHA256: 6ee3a08dae8fc09608160a0d8dbdfc0b0469e4cec46a6157f7b8ddc8835868f3
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_hu
chm
MD5: d232fbbed336292f9c344ee965a9c300
SHA256: 111dcec858f308e630410d2a84e0f5fe90ebf079a429d5fee422e50ea3d3a76e
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_fr
chm
MD5: 7b9c49a5517d01408266b9a6b51ebdb2
SHA256: a9e0e3c54359807cbd2823cb7275d0d04796dc002631de36c46c5eddec5408a2
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_it
chm
MD5: 8af70366a7621d9a4bb84df79c66a940
SHA256: 44c66261671a91b0e0ff435c85912943c0091f3b825bdea73945141526ab6b94
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_nl
chm
MD5: 872fc8c2763977831de49a0c018e72d7
SHA256: 95624384b3eeddb6e3b997c5689906740e1271723820f370d7999f294cff8c81
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_he
chm
MD5: 657b58083e3430994664b78c946b10e4
SHA256: 9a208ef02f5c8f7d3b2b564bb7ba886912386cfb6b77150632ad2651d61f4bca
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_da
chm
MD5: a5fbd32feafe3b24d8f3fe27d476d1a2
SHA256: 46db5c246f8690e73c16aa92c2fdab9a658d10e71f8cc58b0d2b5f2623510c67
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_el
chm
MD5: 7b46e1d34ee240eb4bf7737c1376d489
SHA256: 6f54be6c8fa6324596edf0a76e82294101faa5dfe83e7b42620c13e8574fc559
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wuauhelp.chm_ar
chm
MD5: 619011736cf568c98b24f2fd3968aa9b
SHA256: 21a70b9224b52c919327511a2c069eb4ebe557474dea3d9b8f78e469b9da452f
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\wsus3setup.cat
cat
MD5: 7b76efa4678deb12a8ac1fc587c66a50
SHA256: 663eed13b50646164114fee3f5598bcce4b26bd752113d30073dd01bd643be99
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\sv\wuau.adm
text
MD5: 211c59a98c652d34b4865cd9716b468d
SHA256: 453b114bdaa7ec23663a9d9ee576beaffbc78796ed3cd6094b521c957c24a27e
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\WUClient-SelfUpdate-Core-TopLevel.cab
compressed
MD5: fb59d11e7ce0880cd564cfe1e60933c0
SHA256: 92514168119f26a7149feb0c01c5df39ec75700dde193efcbf5644dd992a0942
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\en\eula.rtf
text
MD5: c5b2845d2ee06d9f74aa7dd421bf05a2
SHA256: 0283aaefda8817c34b4bf3bdc6ac34dfc8c655f4627af57657b7ec565fec9b0e
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\WUClient-SelfUpdate-Aux-TopLevel.cab
compressed
MD5: 0a0fe198efe05d6fa8f4dc48dd8caad3
SHA256: 12f355d099956d93817ac4f249242fda428f9fed7b03b03438d019384d3f2101
2200
WindowsUpdateAgent30-x86.exe
C:\95f2a22b31ec5089dcb17509054f\WUClient-SelfUpdate-ActiveX.cab
compressed
MD5: 232cccbb86d2afae9b60c42d23d885b9
SHA256: f2d9f27a725b6aec105b42d434efa683d3b8a85f87b87a47a846703c5166163a

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.