General Info

File name

f101v10b5836.exe

Full analysis
https://app.any.run/tasks/c7acc5b6-5a1f-462b-9b12-1c46e0c335fd
Verdict
Malicious activity
Analysis date
4/23/2019, 23:22:33
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

cf082d0ce4a47634365464c52fe9a35e

SHA1

f8115c5aeff40009126ec999efd36b8ad22a7682

SHA256

c795c816ca2438ee173df19ec37b45e06c481fcd18b6c4706d7032b60f9c76d5

SSDEEP

393216:cPDQIqd4kqImjqcdnVdO8HzoULyFKLfcSQC8zPw+a0jeQiTO+a8ftz:crQIqddqIOqcdLLLyk0ST+a0/iR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes the login/logoff helper path in the registry
  • MsiExec.exe (PID: 2544)
Loads dropped or rewritten executable
  • FSRT.exe (PID: 3240)
Application was dropped or rewritten from another process
  • FLOGO.EXE (PID: 3536)
  • fortres.exe (PID: 1816)
  • FSRT.exe (PID: 3240)
  • FSRTU.EXE (PID: 2880)
Changes settings of System certificates
  • MSIEXEC.EXE (PID: 3488)
Creates files in the program directory
  • FSRT.exe (PID: 3240)
Changes the autorun value in the registry
  • msiexec.exe (PID: 3680)
Creates COM task schedule object
  • msiexec.exe (PID: 3680)
Creates files in the driver directory
  • msiexec.exe (PID: 3680)
Creates files in the Windows directory
  • msiexec.exe (PID: 3680)
Adds / modifies Windows certificates
  • MSIEXEC.EXE (PID: 3488)
Starts Microsoft Installer
  • f101v10b5836.exe (PID: 2792)
Executable content was dropped or overwritten
  • msiexec.exe (PID: 3680)
Dropped object may contain Bitcoin addresses
  • msiexec.exe (PID: 3680)
Creates a software uninstall entry
  • msiexec.exe (PID: 3680)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 2544)
Creates or modifies windows services
  • msiexec.exe (PID: 3680)
Creates files in the program directory
  • msiexec.exe (PID: 3680)
Application launched itself
  • msiexec.exe (PID: 3680)
Searches for installed software
  • msiexec.exe (PID: 3680)
Low-level read access rights to disk partition
  • vssvc.exe (PID: 2916)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 EXE PECompact compressed (generic) (83%)
.exe
|   Win32 Executable (generic) (9%)
.exe
|   Generic Win/DOS Executable (3.9%)
.exe
|   DOS Executable Generic (3.9%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:10:17 07:20:43+02:00
PEType:
PE32
LinkerVersion:
14
CodeSize:
103936
InitializedDataSize:
27126272
UninitializedDataSize:
null
EntryPoint:
0x7fa1
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
1.0.0.1
ProductVersionNumber:
1.0.0.1
FileFlagsMask:
0x0017
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
Fortres Grand Corporation
FileDescription:
Fortres Grand Setup Launcher
FileVersion:
1, 0, 0, 1
LegalCopyright:
Copyright © 2007 Fortres Grand Corporation
OriginalFileName:
MSIStub.exe
ProductName:
Fortres Grand Installer
ProductVersion:
1, 0, 0, 1
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
17-Oct-2018 05:20:43
Detected languages
English - United States
Debug artifacts
C:\Users\Public\sandbox2013\WiX\Release\MSIStub.pdb
CompanyName:
Fortres Grand Corporation
FileDescription:
Fortres Grand Setup Launcher
FileVersion:
1, 0, 0, 1
LegalCopyright:
Copyright © 2007 Fortres Grand Corporation
OriginalFilename:
MSIStub.exe
ProductName:
Fortres Grand Installer
ProductVersion:
1, 0, 0, 1
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000118
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
6
Time date stamp:
17-Oct-2018 05:20:43
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00019546 0x00019600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.61128
.rdata 0x0001B000 0x00009950 0x00009A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.03292
.data 0x00025000 0x0000171C 0x00000C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.11492
.tls 0x00027000 0x00000009 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0.0203931
.gfids 0x00028000 0x000000F4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 1.98748
.rsrc 0x00029000 0x019D3F78 0x019D4000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 7.7894
Resources
1

2

3

4

5

6

7

8

9

107

129

130

131

132

133

134

135

136

137

138

140

142

145

147

148

149

Imports
    msi.dll

    KERNEL32.dll

    USER32.dll

    ADVAPI32.dll

    SHELL32.dll

    SHLWAPI.dll

Exports

    No exports.

Screenshots

Processes

Total processes
51
Monitored processes
13
Malicious processes
3
Suspicious processes
2

Behavior graph

+
start f101v10b5836.exe no specs f101v10b5836.exe msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs drvinst.exe no specs msiexec.exe msiexec.exe no specs fsrt.exe flogo.exe no specs fortres.exe fsrtu.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3568
CMD
"C:\Users\admin\AppData\Local\Temp\f101v10b5836.exe"
Path
C:\Users\admin\AppData\Local\Temp\f101v10b5836.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Fortres Grand Corporation
Description
Fortres Grand Setup Launcher
Version
1, 0, 0, 1
Modules
Image
c:\users\admin\appdata\local\temp\f101v10b5836.exe
c:\systemroot\system32\ntdll.dll

PID
2792
CMD
"C:\Users\admin\AppData\Local\Temp\f101v10b5836.exe"
Path
C:\Users\admin\AppData\Local\Temp\f101v10b5836.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Fortres Grand Corporation
Description
Fortres Grand Setup Launcher
Version
1, 0, 0, 1
Modules
Image
c:\users\admin\appdata\local\temp\f101v10b5836.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msiexec.exe

PID
3488
CMD
C:\Windows\SYSTEM32\MSIEXEC.EXE /I C:\Users\admin\AppData\Local\Temp\f101v10.msi
Path
C:\Windows\SYSTEM32\MSIEXEC.EXE
Indicators
Parent process
f101v10b5836.exe
User
admin
Integrity Level
HIGH
Exit code
1641
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\propsys.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\msihnd.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\msls31.dll
c:\windows\system32\winsta.dll

PID
3680
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\es.dll
c:\windows\system32\sxs.dll
c:\windows\system32\propsys.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ntmarta.dll

PID
2984
CMD
C:\Windows\system32\MsiExec.exe -Embedding 8112D7700085D0D92CBFEEC10EDE81F1 C
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\msi5f13.tmp
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
2916
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
3660
CMD
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000003A0" "000005BC"
Path
C:\Windows\system32\DrvInst.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Driver Installation Module
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\spfileq.dll

PID
2544
CMD
C:\Windows\system32\MsiExec.exe -Embedding B61C9938711B335FDB245CADC11876FC
Path
C:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msiccac.tmp
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\installer\msicd87.tmp
c:\windows\installer\msiced1.tmp
c:\windows\installer\msicf6e.tmp
c:\windows\installer\msicfdc.tmp
c:\windows\installer\msid07a.tmp
c:\windows\installer\msid0ca.tmp
c:\windows\installer\msid186.tmp
c:\windows\installer\msid243.tmp
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\installer\msidd32.tmp
c:\windows\installer\msie2a2.tmp
c:\windows\installer\msie310.tmp
c:\program files\fortres grand\fgclient.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wshqos.dll
c:\program files\fortres grand\fgpriv.dll
c:\windows\system32\msimg32.dll

PID
4076
CMD
C:\Windows\system32\MsiExec.exe -Embedding 0E2474A15E89B13147C9DD5EF8A7D44D M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msid7d2.tmp
c:\windows\system32\firewallapi.dll

PID
3240
CMD
"C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.exe"
Path
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Fortres Grand Corporation
Description
Fortres Security Runtime
Version
8.0.1611.0
Modules
Image
c:\program files\fortres grand\fortres security runtime 6.0\fsrt.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\program files\fortres grand\fortres 101 10\f101rt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\clbcatq.dll
c:\program files\fortres grand\fgclient.dll
c:\windows\system32\wshqos.dll
c:\program files\fortres grand\fgattr6.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\fortres grand\propedit6.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\apphelp.dll
c:\program files\fortres grand\fortres security runtime 6.0\flogo.exe
c:\windows\system32\sspicli.dll
c:\program files\fortres grand\fortres 101 10\fortres.exe
c:\program files\fortres grand\fortres security runtime 6.0\fsrtu.exe

PID
3536
CMD
"C:\PROGRAM FILES\FORTRES GRAND\FORTRES SECURITY RUNTIME 6.0\FLOGO.EXE"
Path
C:\PROGRAM FILES\FORTRES GRAND\FORTRES SECURITY RUNTIME 6.0\FLOGO.EXE
Indicators
No indicators
Parent process
FSRT.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
1
Version:
Company
Fortres Grand Corporation
Description
Version
7.0.1410.3
Modules
Image
c:\program files\fortres grand\fortres security runtime 6.0\flogo.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
1816
CMD
"C:\Program Files\Fortres Grand\Fortres 101 10\fortres.exe" *QUIET
Path
C:\Program Files\Fortres Grand\Fortres 101 10\fortres.exe
Indicators
Parent process
FSRT.exe
User
admin
Integrity Level
HIGH
Exit code
1073807364
Version:
Company
Fortres Grand Corporation
Description
Fortres Application
Version
8, 0, 5834, 0
Modules
Image
c:\program files\fortres grand\fortres 101 10\fortres.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2880
CMD
"C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRTU.EXE" /WATCHDOG:3240
Path
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRTU.EXE
Indicators
No indicators
Parent process
FSRT.exe
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Fortres Grand Corporation
Description
Fortres Security Runtime User Component
Version
8.0.1610.0
Modules
Image
c:\program files\fortres grand\fortres security runtime 6.0\fsrtu.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
1157
Read events
467
Write events
684
Delete events
6

Modification events

PID
Process
Operation
Key
Name
Value
2792
f101v10b5836.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\f101v10.msi
3488
MSIEXEC.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3488
MSIEXEC.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3488
MSIEXEC.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
Blob
040000000100000010000000C5DFB849CA051355EE2DBA1AC33EB0280F00000001000000200000005229BA15B31B0C6F4CCA89C2985177974327D1B689A3B935A0BD975532AF22AB090000000100000054000000305206082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B06010505070308060A2B0601040182370A030406082B0601050507030606082B060105050703070B000000010000003000000047006C006F00620061006C005300690067006E00200052006F006F00740020004300410020002D0020005200330000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CBB522D7B7F127AD6A0113865BDF1CD4102E7D0759AF635A7CF4720DC963C53B1400000001000000140000008FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC1D000000010000001000000001728E1ECF7A9D86FB3CEC8948ABA953030000000100000014000000D69B561148F01C77C54578C10926DF5B856976AD190000000100000010000000D0FD3C9C380D7B65E26B9A3FEDD39B8F2000000001000000630300003082035F30820247A003020102020B04000000000121585308A2300D06092A864886F70D01010B0500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3039303331383130303030305A170D3239303331383130303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523331133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100CC2576907906782216F5C083B684CA289EFD057611C5AD8872FC460243C7B28A9D045F24CB2E4BE1608246E152AB0C8147706CDD64D1EBF52CA30F823D0C2BAE97D7B614861079BB3B1380778C08E149D26A622F1F5EFA9668DF892795389F06D73EC9CB26590D73DEB0C8E9260E8315C6EF5B8BD20460CA49A628F6693BF6CBC82891E59D8A615737AC7414DC74E03AEE722F2E9CFBD0BBBFF53D00E10633E8822BAE53A63A16738CDD410E203AC0B4A7A1E9B24F902E3260E957CBB904926868E538266075B29F77FF9114EFAE2049FCAD401548D1023161195EB897EFAD77B7649A7ABF5FC113EF9B62FB0D6CE0546916A903DA6EE983937176C6698582170203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604148FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC300D06092A864886F70D01010B050003820101004B40DBC050AAFEC80CEFF796544549BB96000941ACB3138686280733CA6BE674B9BA002DAEA40AD3F5F1F10F8ABF73674A83C7447B78E0AF6E6C6F03298E333945C38EE4B9576CAAFC1296EC53C62DE4246CB99463FBDC536867563E83B8CF3521C3C968FECEDAC253AACC908AE9F05D468C95DD7A58281A2F1DDECD0037418FED446DD75328977EF367041E15D78A96B4D3DE4C27A44C1B737376F41799C21F7A0EE32D08AD0A1C2CFF3CAB550E0F917E36EBC35749BEE12E2D7C608BC3415113239DCEF7326B9401A899E72C331F3A3B25D28640CE3B2C8678C9612F14BAEEDB556FDF84EE05094DBD28D872CED36250651EEB92978331D9B3B5CA47583F5F
3488
MSIEXEC.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3680
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
3680
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62
3680
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
3680
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
3680
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
3680
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Enter)
4000000000000000F484B9E11AFAD401600E0000AC0A0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Enter)
40000000000000004EE7BBE11AFAD401600E0000AC0A0000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
LastIndex
20
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Enter)
4000000000000000501E14E21AFAD401600E0000AC0A0000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Enter)
4000000000000000501E14E21AFAD401600E000028090000E8030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
IDENTIFY (Leave)
400000000000000002D9F1E21AFAD401600E000028090000E8030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppGatherWriterMetadata (Leave)
4000000000000000440F5BE81AFAD401600E0000AC0A0000D3070000010000000000000000000000000000000000000000000000000000000000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Enter)
4000000000000000440F5BE81AFAD401600E0000AC0A0000D4070000000000000000000000000000000000000000000000000000000000000000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppAddInterestingComponents (Leave)
400000000000000014226EE81AFAD401600E0000AC0A0000D4070000010000000000000000000000000000000000000000000000000000000000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Enter)
40000000000000003E9783E81AFAD401600E000094070000E9030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
PREPAREBACKUP (Leave)
4000000000000000C26E9BE81AFAD401600E000094070000E9030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Enter)
4000000000000000C26E9BE81AFAD401600E0000B8030000F9030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
GETSTATE (Leave)
40000000000000007633A0E81AFAD401600E0000B8030000F9030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Enter)
40000000000000002AF8A4E81AFAD401600E0000AC0A00000A040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
DOSNAPSHOT (Leave)
40000000000000009E9E8EE91AFAD401600E00002C0800000A040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
SppCreate (Leave)
40000000000000009E9E8EE91AFAD401600E0000AC0A0000D0070000010000000000000000000000000000000000000000000000000000000000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
SrCreateRp (Leave)
40000000000000009E9E8EE91AFAD401600E0000AC0A0000D5070000010000000000000000000000000000000000000000000000000000000000000000000000
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
FirstRun
0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
LastIndex
20
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
StartNesting
F484B9E11AFAD401
3680
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3680
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
600E00004C67E4D11AFAD401
3680
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
A09E39F35962A616C368ECB430E3504E28583822646F2AC5408A9155B683BA27
3680
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\13ca2a.ipi
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\13ca2b.rbs
30734883
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\13ca2b.rbsLow
1294823632
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\367B2CC0A216754409812E9409E5EDA1
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres 101 10\f101.chm
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E867EE9E5787EA479BAC5198EAA3E13
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres 101 10\F101rt.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17D9BC6B1A750D540B25E08348F515B7
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres 101 10\F101Tray.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DAAED9DD5107F4A44BD523F12C96F34D
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres 101 10\F101ui.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E128529EB634F343B889DE0CF4A952C
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres 101 10\f101v7.adb
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F691AEB5C8379894CB1281CE17748C24
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres 101 10\Launcher.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9972C2B8DA5C2064390010AC91393C73
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres 101 10\Fortres.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28E135DAC9FF690479D4ED08850CFD4F
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres 101 10\f101v7.adu
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\Windows\system32\Fortresd.dll
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18F27DB1803EA8240A43D64361CDAA08
C61A852071164324F8DCB9B23BF00D31
C?\Windows\system32\Fortresd.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\363D115A15A50E8459EF89FC3306BE24
C61A852071164324F8DCB9B23BF00D31
C:\Windows\system32\Drivers\f101fs.sys
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6909BF10ADC8584399290DBD60237F7
C61A852071164324F8DCB9B23BF00D31
C:\Windows\system32\Drivers\fgcf101kb.sys
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\58773D7EB58B22943BD04018B7C0EC23
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\FGActWiz.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3F61884FCC64EEC438C543BF41B6E7D0
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\FGAttr6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D4592EA9B25BB64487FADE9A4DB960B
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\FGClient.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\969ED365AA4347F4FB5652335CB98BA6
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\FGPriv.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C7477A81694A51A4384D3C634256DB0D
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\FGRchStr.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5AB15C3A2BE0DD45A936B7304C96E11
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEF30ECF1DD241C4BB8ADCA85795187C
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\FGCUPDMGR.DLL
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\303F270C38B4D37489C7A9057C031C05
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\FGCUpdStub.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F30401BCFF0CE6D4D86D201178492406
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\FGCShared.adu
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FD977EAC153CC544A293B992268D966
C61A852071164324F8DCB9B23BF00D31
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3B4B59385C42C9408E1F7805E2E9A76
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B62EC538ED2E75A4296CB68A59B453DE
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\fsrtu.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A25378EC7F1953C4691B9479C309B7FE
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\Settings\appmgr.default
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BF5D688C98EC744B93CD6C5D29F5BB0
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\flogo.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2768BBAE91D69C6448C5357E2773BD3A
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres Security Interface\FSI.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05E92DDBB3E669F40A4D37E9FD88B79E
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres Security Interface\cc6eng.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E65D47F78B921E4408EF9532E840F4DD
C61A852071164324F8DCB9B23BF00D31
C:\Program Files\Fortres Grand\Fortres Security Interface\fsi6.adu
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\Windows\system32\SMChk.exe
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEAC1C90847B08B4ABFD4D0080CDF54B
C61A852071164324F8DCB9B23BF00D31
C?\Windows\system32\SMChk.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\Settings\
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Fortres Grand\
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\Repl\
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Fortres Grand\Fortres Security Interface\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Fortres Grand\Fortres 101 10\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGActWiz.CFGActWiz
FGActWiz
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGActWiz.CFGActWiz\CLSID
{248FB3EA-81EE-446C-9924-4744EEE304AA}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248FB3EA-81EE-446C-9924-4744EEE304AA}\VersionIndependentProgID
IFGActWiz.CFGActWiz
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGActWiz.CFGActWiz.1
FGActWiz
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGActWiz.CFGActWiz\CurVer
IFGActWiz.CFGActWiz.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGActWiz.CFGActWiz.1\CLSID
{248FB3EA-81EE-446C-9924-4744EEE304AA}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248FB3EA-81EE-446C-9924-4744EEE304AA}\ProgID
IFGActWiz.CFGActWiz.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248FB3EA-81EE-446C-9924-4744EEE304AA}\InprocServer32
C:\Program Files\Fortres Grand\FGActWiz.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248FB3EA-81EE-446C-9924-4744EEE304AA}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248FB3EA-81EE-446C-9924-4744EEE304AA}
FGActWiz
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttribute.CComAttribute
Attribute
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttribute.CComAttribute\CLSID
{B160F33D-045A-4CBB-AAD3-1266B20F8C7F}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B160F33D-045A-4CBB-AAD3-1266B20F8C7F}\VersionIndependentProgID
IAttribute.CComAttribute
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttribute.CComAttribute.1
Attribute
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttribute.CComAttribute\CurVer
IAttribute.CComAttribute.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttribute.CComAttribute.1\CLSID
{B160F33D-045A-4CBB-AAD3-1266B20F8C7F}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B160F33D-045A-4CBB-AAD3-1266B20F8C7F}\ProgID
IAttribute.CComAttribute.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B160F33D-045A-4CBB-AAD3-1266B20F8C7F}\InprocServer32
C:\Program Files\Fortres Grand\FGAttr6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B160F33D-045A-4CBB-AAD3-1266B20F8C7F}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B160F33D-045A-4CBB-AAD3-1266B20F8C7F}
Attribute
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeDirectory.CComAttributeDirectory
Attribute Directory
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeDirectory.CComAttributeDirectory\CLSID
{B4EC2F3E-A76B-48CF-9669-F1FE039F5B9C}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4EC2F3E-A76B-48CF-9669-F1FE039F5B9C}\VersionIndependentProgID
IAttributeDirectory.CComAttributeDirectory
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeDirectory.CComAttributeDirectory.1
Attribute Directory
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeDirectory.CComAttributeDirectory\CurVer
IAttributeDirectory.CComAttributeDirectory.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeDirectory.CComAttributeDirectory.1\CLSID
{B4EC2F3E-A76B-48CF-9669-F1FE039F5B9C}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4EC2F3E-A76B-48CF-9669-F1FE039F5B9C}\ProgID
IAttributeDirectory.CComAttributeDirectory.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4EC2F3E-A76B-48CF-9669-F1FE039F5B9C}\InprocServer32
C:\Program Files\Fortres Grand\FGAttr6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4EC2F3E-A76B-48CF-9669-F1FE039F5B9C}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4EC2F3E-A76B-48CF-9669-F1FE039F5B9C}
Attribute Directory
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeQuery.CComAttributeQuery
AttributeQuery
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeQuery.CComAttributeQuery\CLSID
{E7A0EDB8-7E62-4D36-AD34-C27B5CBF4879}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7A0EDB8-7E62-4D36-AD34-C27B5CBF4879}\VersionIndependentProgID
IAttributeQuery.CComAttributeQuery
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeQuery.CComAttributeQuery.1
AttributeQuery
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeQuery.CComAttributeQuery\CurVer
IAttributeQuery.CComAttributeQuery.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeQuery.CComAttributeQuery.1\CLSID
{E7A0EDB8-7E62-4D36-AD34-C27B5CBF4879}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7A0EDB8-7E62-4D36-AD34-C27B5CBF4879}\ProgID
IAttributeQuery.CComAttributeQuery.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7A0EDB8-7E62-4D36-AD34-C27B5CBF4879}\InprocServer32
C:\Program Files\Fortres Grand\FGAttr6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7A0EDB8-7E62-4D36-AD34-C27B5CBF4879}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7A0EDB8-7E62-4D36-AD34-C27B5CBF4879}
AttributeQuery
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeList.CComAttributeList
Attribute List
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeList.CComAttributeList\CLSID
{EC0BB012-460D-4A93-B13D-A0CB73AD743D}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC0BB012-460D-4A93-B13D-A0CB73AD743D}\VersionIndependentProgID
IAttributeList.CComAttributeList
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeList.CComAttributeList.1
Attribute List
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeList.CComAttributeList\CurVer
IAttributeList.CComAttributeList.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAttributeList.CComAttributeList.1\CLSID
{EC0BB012-460D-4A93-B13D-A0CB73AD743D}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC0BB012-460D-4A93-B13D-A0CB73AD743D}\ProgID
IAttributeList.CComAttributeList.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC0BB012-460D-4A93-B13D-A0CB73AD743D}\InprocServer32
C:\Program Files\Fortres Grand\FGAttr6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC0BB012-460D-4A93-B13D-A0CB73AD743D}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC0BB012-460D-4A93-B13D-A0CB73AD743D}
Attribute List
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGClient2.CFGClient
FGClient
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGClient2.CFGClient\CLSID
{91D4CAEB-BB74-46DE-8828-68A5B80D1D2B}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D4CAEB-BB74-46DE-8828-68A5B80D1D2B}\VersionIndependentProgID
IFGClient2.CFGClient
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGClient2.CFGClient.1
FGClient
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGClient2.CFGClient\CurVer
IFGClient2.CFGClient.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGClient2.CFGClient.1\CLSID
{91D4CAEB-BB74-46DE-8828-68A5B80D1D2B}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D4CAEB-BB74-46DE-8828-68A5B80D1D2B}\ProgID
IFGClient2.CFGClient.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D4CAEB-BB74-46DE-8828-68A5B80D1D2B}\InprocServer32
C:\Program Files\Fortres Grand\FGClient.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D4CAEB-BB74-46DE-8828-68A5B80D1D2B}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D4CAEB-BB74-46DE-8828-68A5B80D1D2B}
FGClient
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGNetLib.CFGLocal
FGLocal
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGNetLib.CFGLocal\CLSID
{9341CFB7-4160-4270-BC41-7B8FCCC7B28B}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9341CFB7-4160-4270-BC41-7B8FCCC7B28B}\VersionIndependentProgID
IFGNetLib.CFGLocal
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGNetLib.CFGLocal.1
FGLocal
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGNetLib.CFGLocal\CurVer
IFGNetLib.CFGLocal.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGNetLib.CFGLocal.1\CLSID
{9341CFB7-4160-4270-BC41-7B8FCCC7B28B}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9341CFB7-4160-4270-BC41-7B8FCCC7B28B}\ProgID
IFGNetLib.CFGLocal.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9341CFB7-4160-4270-BC41-7B8FCCC7B28B}\InprocServer32
C:\Program Files\Fortres Grand\FGClient.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9341CFB7-4160-4270-BC41-7B8FCCC7B28B}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9341CFB7-4160-4270-BC41-7B8FCCC7B28B}
FGLocal
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGNetLib.CFGWinServer
FGWinServer
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGNetLib.CFGWinServer\CLSID
{C01D3AEB-4EF1-41B5-9B38-BEEF8A38C20C}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C01D3AEB-4EF1-41B5-9B38-BEEF8A38C20C}\VersionIndependentProgID
IFGNetLib.CFGWinServer
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGNetLib.CFGWinServer.1
FGWinServer
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGNetLib.CFGWinServer\CurVer
IFGNetLib.CFGWinServer.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGNetLib.CFGWinServer.1\CLSID
{C01D3AEB-4EF1-41B5-9B38-BEEF8A38C20C}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C01D3AEB-4EF1-41B5-9B38-BEEF8A38C20C}\ProgID
IFGNetLib.CFGWinServer.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C01D3AEB-4EF1-41B5-9B38-BEEF8A38C20C}\InprocServer32
C:\Program Files\Fortres Grand\FGClient.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C01D3AEB-4EF1-41B5-9B38-BEEF8A38C20C}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C01D3AEB-4EF1-41B5-9B38-BEEF8A38C20C}
FGWinServer
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGPrivilege.CFGPrivilege
FG Privilege
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGPrivilege.CFGPrivilege\CLSID
{AB5E89D3-805C-413E-8C8F-7BCFF451E6C2}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB5E89D3-805C-413E-8C8F-7BCFF451E6C2}\VersionIndependentProgID
IFGPrivilege.CFGPrivilege
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGPrivilege.CFGPrivilege.1
FG Privilege
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGPrivilege.CFGPrivilege\CurVer
IFGPrivilege.CFGPrivilege.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IFGPrivilege.CFGPrivilege.1\CLSID
{AB5E89D3-805C-413E-8C8F-7BCFF451E6C2}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB5E89D3-805C-413E-8C8F-7BCFF451E6C2}\ProgID
IFGPrivilege.CFGPrivilege.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB5E89D3-805C-413E-8C8F-7BCFF451E6C2}\InprocServer32
C:\Program Files\Fortres Grand\FGPriv.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB5E89D3-805C-413E-8C8F-7BCFF451E6C2}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB5E89D3-805C-413E-8C8F-7BCFF451E6C2}
FG Privilege
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IRichString.CComRichString
ComRichString
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IRichString.CComRichString\CLSID
{917478C2-615C-4C92-82AB-3A3F40AF7B9E}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917478C2-615C-4C92-82AB-3A3F40AF7B9E}\VersionIndependentProgID
IRichString.CComRichString
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IRichString.CComRichString.1
ComRichString
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IRichString.CComRichString\CurVer
IRichString.CComRichString.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IRichString.CComRichString.1\CLSID
{917478C2-615C-4C92-82AB-3A3F40AF7B9E}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917478C2-615C-4C92-82AB-3A3F40AF7B9E}\ProgID
IRichString.CComRichString.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917478C2-615C-4C92-82AB-3A3F40AF7B9E}\InprocServer32
C:\Program Files\Fortres Grand\FGRchStr.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917478C2-615C-4C92-82AB-3A3F40AF7B9E}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917478C2-615C-4C92-82AB-3A3F40AF7B9E}
ComRichString
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CCleanUpEditor
Clean Up Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CCleanUpEditor\CLSID
{01925629-D370-4A52-9F24-5A5CAB38121D}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01925629-D370-4A52-9F24-5A5CAB38121D}\VersionIndependentProgID
IPropertyEditor.CCleanUpEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CCleanUpEditor.1
Clean Up Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CCleanUpEditor\CurVer
IPropertyEditor.CCleanUpEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CCleanUpEditor.1\CLSID
{01925629-D370-4A52-9F24-5A5CAB38121D}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01925629-D370-4A52-9F24-5A5CAB38121D}\ProgID
IPropertyEditor.CCleanUpEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01925629-D370-4A52-9F24-5A5CAB38121D}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01925629-D370-4A52-9F24-5A5CAB38121D}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01925629-D370-4A52-9F24-5A5CAB38121D}
Clean Up Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CDriveEditor
Drive Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CDriveEditor\CLSID
{15F3BAD3-4A6D-4204-A267-6E5F6778740A}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15F3BAD3-4A6D-4204-A267-6E5F6778740A}\VersionIndependentProgID
IPropertyEditor.CDriveEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CDriveEditor.1
Drive Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CDriveEditor\CurVer
IPropertyEditor.CDriveEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CDriveEditor.1\CLSID
{15F3BAD3-4A6D-4204-A267-6E5F6778740A}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15F3BAD3-4A6D-4204-A267-6E5F6778740A}\ProgID
IPropertyEditor.CDriveEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15F3BAD3-4A6D-4204-A267-6E5F6778740A}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15F3BAD3-4A6D-4204-A267-6E5F6778740A}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15F3BAD3-4A6D-4204-A267-6E5F6778740A}
Drive Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CIdleEditor
Idle Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CIdleEditor\CLSID
{1CF6CED5-32C2-4B3A-9577-95F07DBF13AB}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CF6CED5-32C2-4B3A-9577-95F07DBF13AB}\VersionIndependentProgID
IPropertyEditor.CIdleEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CIdleEditor.1
Idle Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CIdleEditor\CurVer
IPropertyEditor.CIdleEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CIdleEditor.1\CLSID
{1CF6CED5-32C2-4B3A-9577-95F07DBF13AB}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CF6CED5-32C2-4B3A-9577-95F07DBF13AB}\ProgID
IPropertyEditor.CIdleEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CF6CED5-32C2-4B3A-9577-95F07DBF13AB}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CF6CED5-32C2-4B3A-9577-95F07DBF13AB}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CF6CED5-32C2-4B3A-9577-95F07DBF13AB}
Idle Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CBoolEditor
Bool Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CBoolEditor\CLSID
{239476A7-D2AB-4FA0-ABD9-AB8D57FA5E29}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239476A7-D2AB-4FA0-ABD9-AB8D57FA5E29}\VersionIndependentProgID
IPropertyEditor.CBoolEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CBoolEditor.1
Bool Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CBoolEditor\CurVer
IPropertyEditor.CBoolEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CBoolEditor.1\CLSID
{239476A7-D2AB-4FA0-ABD9-AB8D57FA5E29}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239476A7-D2AB-4FA0-ABD9-AB8D57FA5E29}\ProgID
IPropertyEditor.CBoolEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239476A7-D2AB-4FA0-ABD9-AB8D57FA5E29}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239476A7-D2AB-4FA0-ABD9-AB8D57FA5E29}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239476A7-D2AB-4FA0-ABD9-AB8D57FA5E29}
Bool Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditorCollection.CPropertyEditorCollection
PropertyEditorCollection
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditorCollection.CPropertyEditorCollection\CLSID
{3AE5F1D0-FE2A-43DD-80E8-4AB0496FC0BD}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE5F1D0-FE2A-43DD-80E8-4AB0496FC0BD}\VersionIndependentProgID
IPropertyEditorCollection.CPropertyEditorCollection
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditorCollection.CPropertyEditorCollection.1
PropertyEditorCollection
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditorCollection.CPropertyEditorCollection\CurVer
IPropertyEditorCollection.CPropertyEditorCollection.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditorCollection.CPropertyEditorCollection.1\CLSID
{3AE5F1D0-FE2A-43DD-80E8-4AB0496FC0BD}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE5F1D0-FE2A-43DD-80E8-4AB0496FC0BD}\ProgID
IPropertyEditorCollection.CPropertyEditorCollection.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE5F1D0-FE2A-43DD-80E8-4AB0496FC0BD}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE5F1D0-FE2A-43DD-80E8-4AB0496FC0BD}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE5F1D0-FE2A-43DD-80E8-4AB0496FC0BD}
PropertyEditorCollection
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CSCTDiskProtectionEditor
List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CSCTDiskProtectionEditor\CLSID
{485B1A32-4243-45E7-9B3F-FF636DB34BC5}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{485B1A32-4243-45E7-9B3F-FF636DB34BC5}\VersionIndependentProgID
IPropertyEditor.CSCTDiskProtectionEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CSCTDiskProtectionEditor.1
List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CSCTDiskProtectionEditor\CurVer
IPropertyEditor.CSCTDiskProtectionEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CSCTDiskProtectionEditor.1\CLSID
{485B1A32-4243-45E7-9B3F-FF636DB34BC5}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{485B1A32-4243-45E7-9B3F-FF636DB34BC5}\ProgID
IPropertyEditor.CSCTDiskProtectionEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{485B1A32-4243-45E7-9B3F-FF636DB34BC5}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{485B1A32-4243-45E7-9B3F-FF636DB34BC5}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{485B1A32-4243-45E7-9B3F-FF636DB34BC5}
List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CShellObjEditor
Shell Objects Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CShellObjEditor\CLSID
{55C828FA-8AAA-4CB6-BB6A-9322FFAB33CB}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55C828FA-8AAA-4CB6-BB6A-9322FFAB33CB}\VersionIndependentProgID
IPropertyEditor.CShellObjEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CShellObjEditor.1
Shell Objects Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CShellObjEditor\CurVer
IPropertyEditor.CShellObjEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CShellObjEditor.1\CLSID
{55C828FA-8AAA-4CB6-BB6A-9322FFAB33CB}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55C828FA-8AAA-4CB6-BB6A-9322FFAB33CB}\ProgID
IPropertyEditor.CShellObjEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55C828FA-8AAA-4CB6-BB6A-9322FFAB33CB}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55C828FA-8AAA-4CB6-BB6A-9322FFAB33CB}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55C828FA-8AAA-4CB6-BB6A-9322FFAB33CB}
Shell Objects Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTextListEditor
Text List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTextListEditor\CLSID
{59C45D37-0D38-4C13-B786-33A60153CB23}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59C45D37-0D38-4C13-B786-33A60153CB23}\VersionIndependentProgID
IPropertyEditor.CTextListEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTextListEditor.1
Text List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTextListEditor\CurVer
IPropertyEditor.CTextListEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTextListEditor.1\CLSID
{59C45D37-0D38-4C13-B786-33A60153CB23}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59C45D37-0D38-4C13-B786-33A60153CB23}\ProgID
IPropertyEditor.CTextListEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59C45D37-0D38-4C13-B786-33A60153CB23}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59C45D37-0D38-4C13-B786-33A60153CB23}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59C45D37-0D38-4C13-B786-33A60153CB23}
Text List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CSandboxEditor
Sandbox Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CSandboxEditor\CLSID
{65AE42FE-495A-4BD4-BADF-989CC7BA512F}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65AE42FE-495A-4BD4-BADF-989CC7BA512F}\VersionIndependentProgID
IPropertyEditor.CSandboxEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CSandboxEditor.1
Sandbox Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CSandboxEditor\CurVer
IPropertyEditor.CSandboxEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CSandboxEditor.1\CLSID
{65AE42FE-495A-4BD4-BADF-989CC7BA512F}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65AE42FE-495A-4BD4-BADF-989CC7BA512F}\ProgID
IPropertyEditor.CSandboxEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65AE42FE-495A-4BD4-BADF-989CC7BA512F}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65AE42FE-495A-4BD4-BADF-989CC7BA512F}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65AE42FE-495A-4BD4-BADF-989CC7BA512F}
Sandbox Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CPrivAppEditor
List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CPrivAppEditor\CLSID
{69464E92-BFCC-4120-A4BA-BD61DBAE8368}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69464E92-BFCC-4120-A4BA-BD61DBAE8368}\VersionIndependentProgID
IPropertyEditor.CPrivAppEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CPrivAppEditor.1
List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CPrivAppEditor\CurVer
IPropertyEditor.CPrivAppEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CPrivAppEditor.1\CLSID
{69464E92-BFCC-4120-A4BA-BD61DBAE8368}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69464E92-BFCC-4120-A4BA-BD61DBAE8368}\ProgID
IPropertyEditor.CPrivAppEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69464E92-BFCC-4120-A4BA-BD61DBAE8368}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69464E92-BFCC-4120-A4BA-BD61DBAE8368}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69464E92-BFCC-4120-A4BA-BD61DBAE8368}
List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTextEditor
Text Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTextEditor\CLSID
{77D38FDF-5BE2-4A66-ACDC-FACD7E8A5A99}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77D38FDF-5BE2-4A66-ACDC-FACD7E8A5A99}\VersionIndependentProgID
IPropertyEditor.CTextEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTextEditor.1
Text Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTextEditor\CurVer
IPropertyEditor.CTextEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTextEditor.1\CLSID
{77D38FDF-5BE2-4A66-ACDC-FACD7E8A5A99}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77D38FDF-5BE2-4A66-ACDC-FACD7E8A5A99}\ProgID
IPropertyEditor.CTextEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77D38FDF-5BE2-4A66-ACDC-FACD7E8A5A99}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77D38FDF-5BE2-4A66-ACDC-FACD7E8A5A99}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77D38FDF-5BE2-4A66-ACDC-FACD7E8A5A99}
Text Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CListEditor
List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CListEditor\CLSID
{A246393F-E201-440D-A4B8-F8B929D6A264}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A246393F-E201-440D-A4B8-F8B929D6A264}\VersionIndependentProgID
IPropertyEditor.CListEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CListEditor.1
List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CListEditor\CurVer
IPropertyEditor.CListEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CListEditor.1\CLSID
{A246393F-E201-440D-A4B8-F8B929D6A264}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A246393F-E201-440D-A4B8-F8B929D6A264}\ProgID
IPropertyEditor.CListEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A246393F-E201-440D-A4B8-F8B929D6A264}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A246393F-E201-440D-A4B8-F8B929D6A264}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A246393F-E201-440D-A4B8-F8B929D6A264}
List Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CInstalledAppEditor
String Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CInstalledAppEditor\CLSID
{C5FD2F26-FFF1-4129-A7E0-A5E84CD495F0}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5FD2F26-FFF1-4129-A7E0-A5E84CD495F0}\VersionIndependentProgID
IPropertyEditor.CInstalledAppEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CInstalledAppEditor.1
String Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CInstalledAppEditor\CurVer
IPropertyEditor.CInstalledAppEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CInstalledAppEditor.1\CLSID
{C5FD2F26-FFF1-4129-A7E0-A5E84CD495F0}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5FD2F26-FFF1-4129-A7E0-A5E84CD495F0}\ProgID
IPropertyEditor.CInstalledAppEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5FD2F26-FFF1-4129-A7E0-A5E84CD495F0}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5FD2F26-FFF1-4129-A7E0-A5E84CD495F0}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5FD2F26-FFF1-4129-A7E0-A5E84CD495F0}
String Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CLaunchEditor
Launch Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CLaunchEditor\CLSID
{CB8AAF59-2973-4B1F-8713-0EF1118EB674}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB8AAF59-2973-4B1F-8713-0EF1118EB674}\VersionIndependentProgID
IPropertyEditor.CLaunchEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CLaunchEditor.1
Launch Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CLaunchEditor\CurVer
IPropertyEditor.CLaunchEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CLaunchEditor.1\CLSID
{CB8AAF59-2973-4B1F-8713-0EF1118EB674}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB8AAF59-2973-4B1F-8713-0EF1118EB674}\ProgID
IPropertyEditor.CLaunchEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB8AAF59-2973-4B1F-8713-0EF1118EB674}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB8AAF59-2973-4B1F-8713-0EF1118EB674}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB8AAF59-2973-4B1F-8713-0EF1118EB674}
Launch Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CStringEditor
String Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CStringEditor\CLSID
{D765E3B7-BBC2-4457-B871-B684D2CF46C6}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D765E3B7-BBC2-4457-B871-B684D2CF46C6}\VersionIndependentProgID
IPropertyEditor.CStringEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CStringEditor.1
String Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CStringEditor\CurVer
IPropertyEditor.CStringEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CStringEditor.1\CLSID
{D765E3B7-BBC2-4457-B871-B684D2CF46C6}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D765E3B7-BBC2-4457-B871-B684D2CF46C6}\ProgID
IPropertyEditor.CStringEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D765E3B7-BBC2-4457-B871-B684D2CF46C6}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D765E3B7-BBC2-4457-B871-B684D2CF46C6}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D765E3B7-BBC2-4457-B871-B684D2CF46C6}
String Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTrustEditor
Trust Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTrustEditor\CLSID
{E578A0E7-F745-4692-8FCE-E343B39DF61E}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E578A0E7-F745-4692-8FCE-E343B39DF61E}\VersionIndependentProgID
IPropertyEditor.CTrustEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTrustEditor.1
Trust Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTrustEditor\CurVer
IPropertyEditor.CTrustEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CTrustEditor.1\CLSID
{E578A0E7-F745-4692-8FCE-E343B39DF61E}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E578A0E7-F745-4692-8FCE-E343B39DF61E}\ProgID
IPropertyEditor.CTrustEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E578A0E7-F745-4692-8FCE-E343B39DF61E}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E578A0E7-F745-4692-8FCE-E343B39DF61E}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E578A0E7-F745-4692-8FCE-E343B39DF61E}
Trust Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CShutDownEditor
ShutDown Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CShutDownEditor\CLSID
{E9C35942-90A4-45DD-BA35-77BFA3525548}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9C35942-90A4-45DD-BA35-77BFA3525548}\VersionIndependentProgID
IPropertyEditor.CShutDownEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CShutDownEditor.1
ShutDown Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CShutDownEditor\CurVer
IPropertyEditor.CShutDownEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CShutDownEditor.1\CLSID
{E9C35942-90A4-45DD-BA35-77BFA3525548}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9C35942-90A4-45DD-BA35-77BFA3525548}\ProgID
IPropertyEditor.CShutDownEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9C35942-90A4-45DD-BA35-77BFA3525548}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9C35942-90A4-45DD-BA35-77BFA3525548}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9C35942-90A4-45DD-BA35-77BFA3525548}
ShutDown Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CPrinterEditor
Printer Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CPrinterEditor\CLSID
{FEDC7FD0-E97D-4DFB-BBFD-8F021E9C76E9}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEDC7FD0-E97D-4DFB-BBFD-8F021E9C76E9}\VersionIndependentProgID
IPropertyEditor.CPrinterEditor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CPrinterEditor.1
Printer Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CPrinterEditor\CurVer
IPropertyEditor.CPrinterEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IPropertyEditor.CPrinterEditor.1\CLSID
{FEDC7FD0-E97D-4DFB-BBFD-8F021E9C76E9}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEDC7FD0-E97D-4DFB-BBFD-8F021E9C76E9}\ProgID
IPropertyEditor.CPrinterEditor.1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEDC7FD0-E97D-4DFB-BBFD-8F021E9C76E9}\InprocServer32
C:\Program Files\Fortres Grand\PropEdit6.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEDC7FD0-E97D-4DFB-BBFD-8F021E9C76E9}\InprocServer32
ThreadingModel
Both
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEDC7FD0-E97D-4DFB-BBFD-8F021E9C76E9}
Printer Editor
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BA9B2966-2AA0-4F6C-9B3C-F999E3492D10}
LocalService
FSRT
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\FSRT\Snapins
F10110
C:\Program Files\Fortres Grand\Fortres 101 10\F101rt.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
F101Tray
"C:\Program Files\Fortres Grand\Fortres 101 10\F101Tray.exe"
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
FSRT
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\fsrtu.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\FSI\Snapins
F10110
C:\Program Files\Fortres Grand\Fortres 101 10\F101ui.dll
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Fortres 101
Path
C:\Program Files\Fortres Grand\Fortres 101 10\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres 101 6.5
CurVerFile
f101v7.adu
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres 101 6.5
DisplayName
Fortres 101 10
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres 101 6.5
Path
C:\Program Files\Fortres Grand\Fortres 101 10\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres 101 6.5
RemPath
updates/f101/ver7
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs
DependOnService
FltMgr
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs
Description
Fortres 101 File System Mini-Filter Driver
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs
DisplayName
f101fs
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs
ErrorControl
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs
Group
FSFilter Security Enhancer
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs
ImagePath
system32\drivers\f101fs.sys
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs
Start
0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs
Tag
2
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs
Type
2
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs\Instances
DefaultInstance
F101
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs\Instances\F101
Altitude
81300
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\f101fs\Instances\F101
Flags
0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FGCF101KB
Description
FGC Keyboard Filter Driver
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FGCF101KB
DisplayName
FGCF101KB
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FGCF101KB
ErrorControl
0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FGCF101KB
Start
3
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FGCF101KB
Type
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}
UpperFilters
FGCF101KB
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
2
{239476A7-D2AB-4fa0-ABD9-AB8D57FA5E29}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
6
{A246393F-E201-440d-A4B8-F8B929D6A264}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
7
{A246393F-E201-440d-A4B8-F8B929D6A264}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
8
{A246393F-E201-440d-A4B8-F8B929D6A264}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
9
{A246393F-E201-440d-A4B8-F8B929D6A264}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
16
{A246393F-E201-440d-A4B8-F8B929D6A264}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
18
{A246393F-E201-440d-A4B8-F8B929D6A264}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
4
{D765E3B7-BBC2-4457-B871-B684D2CF46C6}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
5
{77D38FDF-5BE2-4a66-ACDC-FACD7E8A5A99}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
12
{15F3BAD3-4A6D-4204-A267-6E5F6778740A}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
17
{15F3BAD3-4A6D-4204-A267-6E5F6778740A}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
10
{69464E92-BFCC-4120-A4BA-BD61DBAE8368}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
3
{E9C35942-90A4-45dd-BA35-77BFA3525548}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
14
{FEDC7FD0-E97D-4dfb-BBFD-8F021E9C76E9}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
11
{C5FD2F26-FFF1-4129-A7E0-A5E84CD495F0}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
15
{55C828FA-8AAA-4cb6-BB6A-9322FFAB33CB}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
19
{01925629-D370-4a52-9F24-5A5CAB38121D}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
22
{E578A0E7-F745-4692-8FCE-E343B39DF61E}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
20
{65AE42FE-495A-4bd4-BADF-989CC7BA512F}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
21
{CB8AAF59-2973-4b1f-8713-0EF1118EB674}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
24
{CB8AAF59-2973-4b1f-8713-0EF1118EB674}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
23
{485B1A32-4243-45e7-9B3F-FF636DB34BC5}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
25
{59C45D37-0D38-4c13-B786-33A60153CB23}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
26
{1CF6CED5-32C2-4b3a-9577-95F07DBF13AB}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\PropEdit6
27
{A246393F-E201-440d-A4B8-F8B929D6A264}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FGCUpdStub.EXE
C:\Program Files\Fortres Grand\FGCUpdStub.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\FSRT
SharedObjectsPath
C:\Program Files\Fortres Grand\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\FSRT
Path
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\FSRT
StorageType
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\FSRT
StorageInfo
Enter server name or IP address
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager
Path
C:\Program Files\Fortres Grand\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\FGC Shared Objects
CurVerFile
FGCShared.adu
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\FGC Shared Objects
DisplayName
FGC Shared Objects
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\FGC Shared Objects
Path
C:\Program Files\Fortres Grand\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\FGC Shared Objects
RemPath
updates/FGCShared/ver61
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres Security Runtime 6.0
CurVerFile
FSRTv7.adu
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres Security Runtime 6.0
DisplayName
Fortres Security Runtime 6.0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres Security Runtime 6.0
Path
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres Security Runtime 6.0
RemPath
updates/FSRT/ver61
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\FSRT
Service
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\FSRT
EventMessageFile
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\FSRT
TypesSupported
7
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\FSI
Path
C:\Program Files\Fortres Grand\Fortres Security Interface\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FSI.EXE
C:\Program Files\Fortres Grand\Fortres Security Interface\FSI.exe
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres Security Interface 6.0
CurVerFile
fsi6.adu
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres Security Interface 6.0
DisplayName
Fortres Security Interface 6.0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres Security Interface 6.0
Path
C:\Program Files\Fortres Grand\Fortres Security Interface\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Update Manager\Fortres Security Interface 6.0
RemPath
updates/FSI/ver7
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
LocalPackage
C:\Windows\Installer\13ca2c.msi
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
AuthorizedCDFPrefix
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
Comments
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
Contact
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
DisplayVersion
8.0.0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
HelpLink
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
HelpTelephone
800-331-0372
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
InstallDate
20190423
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
InstallLocation
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
InstallSource
C:\Users\admin\AppData\Local\Temp\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
ModifyPath
MsiExec.exe /X{0258A16C-6117-4234-8FCD-9B2BB30FD013}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
NoModify
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
Publisher
Fortres Grand
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
Readme
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
Size
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
EstimatedSize
14840
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
UninstallString
MsiExec.exe /X{0258A16C-6117-4234-8FCD-9B2BB30FD013}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
URLInfoAbout
http://www.fortresgrand.com
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
URLUpdateInfo
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
VersionMajor
8
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
VersionMinor
0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
WindowsInstaller
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
Version
134217728
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
Language
1033
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
AuthorizedCDFPrefix
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
Comments
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
Contact
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
DisplayVersion
8.0.0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
HelpLink
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
HelpTelephone
800-331-0372
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
InstallDate
20190423
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
InstallLocation
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
InstallSource
C:\Users\admin\AppData\Local\Temp\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
ModifyPath
MsiExec.exe /X{0258A16C-6117-4234-8FCD-9B2BB30FD013}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
NoModify
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
Publisher
Fortres Grand
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
Readme
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
Size
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
EstimatedSize
14840
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
UninstallString
MsiExec.exe /X{0258A16C-6117-4234-8FCD-9B2BB30FD013}
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
URLInfoAbout
http://www.fortresgrand.com
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
URLUpdateInfo
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
VersionMajor
8
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
VersionMinor
0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
WindowsInstaller
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
Version
134217728
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
Language
1033
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1877CCABB9984D248A5AB9195EF89555
C61A852071164324F8DCB9B23BF00D31
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\InstallProperties
DisplayName
Fortres 101 Version 10
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0258A16C-6117-4234-8FCD-9B2BB30FD013}
DisplayName
Fortres 101 Version 10
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\C61A852071164324F8DCB9B23BF00D31
ProductFeature
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\Features
ProductFeature
hQ[+'Om!{9RZJh?fm$_+Vm))[@}A)@Yz-fV}Aw%4e7jhc3.8M=rqH$6)1v^O8qC7pGJ)t?20=%-ibG6mquz%WUALp9Lbbj'7eLOgL+!VEPTy^?avostAbKO9K9&gT5X]R=-STwi{[email protected]&e`FNTi8m$VKQlNcdwwhXy+2mrH9I*8q4FI'FQl3T'^RbuK?{eDfk?%2S9xd^4-30M9?V09ieShkzP2`7SsRb}R?oMXOQ[[email protected]^gy.*_D'$Fu{`2YBg=txh'[JlJdaed%fCvMZUAP^9M4WjRAJ)QTw*n1vm?{&-[[email protected]!V*lxcqH7]5q!AJh}u5R[%i(,[email protected][email protected],z[[email protected]=-iR%Rqf}S3u=!l~uA-r-zA)xO=[email protected](8,fxF1O9)a2^lL=W)zIY%bD}HG0wL6)2$e?Nv,g%Wv{BIVKc6R2&}[email protected])._'W=8u.?-Hk.}[email protected]$^Xa0J{u3T&qSo6$$=QI'eEflwi&sl^MtjRnh=D_WEsQgGa]RRh!fct8YAZKhwZK9Q&ta7{zP+[e.=z$jF.93v-pWlV.&IR`=@Bwe=!wZ^{b
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{0258A16C-6117-4234-8FCD-9B2BB30FD013}\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C61A852071164324F8DCB9B23BF00D31\Patches
AllPatches
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
ProductName
Fortres 101 Version 10
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
PackageCode
0FD51EFA119F91D429D628D5E2F35597
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
Language
1033
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
Version
134217728
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
Assignment
1
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
AdvertiseFlags
388
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
ProductIcon
C:\Windows\Installer\{0258A16C-6117-4234-8FCD-9B2BB30FD013}\fortres.ico
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
InstanceType
0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
AuthorizedLUAApp
0
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
DeploymentFlags
3
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1877CCABB9984D248A5AB9195EF89555
C61A852071164324F8DCB9B23BF00D31
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31\SourceList
PackageName
f101v10.msi
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31\SourceList\Net
1
C:\Users\admin\AppData\Local\Temp\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31\SourceList\Media
1
;
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31
Clients
:
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C61A852071164324F8DCB9B23BF00D31\SourceList
LastUsedSource
n;1;C:\Users\admin\AppData\Local\Temp\
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
99
3680
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
NestingLevel
0
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Enter)
40000000000000006C6C22E21AFAD401640B0000AC0D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Enter)
40000000000000006C6C22E21AFAD401640B0000A0090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Enter)
40000000000000006C6C22E21AFAD401640B00008C090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Enter)
40000000000000006C6C22E21AFAD401640B0000A80D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
IDENTIFY (Leave)
40000000000000007A9329E21AFAD401640B0000AC0D0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
IDENTIFY (Leave)
40000000000000007A9329E21AFAD401640B0000A0090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
IDENTIFY (Leave)
40000000000000002E582EE21AFAD401640B0000A80D0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
IDENTIFY (Leave)
400000000000000088BA30E21AFAD401640B00008C090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Enter)
4000000000000000E43481E81AFAD401640B00008C09000001040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_BEGINPREPARE (Leave)
4000000000000000E43481E81AFAD401640B00008C09000001040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Enter)
400000000000000098F985E81AFAD401640B00008C090000E9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Enter)
400000000000000098F985E81AFAD401640B0000A0090000E9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Enter)
400000000000000098F985E81AFAD401640B0000A80D0000E9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPAREBACKUP (Leave)
40000000000000004CBE8AE81AFAD401640B00008C090000E9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000004CBE8AE81AFAD401640B00008C09000001000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPAREBACKUP (Leave)
40000000000000004CBE8AE81AFAD401640B0000A80D0000E9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000004CBE8AE81AFAD401640B0000A80D000001000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPAREBACKUP (Leave)
40000000000000004CBE8AE81AFAD401640B0000A0090000E9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_STABLE (SetCurrentState)
40000000000000004CBE8AE81AFAD401640B0000A009000001000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Enter)
40000000000000001CD19DE81AFAD401640B00008C090000F9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Enter)
40000000000000001CD19DE81AFAD401640B0000A0090000F9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Enter)
40000000000000001CD19DE81AFAD401640B0000A80D0000F9030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
GETSTATE (Leave)
40000000000000007633A0E81AFAD401640B0000A80D0000F9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
GETSTATE (Leave)
40000000000000007633A0E81AFAD401640B00008C090000F9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
GETSTATE (Leave)
40000000000000007633A0E81AFAD401640B0000A0090000F9030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Enter)
40000000000000002AF8A4E81AFAD401640B00005007000002040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_ENDPREPARE (Leave)
4000000000000000CC5423E91AFAD401640B00005007000002040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Enter)
4000000000000000CC5423E91AFAD401640B000050070000EA030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Enter)
4000000000000000DA7B2AE91AFAD401640B0000BC0F0000EA030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Enter)
4000000000000000DA7B2AE91AFAD401640B0000CC0F0000EA030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Enter)
4000000000000000DA7B2AE91AFAD401640B0000DC0F0000EA030000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
PREPARESNAPSHOT (Leave)
40000000000000005E5342E91AFAD401640B0000DC0F0000EA030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000005E5342E91AFAD401640B0000DC0F000002000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
PREPARESNAPSHOT (Leave)
40000000000000005E5342E91AFAD401640B0000BC0F0000EA030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000005E5342E91AFAD401640B0000BC0F000002000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
PREPARESNAPSHOT (Leave)
40000000000000005E5342E91AFAD401640B0000CC0F0000EA030000000000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)
40000000000000005E5342E91AFAD401640B0000CC0F000002000000010000000100000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
PREPARESNAPSHOT (Leave)
4000000000000000FE7868E91AFAD401640B000050070000EA030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Enter)
4000000000000000FE7868E91AFAD401640B000050070000EB030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Enter)
4000000000000000FE7868E91AFAD401640B000050070000EC030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Enter)
400000000000000058DB6AE91AFAD401640B0000C80F0000EB030000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
FREEZE (Leave)
400000000000000058DB6AE91AFAD401640B0000C80F0000EB030000000000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
400000000000000058DB6AE91AFAD401640B0000C80F000003000000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Enter)
400000000000000058DB6AE91AFAD401640B0000A0080000FC030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_FRONT (Leave)
4000000000000000B23D6DE91AFAD401640B000050070000EC030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Enter)
4000000000000000B23D6DE91AFAD401640B000050070000ED030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_BACK (Leave)
40000000000000000CA06FE91AFAD401640B000050070000ED030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Enter)
40000000000000000CA06FE91AFAD401640B000050070000EE030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Enter)
4000000000000000660272E91AFAD401640B0000D00F0000EB030000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
FREEZE (Leave)
4000000000000000660272E91AFAD401640B0000D00F0000EB030000000000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
4000000000000000660272E91AFAD401640B0000D00F000003000000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Enter)
4000000000000000660272E91AFAD401640B0000B8080000FC030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_SYSTEM (Leave)
4000000000000000C06474E91AFAD401640B000050070000EE030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Enter)
4000000000000000C06474E91AFAD401640B000050070000F0030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_KTM (Leave)
4000000000000000C06474E91AFAD401640B000050070000F0030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Enter)
4000000000000000C06474E91AFAD401640B000050070000EF030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Enter)
4000000000000000742979E91AFAD401640B0000BC0F0000EB030000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
FREEZE (Leave)
400000000000000028EE7DE91AFAD401640B0000BC0F0000EB030000000000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_THAW (SetCurrentState)
400000000000000028EE7DE91AFAD401640B0000BC0F000003000000010000000200000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Enter)
400000000000000028EE7DE91AFAD401640B00005C0A0000FC030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE_RM (Leave)
400000000000000028EE7DE91AFAD401640B000050070000EF030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
FREEZE (Leave)
400000000000000028EE7DE91AFAD401640B000050070000EB030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Enter)
400000000000000028EE7DE91AFAD401640B00005007000003040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PRECOMMIT (Leave)
400000000000000028EE7DE91AFAD401640B00005007000003040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Enter)
400000000000000028EE7DE91AFAD401640B000050070000FD030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Enter)
400000000000000028EE7DE91AFAD401640B0000A80A0000FD030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
OPEN_VOLUME_HANDLE (Leave)
4000000000000000907787E91AFAD401640B0000A80A0000FD030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
OPEN_VOLUME_HANDLE (Leave)
4000000000000000907787E91AFAD401640B000050070000FD030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000907787E91AFAD401640B0000A80A0000FE030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000009E9E8EE91AFAD401640B0000A80A0000FE030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Enter)
40000000000000009E9E8EE91AFAD401640B0000A80A0000FF030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace(__?_Volume{e1a82db4-a9f0-11e7-b142-806e6f6e6963}_)
IOCTL_RELEASE (Leave)
40000000000000009E9E8EE91AFAD401640B0000A80A0000FF030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Enter)
4000000000000000907787E91AFAD401640B000050070000FE030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_FLUSH_AND_HOLD (Leave)
40000000000000009E9E8EE91AFAD401640B000050070000FE030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Enter)
40000000000000009E9E8EE91AFAD401640B000050070000FF030000010000000000000000000000000000000000000000000000000000000000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Lovelace
IOCTL_RELEASE (Leave)
40000000000000009E9E8EE91AFAD401640B000050070000FF030000000000000000000000000000000000000000000000000000000000000000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Enter)
40000000000000009E9E8EE91AFAD401640B0000A40A000004040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_COMMIT (Leave)
40000000000000009E9E8EE91AFAD401640B0000A40A000004040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Enter)
40000000000000009E9E8EE91AFAD401640B00005007000005040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTCOMMIT (Leave)
40000000000000009E9E8EE91AFAD401640B00005007000005040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Enter)
40000000000000009E9E8EE91AFAD401640B000050070000F4030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW_KTM (Leave)
40000000000000009E9E8EE91AFAD401640B000050070000F4030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Enter)
40000000000000009E9E8EE91AFAD401640B000050070000F2030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Enter)
4000000000000000526393E91AFAD401640B0000BC0F0000F2030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Enter)
4000000000000000526393E91AFAD401640B0000D00F0000F2030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000526393E91AFAD401640B0000A0080000FC030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
THAW (Leave)
4000000000000000526393E91AFAD401640B0000BC0F0000F2030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000526393E91AFAD401640B0000B8080000FC030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000526393E91AFAD401640B0000BC0F000004000000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Enter)
4000000000000000526393E91AFAD401640B0000C40F0000F2030000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
THAW (Leave)
4000000000000000526393E91AFAD401640B0000D00F0000F2030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BKGND_FREEZE_THREAD (Leave)
4000000000000000526393E91AFAD401640B00005C0A0000FC030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000526393E91AFAD401640B0000D00F000004000000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
THAW (Leave)
4000000000000000526393E91AFAD401640B0000C40F0000F2030000000000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)
4000000000000000526393E91AFAD401640B0000C40F000004000000010000000300000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
THAW (Leave)
4000000000000000526393E91AFAD401640B000050070000F2030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Enter)
4000000000000000526393E91AFAD401640B00005007000006040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_PREFINALCOMMIT (Leave)
4000000000000000C29BCCE91AFAD401640B00005007000006040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Enter)
4000000000000000C29BCCE91AFAD401640B000050070000F5030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Enter)
400000000000000092AEDFE91AFAD401640B0000C80F0000F5030000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Enter)
400000000000000092AEDFE91AFAD401640B0000DC0F0000F5030000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Enter)
400000000000000092AEDFE91AFAD401640B0000BC0F0000F5030000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
POSTSNAPSHOT (Leave)
400000000000000092AEDFE91AFAD401640B0000DC0F0000F5030000000000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
400000000000000092AEDFE91AFAD401640B0000DC0F000005000000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
POSTSNAPSHOT (Leave)
400000000000000092AEDFE91AFAD401640B0000C80F0000F5030000000000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000EC10E2E91AFAD401640B0000C80F000005000000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
POSTSNAPSHOT (Leave)
4000000000000000F07E92EA1AFAD401640B0000BC0F0000F5030000000000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)
4000000000000000F07E92EA1AFAD401640B0000BC0F000005000000010000000400000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
POSTSNAPSHOT (Leave)
4000000000000000F07E92EA1AFAD401640B000050070000F5030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Enter)
4000000000000000F07E92EA1AFAD401640B00005007000007040000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
PROVIDER_POSTFINALCOMMIT (Leave)
4000000000000000CEB8ACEA1AFAD401640B00005007000007040000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Enter)
4000000000000000EA06BBEA1AFAD401640B000050070000FB030000010000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Enter)
40000000000000004469BDEA1AFAD401640B0000CC0F0000FB030000010000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
BACKUPSHUTDOWN (Leave)
40000000000000004469BDEA1AFAD401640B0000CC0F0000FB030000000000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Enter)
40000000000000004469BDEA1AFAD401640B0000D00F0000FB030000010000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Enter)
40000000000000004469BDEA1AFAD401640B0000C80F0000FB030000010000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
BACKUPSHUTDOWN (Leave)
40000000000000004469BDEA1AFAD401640B0000D00F0000FB030000000000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
BACKUPSHUTDOWN (Leave)
40000000000000004469BDEA1AFAD401640B0000C80F0000FB030000000000000500000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
2916
vssvc.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
BACKUPSHUTDOWN (Leave)
40000000000000004469BDEA1AFAD401640B000050070000FB030000000000000000000000000000B285B4A8B34B7A42B6077B62CB62F21F0000000000000000
3660
DrvInst.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2544
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Fortres Grand
InstallInProgress
1
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
C:\Windows\system32\SMChk.exe,C:\Windows\system32\userinit.exe,
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
C:\Program Files\Fortres Grand\Fortres 101 10\Fortres.exe,C:\Windows\system32\SMChk.exe,C:\Windows\system32\userinit.exe,
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF0030E2-E7B4-43A0-B679-682F4538947B}
C898808BF7E72755C898808BB3B774058FABD5DBDAD0150D9EAFD1B9A5CA6563FFC8B2BEA0A90A17FAABD9CCA7D17278FDC9D5C7CFAC7D07C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BF7E72755C898808BB74A1EB66589558AF7E72755C898808BF7E7275588B55561ED1DF354C898808BF7E72755C898808BA5B3271FCC37808BF1E72755C898808BF7E72755C898808BF7E72755BC8C6A22055B3268D748E609
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASAPI32
EnableFileTracing
0
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASAPI32
EnableConsoleTracing
0
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASAPI32
FileTracingMask
4294901760
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASAPI32
ConsoleTracingMask
4294901760
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASAPI32
MaxFileSize
1048576
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASAPI32
FileDirectory
%windir%\tracing
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASMANCS
EnableFileTracing
0
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASMANCS
EnableConsoleTracing
0
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASMANCS
FileTracingMask
4294901760
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASMANCS
ConsoleTracingMask
4294901760
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASMANCS
MaxFileSize
1048576
2544
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MsiExec_RASMANCS
FileDirectory
%windir%\tracing
2544
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2544
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2544
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2544
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2544
MsiExec.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3240
FSRT.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49C68154-EF9B-41b7-B2A7-D0570983A20A}
FBFE8B8245D38E43BF29368BB8E7FC62
3240
FSRT.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Fortres 101
Active
1
3240
FSRT.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Fortres Grand\Fortres 101
Active
0

Files activity

Executable files
29
Suspicious files
18
Text files
76
Unknown types
0

Dropped files

PID
Process
Filename
Type
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres Security Interface\cc6eng.dll
executable
MD5: c27283c48a2326a2a506f355d100ebde
SHA256: 5ecb79b1927031b8a936769f5582113a72d744104f7329b8e6121ed044ea7462
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\fsrtu.exe
executable
MD5: 8ced20e95dde8c925507a2142b7a8678
SHA256: 5f9e02c951f19908921bdc0e232057c8f2a4d90b3e105e54f8ba98471412326c
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres 101 10\F101ui.dll
executable
MD5: ee28cb1b55e5af9d3e4ba55143f6c279
SHA256: ae0c6598a645075091cd67bbabca5584e102870e2ea6cf5026ae762227b02706
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.exe
executable
MD5: b4e21a9d56edfd332a48a6fdaf0dfd06
SHA256: 3e0d2fc33d5ef6738e3c36fc7c68d8183f2dc5e9debb642793e87fbd6f9013f5
3680
msiexec.exe
C:\Program Files\Fortres Grand\FGActWiz.dll
executable
MD5: a003eb043b22c7b657cbd06a73b1a8f1
SHA256: b81708f77c29f919c1584ac1e5a89700c56fa15ff167c7d59f85a1b41e9d0d77
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres 101 10\Launcher.exe
executable
MD5: d37f17531d73a10eac0c6557e4aa209b
SHA256: 8fdcf6331699a3ace17ee7c9a86833587aebdbb41258946148c8cdd5d54efb2d
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres 101 10\F101rt.dll
executable
MD5: 92d442cd3219b64cca01639737d8f05a
SHA256: b29769d0e59b2c92579a82f169767a518052c27cf8a0ad9ba375addd326c5010
3680
msiexec.exe
C:\Program Files\Fortres Grand\PropEdit6.dll
executable
MD5: 7f0367b9d1bb0ca75cfe8416a01926a5
SHA256: c079bd55741ef5d67689189022a4ef96a6f7471fda8e92347ee0af6f633b8040
3680
msiexec.exe
C:\Windows\system32\Drivers\f101fs.sys
executable
MD5: ac4bdd085f89204e1f1f601655399db7
SHA256: 1b6f40fcd91731565e1c7fb3b21e7f33713fd5911bbaa6f6d75267129e67e8c3
3680
msiexec.exe
C:\Windows\system32\SMChk.exe
executable
MD5: ec37d958ce4bd72d7e4ac8edec230217
SHA256: 6686020de0a616e3e1071ffd27ef48d9f72efcd2e5498b3915313da43735d648
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres Security Interface\FSI.exe
executable
MD5: 8206dedc51458d17830517d4b60be6f9
SHA256: 849d76d3acf47d2774d3e8a9babc79c0c6e96715dedb672d2235358df22ec076
3680
msiexec.exe
C:\Windows\Installer\MSID243.tmp
executable
MD5: 0348476cddb15c32d62405923643d06f
SHA256: 19f20053d500ace8d99ec519dbe61c9912cd6e454389716444bb8e063f9c77b8
3680
msiexec.exe
C:\Windows\system32\Drivers\fgcf101kb.sys
executable
MD5: f81889ee13d12276d11b4290a1b87e87
SHA256: 593f419f5b44314642d88d1c0074ccf3130e698acba5d111b6fec19f229e3109
3680
msiexec.exe
C:\Windows\Installer\MSIDD32.tmp
executable
MD5: 316d306a0400b8c26a276ddc64d01e4e
SHA256: ef6bf41d47ea80c903a1f922f77560bb0dae5eb2aa1c4a8074a933c971d92bfa
3680
msiexec.exe
C:\Program Files\Fortres Grand\FGAttr6.dll
executable
MD5: 2b3e87cfce41172ebada4ed7857ce3ce
SHA256: 6823042d032311c6855f5fc8abc262615a51d35dbdf73d4b1dfa3b1365909e04
3680
msiexec.exe
C:\Windows\Installer\MSID186.tmp
executable
MD5: 316d306a0400b8c26a276ddc64d01e4e
SHA256: ef6bf41d47ea80c903a1f922f77560bb0dae5eb2aa1c4a8074a933c971d92bfa
3680
msiexec.exe
C:\Program Files\Fortres Grand\FGClient.dll
executable
MD5: f98f5c1b8b89c20db31d4322abe1a2d5
SHA256: c9fd9c72da837fea6d21441a0c80a8a6a27f99856ffad2366fef05234992a90c
3680
msiexec.exe
C:\Windows\Installer\MSIE2A2.tmp
executable
MD5: 316d306a0400b8c26a276ddc64d01e4e
SHA256: ef6bf41d47ea80c903a1f922f77560bb0dae5eb2aa1c4a8074a933c971d92bfa
3680
msiexec.exe
C:\Program Files\Fortres Grand\FGCUpdStub.exe
executable
MD5: 8a6a0455a26a66c2fb3d5495159ffc96
SHA256: bd6bd8d650f89ce71e0dc62ff51f909ffa9c2d57a1e562cebf0a1a8adbc85b00
3680
msiexec.exe
C:\Windows\Installer\MSICED1.tmp
executable
MD5: 316d306a0400b8c26a276ddc64d01e4e
SHA256: ef6bf41d47ea80c903a1f922f77560bb0dae5eb2aa1c4a8074a933c971d92bfa
3680
msiexec.exe
C:\Program Files\Fortres Grand\FGCUPDMGR.DLL
executable
MD5: 1863c80444ffead357a8f705f49e29ed
SHA256: 36dc86977012a64147af72406815fefa5292e881a5c29da42528f38307e0b33e
3680
msiexec.exe
C:\Windows\Installer\MSIE310.tmp
executable
MD5: 316d306a0400b8c26a276ddc64d01e4e
SHA256: ef6bf41d47ea80c903a1f922f77560bb0dae5eb2aa1c4a8074a933c971d92bfa
3680
msiexec.exe
C:\Windows\system32\Fortresd.dll
executable
MD5: 5ffacf9871d2039d57d2670ab75b8903
SHA256: 8a88972e0f44e66d61cc9e3c9833d56dbdc2336aa8213aaedbb2de911bce8f36
3680
msiexec.exe
C:\Windows\Installer\MSICCAC.tmp
executable
MD5: 0348476cddb15c32d62405923643d06f
SHA256: 19f20053d500ace8d99ec519dbe61c9912cd6e454389716444bb8e063f9c77b8
3680
msiexec.exe
C:\Program Files\Fortres Grand\FGRchStr.dll
executable
MD5: f5846c3d4983915c0e244642047ce1ac
SHA256: f27ddbbf165cfb97b6c2e2cbb6996c8352c2a4ea19522c5499a7a940e6b1abc2
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\flogo.exe
executable
MD5: 8a74d07a403ff1024b0fc5809c933a95
SHA256: 9f7f8dc16bfb87ef376da0b005888c4d1bbed8c580088d8263614034241d5dba
3680
msiexec.exe
C:\Program Files\Fortres Grand\FGPriv.dll
executable
MD5: 024d01b4aaa2e1b9c9a6dc0b46f4d2a9
SHA256: 10f3797ffb741197af54a39e7c66d82dec9d69dc2c4c447193e698422474be86
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres 101 10\Fortres.exe
executable
MD5: 3372574ed3679135281bf7a67572f7ab
SHA256: c5e5e642e6d2c3a7692caa1e03f493a2db09f8fbf750edaf6d0ef60d9e773959
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres 101 10\F101Tray.exe
executable
MD5: 24c43f63a2ffeaf5f4305f2ce4df1118
SHA256: 0141754f3f4c544971ea52a3923f36b090eb8b048f1bb86519584f8a3f34e987
3680
msiexec.exe
C:\Windows\Installer\13ca2a.ipi
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRTv7.adu
binary
MD5: 080572238d8bddf109badac3652d1285
SHA256: 4ca4e3ea6e8eeb0441d51caa141be85beb1818dc22d09272269353d1d132f522
3680
msiexec.exe
C:\Config.Msi\13ca2b.rbs
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Windows\Installer\13ca2c.msi
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres Security Interface\fsi6.adu
binary
MD5: 890855ce59064683f19e72227a88f56a
SHA256: e3be8a5d34c1dd02e7a69fa70ba904945ebb3ae9924d8701821412823d143f00
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres 101 10\f101v7.adu
binary
MD5: 5eac52f6102e419248cfbb5c477ed89b
SHA256: 372e6b223a19bfc477bd64c99807c1b96821006eb4f45ea6d414467a60a254ce
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres 101 10\f101v7.adb
binary
MD5: 75c1f66ced362bf51f77efa851f5e94c
SHA256: c83e7d76165bd8342f405141e6961e2b663de5f489b929b799090175d2fc8d3f
3240
FSRT.exe
C:\ProgramData\Fortres Grand\Fortres 101 10\ipdb-journal
––
MD5:  ––
SHA256:  ––
3240
FSRT.exe
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\repl\userlist.fdb-journal
––
MD5:  ––
SHA256:  ––
3240
FSRT.exe
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\settings\userlist.fdb-journal
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Windows\Installer\{0258A16C-6117-4234-8FCD-9B2BB30FD013}\fortres.ico
image
MD5: 87287fb4178c3b38d5f1866c68c7c629
SHA256: 8dbf0a32f464bc2c6209fb0a7aa027cb6e345db7c02f0ad20b85e7b35dcc8e15
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres 101 10\f101.chm
––
MD5:  ––
SHA256:  ––
2792
f101v10b5836.exe
C:\Users\admin\AppData\Local\Temp\f101v10.msi
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\Settings\appmgr.default
binary
MD5: b111b34c0a98ecb295d06c5bc2404cd8
SHA256: b75b25407f36c4ee56926441336497f4a979e9bc1a1adaaeac8f24a0d9d70c94
3680
msiexec.exe
C:\Windows\Installer\MSID04B.tmp
binary
MD5: 725e92266e6c3216d2b027d35f88c0cc
SHA256: 398c40f680025f33c29697869ad0362a3e3223b1d6ea659974cba0f0df5511fb
2544
MsiExec.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\Activate[1].asp
html
MD5: 64e5817c4a6d85c34ed49193b2e171f3
SHA256: 1bd1d0ac48c7070f126276cfda3a19d984303a3579c0dc93f8c9967e3ddde26d
3680
msiexec.exe
C:\Windows\Installer\MSID7D2.tmp
––
MD5:  ––
SHA256:  ––
2916
vssvc.exe
C:
––
MD5:  ––
SHA256:  ––
3240
FSRT.exe
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\settings\appmgr.ad
binary
MD5: 3a0c599467aca78658a378fb1c922d55
SHA256: 48e681ce103dbdf4ceadf5256ef4d2ec31414f28ba214eecc2a0939d8150e039
3680
msiexec.exe
C:\Windows\Installer\MSID0CA.tmp
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Windows\Installer\MSID07A.tmp
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Windows\Installer\MSICFDC.tmp
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Windows\Installer\MSICF6E.tmp
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Program Files\Fortres Grand\FGCShared.adu
binary
MD5: 9c1a0eca1dc83846ab5fe48e73587b05
SHA256: 14de183285a3c48e70a9c76eb92e39ac435bd698bcc3cac5a502772f32ae2319
3680
msiexec.exe
C:\Windows\Installer\13ca2a.ipi
binary
MD5: 082664347870283686a8d18bcb26c82e
SHA256: 0c54235ea60dae944d2c64c714b776c9982c36041b1972c7cb4ddcb85df84797
3680
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF0C3B32D3BD974A8B.TMP
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Windows\Installer\MSICD87.tmp
––
MD5:  ––
SHA256:  ––
3240
FSRT.exe
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\settings\appmgr.ad
binary
MD5: 65de2fd1a068e17355dfcd0748f77196
SHA256: 7f06c75e9a7cc60cfbda0e2e5049069a371eaeb90518bcbb28e3e5e9c194defe
3680
msiexec.exe
C:\Users\admin\AppData\Local\Temp\TarCB63.tmp
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Users\admin\AppData\Local\Temp\CabCB62.tmp
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Windows\Installer\13ca29.msi
––
MD5:  ––
SHA256:  ––
3660
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
text
MD5: b081022745e0cebf6e45c833eaf788e7
SHA256: a6cfa792f0d29a80a78de0852c7dd878f354dcddbffffeb3036dd321c32f5727
3660
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 1568bdc7ec023685906d6f61ad3fdae8
SHA256: d7dc401fd4a5a1ff786672e139e994bb3d50ec36963d522d418509f0a0c73e92
3660
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: b19894505513de5589d3ea1b55b87d31
SHA256: 031d08e8d377eef606850e7ce99594f8f8f6b16744da680dcd315af6fe06d68a
3660
DrvInst.exe
C:\Windows\INF\setupapi.dev.log
ini
MD5: 44f4d868f98424f56bff7dee5bbf28be
SHA256: 318f2025d3faad0a4bc9faa80c06c1fb1a30d8e02087a84d57a42fc5a36104cf
3660
DrvInst.exe
C:\Windows\INF\setupapi.ev1
binary
MD5: 7348610bbd7ae1dc84a8971238abe42a
SHA256: aafa7deef5af2aee2f657be5d1c4547c00a15044ef08b9e85dddf77927c6180a
3660
DrvInst.exe
C:\Windows\INF\setupapi.ev3
binary
MD5: 76dcc60f78b3dff1ae3627619074f465
SHA256: 18541ac1875315c4f9eff75050c574faff83717c029dae6b366f9c6c3f0c19e0
3680
msiexec.exe
C:\System Volume Information\SPP\metadata-2
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\System Volume Information\SPP\snapshot-2
binary
MD5: 3c236c6752cdf0fb25376fb9deba9ffd
SHA256: 0c5d64c22435ef5c14ea528657ebe1406ec15c5794a753ffa6241f93bc3467a8
3680
msiexec.exe
C:\System Volume Information\SPP\OnlineMetadataCache\{a8b485b2-4bb3-427a-b607-7b62cb62f21f}_OnDiskSnapshotProp
binary
MD5: 3c236c6752cdf0fb25376fb9deba9ffd
SHA256: 0c5d64c22435ef5c14ea528657ebe1406ec15c5794a753ffa6241f93bc3467a8
3488
MSIEXEC.EXE
C:\Users\admin\AppData\Local\Temp\MSI5F13.tmp
––
MD5:  ––
SHA256:  ––
3488
MSIEXEC.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 6a2cf918775dc7ae4123486904fd4e33
SHA256: 5b97a72f393e416dc2569dc44688608cb0198f12b1631b0763408c21e58ef9da
3488
MSIEXEC.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: be29ef7470cd245bd74d236d92f6a179
SHA256: f878be40bcf935424fe4ed72a8d9ea0ea26980d81f308924db1c5345b746eb2f
3488
MSIEXEC.EXE
C:\Users\admin\AppData\Local\Temp\Tar2ECB.tmp
––
MD5:  ––
SHA256:  ––
3488
MSIEXEC.EXE
C:\Users\admin\AppData\Local\Temp\Cab2ECA.tmp
––
MD5:  ––
SHA256:  ––
3488
MSIEXEC.EXE
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 04d79a0dc77a8f449cbff6252862d398
SHA256: 4c9c4d831d61c8c38b2513f9b431ef4f4cf6af9fb18a2317cd2178d6e0997822
3488
MSIEXEC.EXE
C:\Users\admin\AppData\Local\Temp\Tar2E3C.tmp
––
MD5:  ––
SHA256:  ––
3488
MSIEXEC.EXE
C:\Users\admin\AppData\Local\Temp\Tar2E2B.tmp
––
MD5:  ––
SHA256:  ––
3488
MSIEXEC.EXE
C:\Users\admin\AppData\Local\Temp\Cab2E3B.tmp
––
MD5:  ––
SHA256:  ––
3488
MSIEXEC.EXE
C:\Users\admin\AppData\Local\Temp\Cab2E2A.tmp
––
MD5:  ––
SHA256:  ––
3488
MSIEXEC.EXE
C:\Users\admin\AppData\Local\Temp\Tar2E19.tmp
––
MD5:  ––
SHA256:  ––
3488
MSIEXEC.EXE
C:\Users\admin\AppData\Local\Temp\Cab2E18.tmp
––
MD5:  ––
SHA256:  ––
3680
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFDE7FC55297B1B53B.TMP
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
2
DNS requests
2
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3488 MSIEXEC.EXE GET 200 93.184.221.240:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3488 MSIEXEC.EXE 93.184.221.240:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2544 MsiExec.exe 168.62.48.183:443 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
www.download.windowsupdate.com 93.184.221.240
whitelisted
www.fortresgrand.com 168.62.48.183
unknown

Threats

No threats detected.

Debug output strings

Process Message
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe
f101v10b5836.exe