General Info

File name

WinCDEmu-4.1.exe

Full analysis
https://app.any.run/tasks/87eef481-a0f0-40b2-a1ac-1438ccb015a2
Verdict
Malicious activity
Analysis date
4/23/2019, 19:37:09
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5

4e53befe779f677b1ccec54b84f60a8c

SHA1

9ff4f2ed41d5bd09496d2cfb6e09c4b31659dc19

SHA256

c47763631d20120057766f2f71f781bf958e22712da4ac933b21db0d615dc93c

SSDEEP

49152:kCFdVNpsRKZdJ0ya6wWfumwumbp/afUD+6EVV4dDD/:kaVNpsIF0ya6wWf32p/69Z4dDj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • vmnt.exe (PID: 3932)
  • VirtualAutorunDisabler.exe (PID: 3388)
  • drvinst32.exe (PID: 3356)
  • uninstall.exe (PID: 2356)
Loads dropped or rewritten executable
  • regsvr32.exe (PID: 884)
  • regsvr32.exe (PID: 2816)
Changes settings of System certificates
  • drvinst32.exe (PID: 3356)
Registers / Runs the DLL via REGSVR32.EXE
  • uninstall.exe (PID: 2356)
Uses RUNDLL32.EXE to load library
  • DrvInst.exe (PID: 3408)
Searches for installed software
  • DrvInst.exe (PID: 3408)
Creates files in the Windows directory
  • DrvInst.exe (PID: 3060)
  • DrvInst.exe (PID: 3408)
Executable content was dropped or overwritten
  • DrvInst.exe (PID: 3060)
  • DrvInst.exe (PID: 3408)
  • drvinst32.exe (PID: 3356)
  • WinCDEmu-4.1.exe (PID: 3888)
Creates files in the driver directory
  • DrvInst.exe (PID: 3060)
  • DrvInst.exe (PID: 3408)
Creates a software uninstall entry
  • WinCDEmu-4.1.exe (PID: 3888)
Removes files from Windows directory
  • DrvInst.exe (PID: 3060)
  • DrvInst.exe (PID: 3408)
Adds / modifies Windows certificates
  • drvinst32.exe (PID: 3356)
Creates COM task schedule object
  • regsvr32.exe (PID: 884)
  • regsvr32.exe (PID: 2816)
Modifies the open verb of a shell class
  • WinCDEmu-4.1.exe (PID: 3888)
Creates files in the program directory
  • WinCDEmu-4.1.exe (PID: 3888)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 1380)
Changes settings of System certificates
  • DrvInst.exe (PID: 3408)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   UPX compressed Win32 Executable (39.3%)
.exe
|   Win32 EXE Yoda's Crypter (38.6%)
.dll
|   Win32 Dynamic Link Library (generic) (9.5%)
.exe
|   Win32 Executable (generic) (6.5%)
.exe
|   Generic Win/DOS Executable (2.9%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2015:09:30 20:31:31+02:00
PEType:
PE32
LinkerVersion:
10
CodeSize:
118784
InitializedDataSize:
40960
UninitializedDataSize:
249856
EntryPoint:
0x5a900
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
4.1.0.0
ProductVersionNumber:
4.1.0.0
FileFlagsMask:
0x0017
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
http://wincdemu.sysprogs.org/
CompanyName:
Sysprogs OU
FileDescription:
WinCDEmu installer
FileVersion:
4.1
LegalCopyright:
LGPL
LegalTrademarks:
Sysprogs
OriginalFileName:
WinCDEmu-installer.exe
ProductName:
WinCDEmu
ProductVersion:
4.1
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
30-Sep-2015 18:31:31
Detected languages
English - United States
Russian - Russia
Comments:
http://wincdemu.sysprogs.org/
CompanyName:
Sysprogs OU
FileDescription:
WinCDEmu installer
FileVersion:
4.1
LegalCopyright:
LGPL
LegalTrademarks:
Sysprogs
OriginalFilename:
WinCDEmu-installer.exe
ProductName:
WinCDEmu
ProductVersion:
4.1
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000F8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
30-Sep-2015 18:31:31
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
UPX0 0x00001000 0x0003D000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
UPX1 0x0003E000 0x0001D000 0x0001CC00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.92791
.rsrc 0x0005B000 0x0000A000 0x00009A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 5.51966
Resources
1

2

3

4

5

6

7

8

9

70

71

72

101

129

133

201

202

203

Imports
    KERNEL32.DLL

    ADVAPI32.dll

    COMCTL32.dll

    GDI32.dll

    ole32.dll

    SHELL32.dll

    USER32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
48
Monitored processes
14
Malicious processes
4
Suspicious processes
1

Behavior graph

+
drop and start drop and start drop and start start wincdemu-4.1.exe no specs wincdemu-4.1.exe uninstall.exe no specs virtualautorundisabler.exe no specs regsvr32.exe no specs regsvr32.exe no specs drvinst32.exe drvinst.exe rundll32.exe no specs vssvc.exe no specs drvinst.exe no specs drvinst.exe vmnt.exe no specs rundll32.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3084
CMD
"C:\Users\admin\AppData\Local\Temp\WinCDEmu-4.1.exe"
Path
C:\Users\admin\AppData\Local\Temp\WinCDEmu-4.1.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Sysprogs OU
Description
WinCDEmu installer
Version
4.1
Modules
Image
c:\users\admin\appdata\local\temp\wincdemu-4.1.exe
c:\systemroot\system32\ntdll.dll

PID
3888
CMD
"C:\Users\admin\AppData\Local\Temp\WinCDEmu-4.1.exe"
Path
C:\Users\admin\AppData\Local\Temp\WinCDEmu-4.1.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sysprogs OU
Description
WinCDEmu installer
Version
4.1
Modules
Image
c:\users\admin\appdata\local\temp\wincdemu-4.1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\wincdemu\vmnt.exe
c:\windows\system32\apphelp.dll
c:\program files\wincdemu\uninstall.exe
c:\users\admin\appdata\local\temp\ssi187d.tmp\drvinst32.exe
c:\windows\system32\netutils.dll

PID
2356
CMD
"C:\Program Files\WinCDEmu\uninstall.exe" /UPDATE
Path
C:\Program Files\WinCDEmu\uninstall.exe
Indicators
No indicators
Parent process
WinCDEmu-4.1.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\wincdemu\uninstall.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll
c:\program files\wincdemu\x86\virtualautorundisabler.exe
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\regsvr32.exe

PID
3388
CMD
"C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe" /RegServer
Path
C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe
Indicators
No indicators
Parent process
uninstall.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sysprogs OU
Description
WinCDEmu autorun disabling module
Version
4.1
Modules
Image
c:\program files\wincdemu\x86\virtualautorundisabler.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
884
CMD
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\WinCDEmu\x86\VirtualAutorunDisablerPS.dll"
Path
C:\Windows\System32\regsvr32.exe
Indicators
No indicators
Parent process
uninstall.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\program files\wincdemu\x86\virtualautorundisablerps.dll

PID
2816
CMD
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll"
Path
C:\Windows\System32\regsvr32.exe
Indicators
No indicators
Parent process
uninstall.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\program files\wincdemu\x86\wincdemucontextmenu.dll

PID
3356
CMD
C:\Users\admin\AppData\Local\Temp\ssi187D.tmp\drvinst32.exe instroot "root\BazisVirtualCDBus" "C:\Program Files\WinCDEmu\BazisVirtualCDBus.inf"
Path
C:\Users\admin\AppData\Local\Temp\ssi187D.tmp\drvinst32.exe
Indicators
Parent process
WinCDEmu-4.1.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\ssi187d.tmp\drvinst32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\newdev.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\spinf.dll
c:\windows\system32\sysclass.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\drvstore.dll

PID
3408
CMD
DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{3e84f513-4efb-2b1a-2447-b41129302f6f}\bazisvirtualcdbus.inf" "0" "6aa431c33" "0000053C" "WinSta0\Default" "000004CC" "208" "c:\program files\wincdemu"
Path
C:\Windows\system32\DrvInst.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\drvstore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\spinf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\ntmarta.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
3240
CMD
rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{35c71a00-44c9-7ea7-2a6f-1a64fc668f75} Global\{703a2c06-5c15-497e-d598-3007c0d8326e} C:\Windows\System32\DriverStore\Temp\{3c1b5b34-ce6f-09a5-6988-2c65f0a7ec4a}\bazisvirtualcdbus.inf C:\Windows\System32\DriverStore\Temp\{3c1b5b34-ce6f-09a5-6988-2c65f0a7ec4a}\BazisVirtualCDBus.cat
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
DrvInst.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\pnpui.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\duser.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\netutils.dll

PID
1380
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
3148
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000005E4" "000005E0"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
3060
CMD
DrvInst.exe "2" "211" "ROOT\SCSIADAPTER\0000" "C:\Windows\INF\oem4.inf" "bazisvirtualcdbus.inf:Standard:BazisVirtualCDBus_Device:4.1.1.0:root\bazisvirtualcdbus" "6aa431c33" "0000053C" "000005D0" "000005E4"
Path
C:\Windows\system32\DrvInst.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\sysclass.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\spfileq.dll
c:\windows\system32\ntmarta.dll

PID
3932
CMD
"C:\Program Files\WinCDEmu\vmnt" /uacdisable
Path
C:\Program Files\WinCDEmu\vmnt.exe
Indicators
No indicators
Parent process
WinCDEmu-4.1.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Sysprogs OU
Description
WinCDEmu mounter
Version
4.0
Modules
Image
c:\program files\wincdemu\vmnt.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\sysclass.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll

PID
2600
CMD
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
Path
C:\Windows\System32\rundll32.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
695
Read events
368
Write events
327
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\vmnt.exe\shell\open\command
"C:\Program Files\WinCDEmu\vmnt.exe" "%1"
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Windows.IsoFile\shell\open\command
"C:\Program Files\WinCDEmu\vmnt.exe" "%1"
3888
WinCDEmu-4.1.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso
Application
vmnt.exe
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VLC.cue\shell\Open\command
"C:\Program Files\WinCDEmu\vmnt.exe" "%1"
3888
WinCDEmu-4.1.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue
Application
vmnt.exe
3888
WinCDEmu-4.1.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img
Application
vmnt.exe
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.nrg
BazisVirtualCD.Nrg
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BazisVirtualCD.Nrg
Nero CD/DVD image
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BazisVirtualCD.Nrg\DefaultIcon
%SystemRoot%\System32\shell32.dll,11
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BazisVirtualCD.Nrg\shell\open\command
"C:\Program Files\WinCDEmu\vmnt.exe" "%1"
3888
WinCDEmu-4.1.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrg
Application
vmnt.exe
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mds
BazisVirtualCD.Mds
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BazisVirtualCD.Mds
Alcohol CD/DVD image
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BazisVirtualCD.Mds\DefaultIcon
%SystemRoot%\System32\shell32.dll,11
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BazisVirtualCD.Mds\shell\open\command
"C:\Program Files\WinCDEmu\vmnt.exe" "%1"
3888
WinCDEmu-4.1.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds
Application
vmnt.exe
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ccd
BazisVirtualCD.Ccd
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BazisVirtualCD.Ccd
CloneCD CD/DVD image
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BazisVirtualCD.Ccd\DefaultIcon
%SystemRoot%\System32\shell32.dll,11
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BazisVirtualCD.Ccd\shell\open\command
"C:\Program Files\WinCDEmu\vmnt.exe" "%1"
3888
WinCDEmu-4.1.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccd
Application
vmnt.exe
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinCDEmu
DisplayName
WinCDEmu
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinCDEmu
DisplayVersion
4.1
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinCDEmu
InstallLocation
C:\Program Files\WinCDEmu
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinCDEmu
NoModify
1
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinCDEmu
NoRepair
1
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinCDEmu
Publisher
Sysprogs
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinCDEmu
HelpLink
http://www.sysprogs.com/
3888
WinCDEmu-4.1.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinCDEmu
UninstallString
C:\Program Files\WinCDEmu\uninstall.exe
2356
uninstall.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2356
uninstall.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6C50E507-74A2-4434-95A6-53563A797FF6}
VirtualAutorunDisabler
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6C50E507-74A2-4434-95A6-53563A797FF6}
ROTFlags
1
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\VirtualAutorunDisabler.EXE
AppID
{6C50E507-74A2-4434-95A6-53563A797FF6}
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirtualAutorunDisabler.VirtualAutorun.1
VirtualAutorunDisablingMonitor Class
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirtualAutorunDisabler.VirtualAutorun.1\CLSID
{04DDC073-352E-447D-8A83-3E1FD9D41E61}
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirtualAutorunDisabler.VirtualAutorunDi
VirtualAutorunDisablingMonitor Class
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirtualAutorunDisabler.VirtualAutorunDi\CLSID
{04DDC073-352E-447D-8A83-3E1FD9D41E61}
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirtualAutorunDisabler.VirtualAutorunDi\CurVer
VirtualAutorunDisabler.VirtualAutorun.1
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04DDC073-352E-447D-8A83-3E1FD9D41E61}
VirtualAutorunDisablingMonitor Class
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04DDC073-352E-447D-8A83-3E1FD9D41E61}\ProgID
VirtualAutorunDisabler.VirtualAutorun.1
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04DDC073-352E-447D-8A83-3E1FD9D41E61}\VersionIndependentProgID
VirtualAutorunDisabler.VirtualAutorunDi
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04DDC073-352E-447D-8A83-3E1FD9D41E61}\LocalServer32
"C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe"
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04DDC073-352E-447D-8A83-3E1FD9D41E61}\TypeLib
{D2243491-B0DF-40CC-9973-9E401631D770}
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID
04DDC073-352E-447D-8A83-3E1FD9D41E61
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D2243491-B0DF-40CC-9973-9E401631D770}\1.0
VirtualAutorunDisabler 1.0 Type Library
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D2243491-B0DF-40CC-9973-9E401631D770}\1.0\FLAGS
0
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D2243491-B0DF-40CC-9973-9E401631D770}\1.0\0\win32
C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe
3388
VirtualAutorunDisabler.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D2243491-B0DF-40CC-9973-9E401631D770}\1.0\HELPDIR
C:\Program Files\WinCDEmu\x86
884
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57C052A7-AAD7-4230-860D-F6768C8EA59F}\InProcServer32
C:\Program Files\WinCDEmu\x86\VirtualAutorunDisablerPS.dll
884
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57C052A7-AAD7-4230-860D-F6768C8EA59F}\InProcServer32
ThreadingModel
Both
884
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57C052A7-AAD7-4230-860D-F6768C8EA59F}
PSFactoryBuffer
884
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57C052A7-AAD7-4230-860D-F6768C8EA59F}\ProxyStubClsid32
{57C052A7-AAD7-4230-860D-F6768C8EA59F}
884
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57C052A7-AAD7-4230-860D-F6768C8EA59F}
IVirtualAutorunDisablingMonitor
884
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57C052A7-AAD7-4230-860D-F6768C8EA59F}\NumMethods
5
884
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{466A44DC-AD3B-4573-BDC4-0686BBFB7A23}\ProxyStubClsid32
{57C052A7-AAD7-4230-860D-F6768C8EA59F}
884
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{466A44DC-AD3B-4573-BDC4-0686BBFB7A23}
IVirtualAutorunDisablingMonitorInternal
884
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{466A44DC-AD3B-4573-BDC4-0686BBFB7A23}\NumMethods
4
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{901EB7D4-307F-41A5-BB63-3070FCD11914}
WinCDEmuContextMenu
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WinCDEmuContextMenu.DLL
AppID
{901EB7D4-307F-41A5-BB63-3070FCD11914}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinCDEmuContextMenu.DriveContextMenu.1
DriveContextMenu Class
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinCDEmuContextMenu.DriveContextMenu.1\CLSID
{A9901FCD-B4DF-43A1-BD5D-6C9F88679497}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinCDEmuContextMenu.DriveContextMenu
DriveContextMenu Class
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinCDEmuContextMenu.DriveContextMenu\CLSID
{A9901FCD-B4DF-43A1-BD5D-6C9F88679497}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinCDEmuContextMenu.DriveContextMenu\CurVer
WinCDEmuContextMenu.DriveContextMenu.1
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9901FCD-B4DF-43A1-BD5D-6C9F88679497}
DriveContextMenu Class
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9901FCD-B4DF-43A1-BD5D-6C9F88679497}\ProgID
WinCDEmuContextMenu.DriveContextMenu.1
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9901FCD-B4DF-43A1-BD5D-6C9F88679497}\VersionIndependentProgID
WinCDEmuContextMenu.DriveContextMenu
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9901FCD-B4DF-43A1-BD5D-6C9F88679497}\InprocServer32
C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9901FCD-B4DF-43A1-BD5D-6C9F88679497}\InprocServer32
ThreadingModel
Apartment
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9901FCD-B4DF-43A1-BD5D-6C9F88679497}\TypeLib
{B77FD653-B196-4B0A-B197-7F8F704E0092}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\WinCDEmu
{A9901FCD-B4DF-43A1-BD5D-6C9F88679497}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinCDEmu
{A9901FCD-B4DF-43A1-BD5D-6C9F88679497}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinCDEmuContextMenu.VCDImgContextMenu.1
VCDImgContextMenu Class
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinCDEmuContextMenu.VCDImgContextMenu.1\CLSID
{D0E37FD2-F675-426F-B09A-2CF37BA46FD5}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinCDEmuContextMenu.VCDImgContextMenu
VCDImgContextMenu Class
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinCDEmuContextMenu.VCDImgContextMenu\CLSID
{D0E37FD2-F675-426F-B09A-2CF37BA46FD5}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinCDEmuContextMenu.VCDImgContextMenu\CurVer
WinCDEmuContextMenu.VCDImgContextMenu.1
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0E37FD2-F675-426F-B09A-2CF37BA46FD5}
VCDImgContextMenu Class
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0E37FD2-F675-426F-B09A-2CF37BA46FD5}\ProgID
WinCDEmuContextMenu.VCDImgContextMenu.1
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0E37FD2-F675-426F-B09A-2CF37BA46FD5}\VersionIndependentProgID
WinCDEmuContextMenu.VCDImgContextMenu
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0E37FD2-F675-426F-B09A-2CF37BA46FD5}\InprocServer32
C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0E37FD2-F675-426F-B09A-2CF37BA46FD5}\InprocServer32
ThreadingModel
Apartment
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0E37FD2-F675-426F-B09A-2CF37BA46FD5}\TypeLib
{B77FD653-B196-4B0A-B197-7F8F704E0092}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinCDEmu
{D0E37FD2-F675-426F-B09A-2CF37BA46FD5}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B77FD653-B196-4B0A-B197-7F8F704E0092}\1.0
WinCDEmuContextMenu 1.0 Type Library
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B77FD653-B196-4B0A-B197-7F8F704E0092}\1.0\FLAGS
0
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B77FD653-B196-4B0A-B197-7F8F704E0092}\1.0\0\win32
C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B77FD653-B196-4B0A-B197-7F8F704E0092}\1.0\HELPDIR
C:\Program Files\WinCDEmu\x86
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0333ECC-5824-4AD9-8365-CCDD20184674}
IDriveContextMenu
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0333ECC-5824-4AD9-8365-CCDD20184674}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0333ECC-5824-4AD9-8365-CCDD20184674}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0333ECC-5824-4AD9-8365-CCDD20184674}\TypeLib
{B77FD653-B196-4B0A-B197-7F8F704E0092}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0333ECC-5824-4AD9-8365-CCDD20184674}\TypeLib
Version
1.0
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0333ECC-5824-4AD9-8365-CCDD20184674}\InProcServer32
C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0333ECC-5824-4AD9-8365-CCDD20184674}\InProcServer32
ThreadingModel
Both
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0333ECC-5824-4AD9-8365-CCDD20184674}
PSFactoryBuffer
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0333ECC-5824-4AD9-8365-CCDD20184674}\ProxyStubClsid32
{E0333ECC-5824-4AD9-8365-CCDD20184674}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0333ECC-5824-4AD9-8365-CCDD20184674}\NumMethods
3
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{918988CF-2AFC-404C-90F2-5443D7A319E7}\ProxyStubClsid32
{E0333ECC-5824-4AD9-8365-CCDD20184674}
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{918988CF-2AFC-404C-90F2-5443D7A319E7}
IVCDImgContextMenu
2816
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{918988CF-2AFC-404C-90F2-5443D7A319E7}\NumMethods
3
3356
drvinst32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.app.log
4096
3356
drvinst32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.dev.log
4096
3356
drvinst32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3356
drvinst32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3356
drvinst32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3408
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\8880A2309BE334678E3D912671F22049C5A49A78
Blob
0300000001000000140000008880A2309BE334678E3D912671F22049C5A49A78040000000100000010000000472B1F9D43A0CF88412897FA6FE6B89C190000000100000010000000752F087F84A37DF879DB50F355B5217714000000010000001400000074C9F2EF1DAB459F92B00489B1849D3BC97838780F000000010000001400000065D38392D7F69EBD868A434480DF07B243619E072000000001000000B8040000308204B43082039CA00302010202121121F7C4F04F79EA2F0DD8725F116C3AED65300D06092A864886F70D01010505003051310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D7361312730250603550403131E476C6F62616C5369676E20436F64655369676E696E67204341202D204732301E170D3133303732343130353832345A170D3136303732343130353832345A304A310B3009060355040613024545310F300D060355040713064D616172647531143012060355040A130B53797370726F6773204F55311430120603550403130B53797370726F6773204F5530820122300D06092A864886F70D01010105000382010F003082010A0282010100B53EB38EDE311A8D2F1D6C9386B79F7A0C980241507C5AAC02322F78E27ACA2479928E94BC08D1C3000B0FE2DFA9E9953EE972F0BE6BEE95CDBB3B9BA3521A7677B4C91B85C0203DA09A43464C7F68AF3D97C076F394419BB3575425D86F5F8A3A08D1D2B2C86E3D092CDB1713C31D9248FDE885F9823622FE9955B78A1D6265EFE303B4EB34EEAAC0122B6627756E1631AEC49CDDD362D58B415C4F5B1A5DBD70FABE417D09B2F78636B2448CDF32B40CEA16390BD47A8847436F7FFF5F12FF71D77223DAA71F269DAC33B71ABA8368731FA79108BC337753679E9B004EDF9D9BC3F0ED79BDA5EE3A10461F410ADD55EEC60856D77776D6C2E7C84BE299253F0203010001A382018B30820187300E0603551D0F0101FF040403020780304C0603551D2004453043304106092B06010401A03201323034303206082B06010505070201162668747470733A2F2F7777772E676C6F62616C7369676E2E636F6D2F7265706F7369746F72792F30090603551D130402300030130603551D25040C300A06082B06010505070303303E0603551D1F043730353033A031A02F862D687474703A2F2F63726C2E676C6F62616C7369676E2E636F6D2F67732F6773636F64657369676E67322E63726C30818606082B06010505070101047A3078304006082B060105050730028634687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F6361636572742F6773636F64657369676E67322E637274303406082B060105050730018628687474703A2F2F6F637370322E676C6F62616C7369676E2E636F6D2F6773636F64657369676E6732301D0603551D0E0416041474C9F2EF1DAB459F92B00489B1849D3BC9783878301F0603551D23041830168014086ED8B69C8ABFED3ED7C3745DCC801FA82F507A300D06092A864886F70D010105050003820101005255B935B47E466D19842E2D2E155C818278B0AAFEF399E1E915544963D6475B5D815E9C257E9E872BD009E2AC5CD7FB14F020AC12EDE68E6F95886EE13EFA0ABE65A210C50AA41A054E7B9C9A27E9774D4410453083503452790399348E1DA148EDD546A7A2CFCE217876C6CC17C92D32788D58582E4D6A73D070E2623C09EF40D652800549B544B84CE69FA36B4B1CF912401992394B52D3E36FFBFCC39ED9CCA44392B85C68E216D8223963FE498507E4B1123AA5B292D74FE7F2AEBC67DD4907A8BEA4923090746B9D207B86F349EA13EBF0A826AA5FDEF187250879F6A961FD84D5D38A6B8EEA7630C51AD6306F8BA8F8911CC4DEFCD7914672DE17649D
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
400000000000000024FEAB42FBF9D401500D0000240D0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
400000000000000024FEAB42FBF9D401500D0000240D0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
20
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
400000000000000080970643FBF9D401500D0000240D0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
4000000000000000DAF90843FBF9D401500D000058090000E8030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
4000000000000000CAC8DA43FBF9D401500D000058090000E8030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
40000000000000005EDF474AFBF9D401500D0000240D0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
40000000000000005EDF474AFBF9D401500D0000240D0000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
400000000000000088545D4AFBF9D401500D0000240D0000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
400000000000000074B57E4AFBF9D401500D0000D40B0000E9030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
40000000000000006E3DA74AFBF9D401500D0000D40B0000E9030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
40000000000000006E3DA74AFBF9D401500D0000E40B0000F9030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
40000000000000003E50BA4AFBF9D401500D0000E40B0000F9030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
40000000000000004C77C14AFBF9D401500D0000240D00000A040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
4000000000000000B42DFC4BFBF9D401500D0000580200000A040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
4000000000000000B42DFC4BFBF9D401500D0000240D0000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
4000000000000000B42DFC4BFBF9D401500D0000240D0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
20
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
24FEAB42FBF9D401
3408
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
3240
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
4000000000000000AA0C1C43FBF9D40164050000680D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
4000000000000000AA0C1C43FBF9D40164050000640D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
4000000000000000AA0C1C43FBF9D40164050000E8090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
4000000000000000AA0C1C43FBF9D40164050000EC090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
40000000000000006CF82743FBF9D40164050000E8090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
40000000000000006CF82743FBF9D40164050000640D0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
4000000000000000C65A2A43FBF9D40164050000680D0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
400000000000000020BD2C43FBF9D40164050000EC090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
40000000000000001A537C4AFBF9D40164050000EC09000001040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
40000000000000001A537C4AFBF9D40164050000EC09000001040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
4000000000000000DC3E884AFBF9D40164050000EC090000E9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
4000000000000000DC3E884AFBF9D40164050000640D0000E9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
4000000000000000DC3E884AFBF9D40164050000680D0000E9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
40000000000000009E2A944AFBF9D40164050000680D0000E9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000009E2A944AFBF9D40164050000680D000001000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
40000000000000009E2A944AFBF9D40164050000EC090000E9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000009E2A944AFBF9D40164050000EC09000001000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
4000000000000000F88C964AFBF9D40164050000640D0000E9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
4000000000000000F88C964AFBF9D40164050000640D000001000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
4000000000000000D6C6B04AFBF9D40164050000640D0000F9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
4000000000000000D6C6B04AFBF9D40164050000680D0000F9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
40000000000000003029B34AFBF9D40164050000640D0000F9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
40000000000000003029B34AFBF9D40164050000680D0000F9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
40000000000000003E50BA4AFBF9D40164050000EC090000F9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
40000000000000003E50BA4AFBF9D40164050000EC090000F9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
40000000000000004C77C14AFBF9D401640500009C0E000002040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
40000000000000000A224E4BFBF9D401640500009C0E000002040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
40000000000000000A224E4BFBF9D401640500009C0E0000EA030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
4000000000000000DA34614BFBF9D40164050000840B0000EA030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
4000000000000000DA34614BFBF9D401640500007C0B0000EA030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
4000000000000000DA34614BFBF9D40164050000800B0000EA030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
4000000000000000D4BC894BFBF9D40164050000840B0000EA030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
4000000000000000D4BC894BFBF9D40164050000840B000002000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
40000000000000002E1F8C4BFBF9D40164050000800B0000EA030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000002E1F8C4BFBF9D40164050000800B000002000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
40000000000000002E1F8C4BFBF9D401640500007C0B0000EA030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000002E1F8C4BFBF9D401640500007C0B000002000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
40000000000000009030BE4BFBF9D401640500009C0E0000EA030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
40000000000000009030BE4BFBF9D401640500009C0E0000EB030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
40000000000000009030BE4BFBF9D401640500009C0E0000EC030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
4000000000000000F8B9C74BFBF9D40164050000840B0000EB030000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
4000000000000000F8B9C74BFBF9D40164050000840B0000EB030000000000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000F8B9C74BFBF9D40164050000840B000003000000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000F8B9C74BFBF9D40164050000680C0000FC030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
4000000000000000F8B9C74BFBF9D401640500009C0E0000EC030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
4000000000000000F8B9C74BFBF9D401640500009C0E0000ED030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
40000000000000006043D14BFBF9D401640500009C0E0000ED030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
40000000000000006043D14BFBF9D401640500009C0E0000EE030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
40000000000000006E6AD84BFBF9D401640500007C0B0000EB030000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
40000000000000006E6AD84BFBF9D401640500007C0B0000EB030000000000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
40000000000000006E6AD84BFBF9D401640500007C0B000003000000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
40000000000000006E6AD84BFBF9D40164050000840C0000FC030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
4000000000000000222FDD4BFBF9D401640500009C0E0000EE030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
4000000000000000222FDD4BFBF9D401640500009C0E0000F0030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
4000000000000000222FDD4BFBF9D401640500009C0E0000F0030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
4000000000000000222FDD4BFBF9D401640500009C0E0000EF030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
40000000000000003056E44BFBF9D40164050000880B0000EB030000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
4000000000000000E41AE94BFBF9D40164050000880B0000EB030000000000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000E41AE94BFBF9D40164050000880B000003000000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000E41AE94BFBF9D40164050000280B0000FC030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
4000000000000000E41AE94BFBF9D401640500009C0E0000EF030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
4000000000000000E41AE94BFBF9D401640500009C0E0000EB030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
4000000000000000E41AE94BFBF9D401640500009C0E000003040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
4000000000000000E41AE94BFBF9D401640500009C0E000003040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
4000000000000000E41AE94BFBF9D401640500009C0E0000FD030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
4000000000000000E41AE94BFBF9D40164050000E80D0000FD030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
40000000000000004CA4F24BFBF9D40164050000E80D0000FD030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
40000000000000004CA4F24BFBF9D401640500009C0E0000FD030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
40000000000000004CA4F24BFBF9D40164050000E80D0000FE030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000000069F74BFBF9D40164050000E80D0000FE030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
40000000000000000069F74BFBF9D40164050000E80D0000FF030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
40000000000000000069F74BFBF9D40164050000E80D0000FF030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
40000000000000004CA4F24BFBF9D401640500009C0E0000FE030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000000069F74BFBF9D401640500009C0E0000FE030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
40000000000000000069F74BFBF9D401640500009C0E0000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
40000000000000000069F74BFBF9D401640500009C0E0000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
40000000000000000069F74BFBF9D40164050000DC0D000004040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
40000000000000000069F74BFBF9D40164050000DC0D000004040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
40000000000000000069F74BFBF9D401640500009C0E000005040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
4000000000000000B42DFC4BFBF9D401640500009C0E000005040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
4000000000000000B42DFC4BFBF9D401640500009C0E0000F4030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
4000000000000000B42DFC4BFBF9D401640500009C0E0000F4030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
4000000000000000B42DFC4BFBF9D401640500009C0E0000F2030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
40000000000000007619084CFBF9D40164050000800B0000F2030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
40000000000000007619084CFBF9D40164050000880B0000F2030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000007619084CFBF9D40164050000840C0000FC030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000007619084CFBF9D40164050000280B0000FC030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
40000000000000007619084CFBF9D401640500009C0B0000F2030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
40000000000000007619084CFBF9D40164050000800B0000F2030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
40000000000000007619084CFBF9D40164050000880B0000F2030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
40000000000000007619084CFBF9D40164050000680C0000FC030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000007619084CFBF9D40164050000800B000004000000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
40000000000000007619084CFBF9D40164050000880B000004000000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
40000000000000007619084CFBF9D401640500009C0B0000F2030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000D07B0A4CFBF9D401640500009C0B000004000000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
4000000000000000D07B0A4CFBF9D401640500009C0E0000F2030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
4000000000000000D07B0A4CFBF9D401640500009C0E000006040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
40000000000000008CEF3E4CFBF9D401640500009C0E000006040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
40000000000000008CEF3E4CFBF9D401640500009C0E0000F5030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
4000000000000000E0D9694CFBF9D401640500009C0B0000F5030000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
4000000000000000E0D9694CFBF9D40164050000880B0000F5030000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
4000000000000000E0D9694CFBF9D40164050000840B0000F5030000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
4000000000000000E0D9694CFBF9D401640500009C0B0000F5030000000000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000E0D9694CFBF9D401640500009C0B000005000000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
4000000000000000E0D9694CFBF9D40164050000880B0000F5030000000000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000E0D9694CFBF9D40164050000880B000005000000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
4000000000000000E4471A4DFBF9D40164050000840B0000F5030000000000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000E4471A4DFBF9D40164050000840B000005000000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
40000000000000003EAA1C4DFBF9D401640500009C0E0000F5030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
40000000000000003EAA1C4DFBF9D401640500009C0E000007040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
40000000000000002A0B3E4DFBF9D401640500009C0E000007040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
4000000000000000A0BB4E4DFBF9D401640500009C0E0000FB030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
400000000000000062A75A4DFBF9D40164050000880B0000FB030000010000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
400000000000000062A75A4DFBF9D40164050000880B0000FB030000000000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
400000000000000062A75A4DFBF9D40164050000800B0000FB030000010000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
400000000000000062A75A4DFBF9D40164050000900B0000FB030000010000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
400000000000000062A75A4DFBF9D40164050000800B0000FB030000000000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
400000000000000062A75A4DFBF9D40164050000900B0000FB030000000000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
1380
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
400000000000000062A75A4DFBF9D401640500009C0E0000FB030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3148
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3060
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3060
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles
%SystemPath%\system32\DRIVERS\BazisVirtualCDBus.sys
5
3060
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList
Extended Base
130000000100000002000000040000000300000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F00000010000000110000001200000013000000
3060
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#bazisvirtualcdbus
Service
BazisVirtualCDBus
3060
DrvInst.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\root#bazisvirtualcdbus
ClassGUID
{4d36e97b-e325-11ce-bfc1-08002be10318}
3932
vmnt.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BazisVirtualCDBus\Parameters
GrantAccessToEveryone
1

Files activity

Executable files
21
Suspicious files
63
Text files
245
Unknown types
6

Dropped files

PID
Process
Filename
Type
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\x86\VirtualAutorunDisablerPS.dll
executable
MD5: e3bd21095f8d0017e2073d53e68f7509
SHA256: f7dd93bf06c41897d8ea789f7b9b358547576f30f1d93abcfcc421ba50c89c69
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\uninstall64.exe
executable
MD5: 2ed433c12cfa75908eb790fc8b23ea9e
SHA256: 9590ebd10c8cf1d58cc7ff543923e22dbdfc901ea5643f0e59670ef911694c90
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\batchmnt.exe
executable
MD5: 5e6561921a7722ea025a79172e7b443e
SHA256: c694d42d19daa784687b9146d19b7797b937e151a8aa7155904f54a1a6fd7a84
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\x64\BazisVirtualCDBus.sys
executable
MD5: 09391ba416aa29682298a612fdfdd7b8
SHA256: d889679c25da37212e2e0e08e4b2cf774fff395e83bcd168b240a59e74204070
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\mkisofs.exe
executable
MD5: 298b00e6dc408f5ea4fad8ff173028d5
SHA256: 19f7c8771cce642a15984c73c4bee2b441d6c47236958d8f5a7eb05738b0da4b
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\x86\BazisVirtualCDBus.sys
executable
MD5: 7b15fcedc5b947422208911633ab65ca
SHA256: 90c6fb0ef81dca6af763ba7581bde9096220737feecf3c6fa66a9b82e167a1a5
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll
executable
MD5: e3526f364347d94c329a8ca6d8df17da
SHA256: 0ca454fa57a90a4d899e0797d0aff5364260f3649b963d21582fa7010e419c2a
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\{3e84f513-4efb-2b1a-2447-b41129302f6f}\x86\BazisVirtualCDBus.sys
executable
MD5: 7b15fcedc5b947422208911633ab65ca
SHA256: 90c6fb0ef81dca6af763ba7581bde9096220737feecf3c6fa66a9b82e167a1a5
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.bak
executable
MD5: 03a9955ec55c5c6e00a3281602b30132
SHA256: 24b62e505f0a612fed69a425a9fd0f3459e76941add8fb6ccc3f43c64f12a7be
3408
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{3c1b5b34-ce6f-09a5-6988-2c65f0a7ec4a}\x86\BazisVirtualCDBus.sys
executable
MD5: 7b15fcedc5b947422208911633ab65ca
SHA256: 90c6fb0ef81dca6af763ba7581bde9096220737feecf3c6fa66a9b82e167a1a5
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\batchmnt64.exe
executable
MD5: ef5f980e1e1dbdf454673206751bf255
SHA256: 4a363e27b849a994250e6f2e4c9b4dd56f70f7cf9ff78375b3ee23244f1f9b6e
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\x64\VirtualAutorunDisablerPS.dll
executable
MD5: 7d20f582e32cc6d34e633928c5564f65
SHA256: b8c08185576d7cd5749c94d792b35f5ede59885be89f26f980526b7ab47cb534
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\x64\VirtualAutorunDisabler.exe
executable
MD5: 6f587118eb5b019f61b864faafd6ebcd
SHA256: 2606d333535bf625104d881eca62043c431ba3851dad29edc5d090ed7ce1509c
3060
DrvInst.exe
C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
executable
MD5: 7b15fcedc5b947422208911633ab65ca
SHA256: 90c6fb0ef81dca6af763ba7581bde9096220737feecf3c6fa66a9b82e167a1a5
3888
WinCDEmu-4.1.exe
C:\Users\admin\AppData\Local\Temp\ssi187D.tmp\drvinst64.exe
executable
MD5: 731a3ce577b0a406723b4405fb4cd2f1
SHA256: 7a0a25ab8a255739ec21fe2acf6fa0809ac313460e09d10688ed84fcf296da72
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll
executable
MD5: c36fee011c683583ec2d7f81dc53c348
SHA256: 51659adddec203ee06bb21ba263e1bfb7eee990648cde127628e2c963f53a8c9
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\vmnt.exe
executable
MD5: eeae83a94a6364a8a640e0f6caccfd85
SHA256: 6b642babb6e9ac67cbb35ad29a5437e774dc4e82442a3f23ee3889df07d54039
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe
executable
MD5: 98e22c7cd9baeca08875eafd182c13fc
SHA256: 06969d6f39a5c181580c7a418d1795cb1a1d890eba07e8125f18a58fa8476423
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\vmnt64.exe
executable
MD5: bf26c935ffd4c25fff6731dbf73d2212
SHA256: 40dbcf0ec787455837ec5d7439874b1ce6f586a570af8d5132f09cec531b97c7
3888
WinCDEmu-4.1.exe
C:\Users\admin\AppData\Local\Temp\ssi187D.tmp\drvinst32.exe
executable
MD5: 89a62f871fbe2e1b00e1ed2a59f6c873
SHA256: 40748ec7fac9c77b1e722403425ca9e99b88b445fd6677d8072f7c49dd9a73cf
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\uninstall.exe
executable
MD5: 168cf87105d81fd649c2d49f91c53496
SHA256: 6a8f9819384a46411acd85297d895d650766271d476efeb3392134d6784680c5
3060
DrvInst.exe
C:\Windows\TEMP\Cab888E.tmp
––
MD5:  ––
SHA256:  ––
3060
DrvInst.exe
C:\Windows\TEMP\Cab887D.tmp
––
MD5:  ––
SHA256:  ––
3060
DrvInst.exe
C:\Windows\INF\setupapi.ev1
binary
MD5: cecca46ad851ed172c87d00280ef5ef5
SHA256: 088ac58b712e87adb0eb46fc46a1c7f555cbb40ca03629c887755a68a5baa84a
3060
DrvInst.exe
C:\Windows\INF\setupapi.ev3
binary
MD5: f3d25544a3132346c128cf229e8f47dd
SHA256: 7ce2bf38990439325c95de840402c362451913ae63d5db0e6804b08a299e1680
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Cab876F.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Tar8770.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Cab872F.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Tar8730.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Tar86FF.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Cab86FE.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Windows\System32\DriverStore\infstrng.dat
binary
MD5: b31cec95751b5770ffd6a9d1926c1f68
SHA256: 598b2e44c7e62b348e808a01e213bf3e3ad396a995f098a946f8735b268f823d
3356
drvinst32.exe
C:\Windows\System32\DriverStore\infpub.dat
binary
MD5: ee3a9da4811e705b81ad90da44bab40c
SHA256: 6330ffd915cf45b7d986e6035a6946ff73a36b5783874b28a90e53dcbea45fa2
3356
drvinst32.exe
C:\Windows\System32\CatRoot2\dberr.txt
text
MD5: b447f5ab79e85a39a21464cc2d60dafa
SHA256: fe8d2fdd465587f5dcb96b30b6d9c7e6ff3beb37446fd9b95c337eb34eddda5b
3408
DrvInst.exe
C:\Windows\System32\DriverStore\FileRepository\bazisvirtualcdbus.inf_x86_neutral_18ec2ff4b04883c1\bazisvirtualcdbus.PNF
pnf
MD5: de4f0544666093c1e59c2ce85229657d
SHA256: c662cabf191dd70206732bf64db139327b81802f1d4b2a10f2004417f348a79c
3408
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: b06d3545aa2bf5f37ae319a2fb4a389f
SHA256: 8755bacd4d14b659a5c6541f3443d7303e7de1e8ae18919ec4dffaae7e227f63
3408
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.1
binary
MD5: 578264a3710b34f46ca15ab875036df6
SHA256: 032f01827138428b98c102a05ddc3176728d6ac7636d85476b16ad90fdc3138f
3408
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.2
binary
MD5: 578264a3710b34f46ca15ab875036df6
SHA256: 032f01827138428b98c102a05ddc3176728d6ac7636d85476b16ad90fdc3138f
3408
DrvInst.exe
C:\Windows\System32\DriverStore\INFCACHE.0
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\System32\DriverStore\OLDCACHE.000
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\System32\DriverStore\infpub.dat
binary
MD5: 7f2d8a6de0fd5a5660464de07947a143
SHA256: 33370d45977220e18161a4ce746ba9638f9cd7835e16d6b5a5001f759557375a
3408
DrvInst.exe
C:\Windows\System32\DriverStore\infstor.dat
binary
MD5: 0fe41c3099cdd8571bb7e6040f35be32
SHA256: fa05b4372a34a70c0e6a341dd6f56e885481e893828a08721ecd695b1fcea3f6
3408
DrvInst.exe
C:\Windows\System32\DriverStore\infstrng.dat
binary
MD5: f711c92ba5d03a43d7ea7573e4939394
SHA256: f41dc3116cc7f88e64c587cde4016c1192c492c32deaf2443f8c6757a529eb3c
3408
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 50f28e685152752c89481a9f69ee290f
SHA256: 82c296c721ed02855c4f1572bf92d74b54424388823a3db7099c72de995397ad
3408
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 0c1ac084c2eff0fbf135f720fb14264f
SHA256: f425b8ead7f69caae5ff9396484f5c51dfe3aee44a8e08bcdf81d101dc1deaec
3408
DrvInst.exe
C:\Windows\INF\oem4.inf
ini
MD5: 9a41acaf308273117f12253119753cd2
SHA256: bb36739bdbbbca8d445bc0f79a6bb286f374a12b7ea06d5f6904068756b4c801
3408
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 97eb62fd164136acf95554b3f6a4363f
SHA256: 2cac1821e07e5946d00fd4a984394554f9e687191c36e33b4fdeadbb706ea423
3408
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: a25c4b9f9b68071841a470454377b780
SHA256: fc717c83c7c819346c57e1d52be2ddfcc4283de68f8ce6ee793d6c70d6401101
3148
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 2297b44e40a1b319de05b45c6564c0de
SHA256: c3b71d32d9cc2956b19da8f4b292b4aad70b9d33bbee54f4cee13624b086b601
3148
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: e82e445322ebea0a07fbebfa9226a5bc
SHA256: 5281211b0e1675ad49568c890988e9af6dbf3fddf067453eaa80591e78a990d9
3148
DrvInst.exe
C:\Windows\INF\setupapi.ev3
binary
MD5: 76dcc60f78b3dff1ae3627619074f465
SHA256: 18541ac1875315c4f9eff75050c574faff83717c029dae6b366f9c6c3f0c19e0
3148
DrvInst.exe
C:\Windows\INF\setupapi.ev1
binary
MD5: d02b59f27959efee4859de6496c182b9
SHA256: 2c2aa2b3268a7ea34612db66175b2cf8c37763a55835a7a29ec694336ea2be53
3408
DrvInst.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: e7e9b3f6018c9f3390d19188fb22d988
SHA256: 6555f43071538a0106a34cd0af0a65f900ce2876adb4c1657934ceaf3ef7b0ae
3408
DrvInst.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{a8b485b2-4bb3-427a-b607-7b62cb62f21f}_OnDiskSnapshotProp
binary
MD5: e7e9b3f6018c9f3390d19188fb22d988
SHA256: 6555f43071538a0106a34cd0af0a65f900ce2876adb4c1657934ceaf3ef7b0ae
3408
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 4cbe7dc2c44a3159f8cd73374009c5b1
SHA256: 42202c7551af055313d9cdd1adf9aad6461808aefdcbf0e0e3e10449e63c631d
3408
DrvInst.exe
C:\Windows\TEMP\Tar469B.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\TEMP\Cab469A.tmp
––
MD5:  ––
SHA256:  ––
3240
rundll32.exe
C:\Users\admin\AppData\Local\Temp\Tar2802.tmp
––
MD5:  ––
SHA256:  ––
3240
rundll32.exe
C:\Users\admin\AppData\Local\Temp\Cab2801.tmp
––
MD5:  ––
SHA256:  ––
3240
rundll32.exe
C:\Users\admin\AppData\Local\Temp\Tar27E1.tmp
––
MD5:  ––
SHA256:  ––
3240
rundll32.exe
C:\Users\admin\AppData\Local\Temp\Cab27E0.tmp
––
MD5:  ––
SHA256:  ––
3240
rundll32.exe
C:\Users\admin\AppData\Local\Temp\Tar27D0.tmp
––
MD5:  ––
SHA256:  ––
3240
rundll32.exe
C:\Users\admin\AppData\Local\Temp\Cab27CF.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 5c7f0e9bfe0d4564e3ce415dabc5a973
SHA256: 710f3ad84cebb725c886e1b6309150da165fc664439f75c86212f6e40a9ee9f4
3408
DrvInst.exe
C:\Windows\TEMP\Tar26BC.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\TEMP\Cab26BB.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\TEMP\Tar268B.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\TEMP\Cab268A.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\TEMP\Tar265B.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\TEMP\Cab265A.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\TEMP\Cab2648.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\TEMP\Tar2649.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 7a147926a2c57f1f970cd5b24c28a3a0
SHA256: 94dc7cf4fa3e514f72b00b3e8632e198f5627a77bbe845c642e044d3b7450346
3408
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{3c1b5b34-ce6f-09a5-6988-2c65f0a7ec4a}\bazisvirtualcdbus.inf
ini
MD5: 9a41acaf308273117f12253119753cd2
SHA256: bb36739bdbbbca8d445bc0f79a6bb286f374a12b7ea06d5f6904068756b4c801
3408
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{3c1b5b34-ce6f-09a5-6988-2c65f0a7ec4a}\SET25FC.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{3c1b5b34-ce6f-09a5-6988-2c65f0a7ec4a}\BazisVirtualCDBus.cat
cat
MD5: 1a7ae9457824c66cf047a95f1a5c4629
SHA256: 63a80143e6394bea74a798481f19056d12f67ab4910758ba2fe4f499d1a8698a
3356
drvinst32.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: 45166aa8b6cb4ca7008a83749e9d787d
SHA256: 1249bf4bbc83f6bac686f55623c4dac0a80927f71c0064450ef41dac82582ef4
3408
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{3c1b5b34-ce6f-09a5-6988-2c65f0a7ec4a}\SET25EB.tmp
––
MD5:  ––
SHA256:  ––
3408
DrvInst.exe
C:\Windows\System32\DriverStore\Temp\{3c1b5b34-ce6f-09a5-6988-2c65f0a7ec4a}\x86\SET25DB.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\{3e84f513-4efb-2b1a-2447-b41129302f6f}\bazisvirtualcdbus.inf
ini
MD5: 9a41acaf308273117f12253119753cd2
SHA256: bb36739bdbbbca8d445bc0f79a6bb286f374a12b7ea06d5f6904068756b4c801
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\{3e84f513-4efb-2b1a-2447-b41129302f6f}\SET2560.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\{3e84f513-4efb-2b1a-2447-b41129302f6f}\BazisVirtualCDBus.cat
cat
MD5: 1a7ae9457824c66cf047a95f1a5c4629
SHA256: 63a80143e6394bea74a798481f19056d12f67ab4910758ba2fe4f499d1a8698a
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\{3e84f513-4efb-2b1a-2447-b41129302f6f}\SET255F.tmp
––
MD5:  ––
SHA256:  ––
3060
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: 45166aa8b6cb4ca7008a83749e9d787d
SHA256: 1249bf4bbc83f6bac686f55623c4dac0a80927f71c0064450ef41dac82582ef4
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\{3e84f513-4efb-2b1a-2447-b41129302f6f}\x86\SET254E.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 7a147926a2c57f1f970cd5b24c28a3a0
SHA256: 94dc7cf4fa3e514f72b00b3e8632e198f5627a77bbe845c642e044d3b7450346
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Tar24B9.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Cab24B8.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Cab2458.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Tar2459.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 32b1338ef29ac45f33c08517d002c4b7
SHA256: 69dccf40ad927c2b410081d271fc9629f124651903d32f07b7be6d40b6a98d97
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Tar2428.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Cab2427.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Tar23F7.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Users\admin\AppData\Local\Temp\Cab23F6.tmp
––
MD5:  ––
SHA256:  ––
3356
drvinst32.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: a2cbb184a82410946cfc180549c9487f
SHA256: b3c9f76ad12ed210323e46636725dbaec28e885d16fe91b63cd0df1c6725b5f1
3356
drvinst32.exe
C:\Windows\INF\setupapi.app.log
text
MD5: b221588cd7b19696b88c25804f133ff1
SHA256: 6e693214c4b50ef243c101ec108f1472731da08ec72bfcea1c445d8d110b32a1
3888
WinCDEmu-4.1.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu\WinCDEmu Settings.lnk
lnk
MD5: e5e089df17c7d8c2f4d55a051bbffe56
SHA256: eb5f6d05ba1fad59c27e20a56e04d943d5e48604506fd1558526eed240a28372
3060
DrvInst.exe
C:\Windows\System32\DriverStore\infstrng.dat
binary
MD5: 6af063c348154d088c11730d9614d33b
SHA256: 881e26bf5484fd39436b3a779defc74c87f62013b1f43cf138aec6c2f27624fb
3060
DrvInst.exe
C:\Windows\System32\DriverStore\infpub.dat
binary
MD5: 141af3fb8660e91239cae8b621672fba
SHA256: fabb7322996e7d7bb5eed27d5ada3707950ef6283770901b8f18ed73deecead4
3932
vmnt.exe
C:\Windows\INF\setupapi.app.log
text
MD5: 4e54b943e5b5c60562a13b95bf2988c0
SHA256: e61159649a3ba46d64144292a234537cf824671fb9be5ccad4296e7f287ba2cf
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\BazisVirtualCDBus.inf
ini
MD5: 9a41acaf308273117f12253119753cd2
SHA256: bb36739bdbbbca8d445bc0f79a6bb286f374a12b7ea06d5f6904068756b4c801
3060
DrvInst.exe
C:\Windows\TEMP\Tar8A99.tmp
––
MD5:  ––
SHA256:  ––
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\bazisvirtualcdbus.cat
cat
MD5: 1a7ae9457824c66cf047a95f1a5c4629
SHA256: 63a80143e6394bea74a798481f19056d12f67ab4910758ba2fe4f499d1a8698a
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_zh_TW.lng
binary
MD5: f4c9f78ea2d59c281d78d89f455d2328
SHA256: cba9899af4db048a7aac5f3f7064e8e43e7c0edd0e46c89ebd9ab407ceeb3622
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_zh_CN.lng
binary
MD5: 40789c69c026f2100f86e2b1a7b7a7a8
SHA256: 11308a9c7fcac27ca6685c06a3bb0f743411e84306159c1a2ccde1e5f7379f12
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_slovenscina.lng
binary
MD5: 09d289a231a1f47d2dc3fe0d826edd27
SHA256: 48dbb4a650293d9f987065bf7030c0365dc8ea43509eb6ca43a891a6db8ec370
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_turkish.lng
binary
MD5: 1d638adbdac9fef7f062ed66f36672a2
SHA256: 0790650e0b7fa237fc34ab6331128336a52314c3d1e9e7b91c2723c7d98c924b
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_spanish.lng
binary
MD5: 4bda51ae6ec0e55f7ccefd42a21310d0
SHA256: eaf9faee910f613411afe0580da58dc9405b142f5693f82e03a873434e109e92
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_swedish.lng
binary
MD5: 5a5b952e17ea5027575c09131b97bbda
SHA256: 11eed30ee47f4a72f71ea865a0851926cba271f1c9375013d2f12d269c364b83
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_Taiwan.lng
binary
MD5: 5839297f4c3b5aa339b91ffd4b05760d
SHA256: 9d5d8b200ffe7d61bfdf36118d1cc1991d1afb3cb9461ebb4473816c0b254861
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_ta.lng
binary
MD5: 809380356b7fe2fc2d35b948d8ec6de5
SHA256: 6ecd6b3cac5076fea1cb044fc76f91ebd95c2304e97488aa7bd7b4017236e079
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_sr.lng
binary
MD5: 059000fe86691136ab905886d1ae23b9
SHA256: 2d280ffacb4891bcda35b631d01e90cb07eab607447cb9680c308cabe3c1a47e
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_Slovak.lng
binary
MD5: 2cebd7a662ff4102436ebda4d8b8b33d
SHA256: cdccc857a73c01c62446c858dd10fdf1ec7e75fdf9ea9a21d210740482a0f001
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_russian.lng
binary
MD5: 05e875a13ab0424d01699d02289c9420
SHA256: 4eaa04b538aa2ee1a90b49ff9171f4e1a111efb51dc70d326883a24dbea6bc7a
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_urdu.lng
binary
MD5: b4b5fbc4b54ec5ed4458b53c043892f4
SHA256: 1cbbaf64fdf3d98b44f788fb236ca7e3c89c4b7927a87bfd8f88a445334868b2
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_slovenian.lng
binary
MD5: 08548b1eae4c26e930cc45104033e5aa
SHA256: f457fda47abee08e4cd76729176cc095e559f944ff83863efb810224d2f81725
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_uzbek.lng
binary
MD5: 0c074db45972542f28d9c6efbd008f52
SHA256: 32d4a67a1ed748ed685844844b46159764cc76fa7bf88b618a838a7d6ef88101
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_romanian.lng
binary
MD5: 5159a7044993359d360b6506219978dd
SHA256: ba65d6c19799e7c6f5b5acc91f142e48f2466915764606ae431b9ecfd010f578
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_lithuanian.lng
binary
MD5: 7d1604fd2688471758b2e8fc31726828
SHA256: 92eb2867b681b25c3e5ab669d4228089a55fb61b1817e96c2bba8d2b2762b92f
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_norwegian.lng
binary
MD5: 970fa1701f771ba7dc04bdb6988fa9c9
SHA256: acf442f2d45a93690a9d31e4c574a206c69af9653c9911bb13c3c99e45f42a5f
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_polish.lng
binary
MD5: 58324f09bdbb950df0f773a121f6037f
SHA256: 8bdbd44053b3267b5377694088b54233dd75bdfa8786957bf8290192989b5762
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_malay.lng
binary
MD5: febfbed2ae83a7165599d4fa99c5603f
SHA256: 05e2760e8a093a4e71680daa14b15de8fd0e2ab25a0e8474d80da47c56ed0b7b
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_kurdish.lng
binary
MD5: 12690623fc8eb82f9a47b5296a8141d9
SHA256: b778c00789fe073b8ccd247254cc7f4f4222f003e36555402bd437e1cdd7a4bc
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_portuguese_brazil.lng
binary
MD5: ba61bf688521d5a7721ff9f6628c444d
SHA256: 5a79a0a8419b7be7e2990d708c592976599ccfaa1950216874d92fcceb2ab75b
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_norsk.lng
binary
MD5: e87826e3ed5c16da3284d7930d419251
SHA256: 1ae9195876886ac68d1d6ea2c5d7d3c4d8e28accf97327b7c684542d176d4213
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_portuguese.lng
binary
MD5: 5bcfc4450928c8afb5eab66b8062c6ef
SHA256: 94c42059850b6f84727beb3842cdd9aae9ce75478f68bf9ea2f5bc94992fd67e
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_macedonian.lng
binary
MD5: 83e846bb5a229272dd01418b25faf0b6
SHA256: e08a61f1d29dc6881ba000159fcbca2cbe92d5754031525879aa046f853764ea
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_german.lng
binary
MD5: 093783d763f020e9c5c6e9746a5abf92
SHA256: a7e021618a74fb1e3beeeeeec03e0d753ed55ef7473983ba3e6092ed3580771b
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_french.lng
binary
MD5: 95031e630d34940cbb9adc61760d225f
SHA256: d1a8937a47460cda3146c45c004a8ee5a4ae0cc8913ff26658a01f89484d2be7
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_korean.lng
binary
MD5: fbc2fa5fc31ab329bbcddd5d58585c43
SHA256: e5a506356bff4512d63ac0ae39bd6bad5c41d15091817f4ec1fd30e522f79dd7
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_italian.lng
binary
MD5: 63111c9d894811d7fea24687f0dd35b0
SHA256: ac65fa205b9d336360fa752097b83347f7b336cb799af081ed03b5667bfb3f3b
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_greek.lng
binary
MD5: 1c74eb9bf2f9fbe1949a6bfaa0497e28
SHA256: 8f7e082d879ec597654879d595f3da167ca41365b57efb69d22d7d34a1eab83c
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_hungarian.lng
binary
MD5: b272fd93de261270406b3ccd237c247d
SHA256: ba6fed75872822cc1fd7135598dcb1718b07b7eda049c5f7c3ed5df8751c2abf
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_Indonesia.lng
binary
MD5: 2e0fc52d313032a4626caa4be6ba563c
SHA256: 4f2d907e3d960617f93cbd14fd44913e1b1c409c8a5c8160bdb6f4eb1d736f13
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_hebrew.lng
binary
MD5: ffca959029f8e28c160535ea7b38ee64
SHA256: d2328f3de2bad05251bc8d496afa1eb619a5351fd93485c612d8c8de26fdf395
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_japanese.lng
binary
MD5: 29d6e5181d9e3d1bcad83664c12b8185
SHA256: 84d7be0472bb27389ce21183f1aeea56dbc18bf0d65c19505e1b5c11a136a575
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_kannada.lng
binary
MD5: f941d8e5277fc7711e0b50622030a055
SHA256: 43be088c70fee45ffe8cafb921cc3a5b8adc276c15c473d029ca4bd10fbcd954
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_Farsi.lng
binary
MD5: 5ae5ac5c2ba4b2788c8dada8091b17fc
SHA256: 7481ec639dafe58ef68eadafd22c45cc35ad747c764fbcbeade8d18fc7efba2c
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_dansk.lng
binary
MD5: eed99027ce8d0bee9393df2e42368d56
SHA256: 7f48f93ab032fcfee1212afe9fef30a7d0b764313cb3f45cc76ef08ff00979db
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_Catalan.lng
binary
MD5: ab6b693ab0d2e076f38c5a1f66f0178c
SHA256: 46a16fedda9ae1f6a80c932abe28e883ba87dd475e84ced6888f2b49a52866a3
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_Czech.lng
binary
MD5: e27be5a5e7121ed58e8127475b3acf33
SHA256: 7375e41071f2417035608d01c516e0957c4d4ca4824ea6fcc44e12349a4581ce
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_finnish.lng
binary
MD5: 4457fde782feaa959d141c1e3880f4c0
SHA256: 37d2482d63a86de5548ac52ab6912ea0a3d4feba790de0e9f89f62835f30ca3b
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_dutch.lng
binary
MD5: 6b77c85bc096643f2211edf35623c759
SHA256: fa4dc5bfcb8cda847512761126b9945a658ca58427ffe2c592acfd50b67d70e0
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_estonian.lng
binary
MD5: b152548b47c0efec3d22d557e1725096
SHA256: 15274e12fdd6477f96fceb50ef5f4cb26e05caf7ea7ed718f071eb924b4ab501
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_bulgarian.lng
binary
MD5: bde8e065b9964471a94577abc273c6a2
SHA256: 2ef90cafdf86fd7f9ead5278f8a089048c3fecdf17c7f92b8086c12e73d3ae7b
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_english.lng
text
MD5: 967bc885f19eb2ca9e036b9367a7392c
SHA256: 9c2e62d42e0ac165c79c0ffec1c90111a36f4f34fe565a1991659fd8f256fe42
3060
DrvInst.exe
C:\Windows\TEMP\Cab8A98.tmp
––
MD5:  ––
SHA256:  ––
3060
DrvInst.exe
C:\Windows\system32\DRIVERS\SET8A51.tmp
––
MD5:  ––
SHA256:  ––
3060
DrvInst.exe
C:\Windows\INF\setupapi.ev3
binary
MD5: 1c2b8a81520d390513fe23de87dfa2d4
SHA256: 543bc5a7c8c6f50e4d2020db57b05f84b3fd4d73787573a512e2795d6364fa24
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_Arabic.lng
binary
MD5: 1c177fb48474504e2a12e135da569c89
SHA256: 49057e02a613243b138ea30f697e5de68a8ce68d9f48c2119aae33347711f474
3060
DrvInst.exe
C:\Windows\INF\setupapi.ev2
binary
MD5: f99934314a92eb3ecd051dfcbc6ee90e
SHA256: 36ac23e604b769222b08e0c6da028a18c18a95c87e57330194d081dd257d42b6
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_bahasaindonesia.lng
binary
MD5: ee1b69ad806dc238cdb3494d15edafab
SHA256: 42c1ac4600e24bf102d4f1abe41275b275bf9a10196219049eea33f1b21de40c
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_armenian.lng
binary
MD5: 054bc47aec44bc24efb7fa2d3cb4d16e
SHA256: f997cb43c2a5d3bb937e7966757f913dc2e4a4781723f45a5e93cd63d213c2fc
3888
WinCDEmu-4.1.exe
C:\Program Files\WinCDEmu\langfiles\vmnt_Bengali.lng
binary
MD5: d23c884983acdd3e39d905b456a93810
SHA256: a7f22ea0bbbf9c22ac7e3b6f72785e41cabeab35a762a55cdd0782015a5dd029
3060
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: fe7b17eda7732e2a4066e75ca23eddfb
SHA256: d25c0e2c310865ffd69261515b8100426060e017a3db76528b5a66136ded057d
3060
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 50885fe0cc57465488c6b90709d880ca
SHA256: 83d283fa45ba08b59f3b106a828c0f090330ddf723cc3dae48294be19b3f6ebd
3060
DrvInst.exe
C:\Windows\INF\oem4.PNF
pnf
MD5: 3d4f2360c624b5f05c778295f3e7cec2
SHA256: 839a9fced09ec326f73f265ba871b711d6e01f762b1dc58446c285b31e5c89ff
3060
DrvInst.exe
C:\Windows\TEMP\Tar8901.tmp
––
MD5:  ––
SHA256:  ––
3060
DrvInst.exe
C:\Windows\TEMP\Cab8900.tmp
––
MD5:  ––
SHA256:  ––
3060
DrvInst.exe
C:\Windows\TEMP\Tar88D0.tmp
––
MD5:  ––
SHA256:  ––
3060
DrvInst.exe
C:\Windows\TEMP\Cab88CF.tmp
––
MD5:  ––
SHA256:  ––
3060
DrvInst.exe
C:\Windows\TEMP\Tar888F.tmp
––
MD5:  ––
SHA256:  ––
3060
DrvInst.exe
C:\Windows\TEMP\Tar887E.tmp
––
MD5:  ––
SHA256:  ––
1380
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.