Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RequestFeeEstimateApp.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number
of Pages: 200, Revision Number: {58DACE45-1C39-4451-931D-0E84B499215B}, Title: Request for Fee Estimate Application, Subject:
The Public Trustee provides estimates of its fund management fees to firms or organisations representing claimants in Court
proceedings where damages may be awarded as a result of injury or disablement. The Request for Fee Estimate Application may
be used by firms or organisations to request fee estimates from the Public Trustee., Author: The Public Trustee of Queensland,
Comments: The Public Trustee provides estimates of its fund management fees to firms or organisations representing claimants
in Court proceedings where damages may be awarded as a result of injury or disablement. The Request for Fee Estimate Application
may be used by firms or organisations to request fee estimates from the Public Trustee., Number of Words: 2, Last Saved Time/Date:
Mon Jul 9 02:53:09 2018, Last Printed: Mon Jul 9 02:53:09 2018
|
initial sample
|
||
|
C:\Config.Msi\5a852a.rbs
|
data
|
modified
|
||
|
C:\Program Files (x86)\The Public Trustee of Queensland\Request for Fee Estimate Application\PTQ_Seal.ico
|
MS Windows icon resource - 9 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\The Public Trustee of Queensland\Request for Fee Estimate Application\RequestFeeEstimateApp.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\The Public Trustee of Queensland\Request for Fee Estimate Application\RequestFeeEstimateApp.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Request for Fee Estimate Application.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:25:52
1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
||
|
C:\System Volume Information\SPP\OnlineMetadataCache\{fe7b918d-19da-4ca8-93fe-5495b57b5003}_OnDiskSnapshotProp
|
data
|
dropped
|
||
|
C:\System Volume Information\SPP\metadata-2
|
SysEx File - Twister
|
dropped
|
||
|
C:\System Volume Information\SPP\snapshot-2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CFGCCF0.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CFGFDEF.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI8AD3.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIA016.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF91053F43BDA8E722.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFA3758A8D517DBC85.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFA8CE440D36CE0491.TMP
|
data
|
dropped
|
||
|
C:\Users\Public\Desktop\Request for Fee Estimate Application.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:25:52
1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
||
|
C:\Windows\Installer\5a8528.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number
of Pages: 200, Revision Number: {58DACE45-1C39-4451-931D-0E84B499215B}, Title: Request for Fee Estimate Application, Subject:
The Public Trustee provides estimates of its fund management fees to firms or organisations representing claimants in Court
proceedings where damages may be awarded as a result of injury or disablement. The Request for Fee Estimate Application may
be used by firms or organisations to request fee estimates from the Public Trustee., Author: The Public Trustee of Queensland,
Comments: The Public Trustee provides estimates of its fund management fees to firms or organisations representing claimants
in Court proceedings where damages may be awarded as a result of injury or disablement. The Request for Fee Estimate Application
may be used by firms or organisations to request fee estimates from the Public Trustee., Number of Words: 2, Last Saved Time/Date:
Mon Jul 9 02:53:09 2018, Last Printed: Mon Jul 9 02:53:09 2018
|
dropped
|
||
|
C:\Windows\Installer\5a8529.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\5a852b.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number
of Pages: 200, Revision Number: {58DACE45-1C39-4451-931D-0E84B499215B}, Title: Request for Fee Estimate Application, Subject:
The Public Trustee provides estimates of its fund management fees to firms or organisations representing claimants in Court
proceedings where damages may be awarded as a result of injury or disablement. The Request for Fee Estimate Application may
be used by firms or organisations to request fee estimates from the Public Trustee., Author: The Public Trustee of Queensland,
Comments: The Public Trustee provides estimates of its fund management fees to firms or organisations representing claimants
in Court proceedings where damages may be awarded as a result of injury or disablement. The Request for Fee Estimate Application
may be used by firms or organisations to request fee estimates from the Public Trustee., Number of Words: 2, Last Saved Time/Date:
Mon Jul 9 02:53:09 2018, Last Printed: Mon Jul 9 02:53:09 2018
|
dropped
|
||
|
C:\Windows\Installer\MSI31BD.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSI44DE.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI7012.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}\_853F67D554F05449430E7E.exe
|
MS Windows icon resource - 9 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Windows\Installer\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}\_A85671EAB9534020145BAD.exe
|
MS Windows icon resource - 9 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Windows\Installer\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}\_FC1595DE29501BE620D66A.exe
|
MS Windows icon resource - 9 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
There are 17 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\RequestFeeEstimateApp.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 15D085CEE9AA24273C52817D86F1DFDC C
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding E19954DDDCA32EB259172C345C0E3285
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.pt.qld.gov.au/media/1094/guide-for-financial-management-clients.pdf
|
unknown
|
||
|
https://www.pt.qld.gov.au/fee-estimates
|
unknown
|
||
|
https://www.pt.qld.gov.au/fee-estimates/#protection
|
unknown
|
||
|
http://www.pt.qld.gov.au
|
unknown
|
||
|
http://www.pt.qld.gov.au/
|
unknown
|
||
|
http://www.pt.qld.gov.au/site-footer/privacy/
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
GETSTATE (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
GETSTATE (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
DOSNAPSHOT (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
DOSNAPSHOT (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5a852a.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5a852a.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC1B72DB9C12D0D1D643F8E46140FD96
|
3BFFB7D939EB18B48BF0A688002173BB
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DF568085E21FD4FDB12744A357A747E
|
3BFFB7D939EB18B48BF0A688002173BB
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DA306FAAB786356C84A125B715E186E
|
3BFFB7D939EB18B48BF0A688002173BB
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\The Public Trustee of Queensland\Request for Fee Estimate Application\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\The Public Trustee of Queensland\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\Installer\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\10CA0E527660A3242AA359CFE9F8D8B1
|
3BFFB7D939EB18B48BF0A688002173BB
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D7BFFB3-BE93-4B81-B80F-6A88001237BB}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|The Public Trustee of Queensland|Request for
Fee Estimate Application|RequestFeeEstimateApp.exe
|
RequestFeeEstimateApp,Version="1.0.0.21376",Culture="neutral",ProcessorArchitecture="MSIL"
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\3BFFB7D939EB18B48BF0A688002173BB
|
DefaultFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\Features
|
DefaultFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3BFFB7D939EB18B48BF0A688002173BB\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
ProductIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\10CA0E527660A3242AA359CFE9F8D8B1
|
3BFFB7D939EB18B48BF0A688002173BB
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3BFFB7D939EB18B48BF0A688002173BB\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
|
LastIndex
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
|
LastIndex
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
There are 102 hidden registries, click here to show them.