Forum Discussion
Defender for Identity sensor install failed. error code 0x80070643
Deploying Defender for Identity Sensors on 3 Domain Controllers, DC1 (server 2012R2) - success, DC2 (server 2019) - success, DC3 (server 2012R2) - failed error code 0x80070643. Any guidance would be...
EliOfek
Microsoft
MicrosoftThe root cause should be in one of the other logs mentioned here:
https://learn.microsoft.com/en-us/defender-for-identity/troubleshooting-using-logs#defender-for-identity-deployment-logs
https://learn.microsoft.com/en-us/defender-for-identity/troubleshooting-using-logs#defender-for-identity-deployment-logs
- Eli, thank you for your response, additional logs below:
Azure Advanced Threat Protection Sensor_20230924174403
[1204:1260][2023-09-24T17:44:03]i001: Burn v3.11.2.4516, Windows v6.3 (Build 9600: Service Pack 0), path: C:\Windows\Temp\{6C488131-3836-42FC-8CD9-73645EC88656}\.cr\Azure ATP Sensor Setup.exe
[1204:1260][2023-09-24T17:44:03]i000: Initializing hidden variable 'AccessKey'
[1204:1260][2023-09-24T17:44:03]i000: Initializing hidden variable 'ProxyConfiguration'
[1204:1260][2023-09-24T17:44:03]i000: Initializing hidden variable 'ProxyUserPassword'
[1204:1260][2023-09-24T17:44:03]i000: Initializing string variable 'NetFrameworkCommandLineArguments' to value '/passive /showrmui'
[1204:1260][2023-09-24T17:44:03]i009: Command Line: '"-burn.clean.room=C:\Users\oscar\Downloads\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe" -burn.filehandle.attached=396 -burn.filehandle.self=400'
[1204:1260][2023-09-24T17:44:03]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\oscar\Downloads\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe'
[1204:1260][2023-09-24T17:44:03]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\oscar\Downloads\Azure ATP Sensor Setup\'
[1204:1260][2023-09-24T17:44:03]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403.log'
[1204:1260][2023-09-24T17:44:03]i000: Setting string variable 'WixBundleName' to value 'Azure Advanced Threat Protection Sensor'
[1204:1260][2023-09-24T17:44:03]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corporation'
[1204:1260][2023-09-24T17:44:03]i000: Loading managed bootstrapper application.
[1204:1260][2023-09-24T17:44:03]i000: Creating BA thread to run asynchronously.
[1204:1260][2023-09-24T17:44:04]i100: Detect begin, 5 packages
[1204:1260][2023-09-24T17:44:04]i000: 2023-09-24 21:44:04.5661 Debug DeploymentModel DetectDeploymentAction DetectBegin [\[]Installed=False[\]]
[1204:1260][2023-09-24T17:44:04]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2'
[1204:1260][2023-09-24T17:44:04]i000: Setting numeric variable 'Kb4019990Windows2008R2Exists' to value 0
[1204:1260][2023-09-24T17:44:04]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.2.1.1'
[1204:1260][2023-09-24T17:44:04]i000: Setting numeric variable 'Kb4019990Windows2012Exists' to value 0
[1204:1260][2023-09-24T17:44:04]i000: Setting string variable 'NetFrameworkRegistryValue' to value '528049'
[1204:1260][2023-09-24T17:44:04]i000: Setting string variable 'ServerLevelsServerCoreRegistryValue' to value '1'
[1204:1260][2023-09-24T17:44:04]i000: Setting string variable 'ServerLevelsServerGuiShellRegistryValue' to value '1'
[1204:1260][2023-09-24T17:44:04]i052: Condition 'Kb4019990Windows2008R2Exists' evaluates to false.
[1204:1260][2023-09-24T17:44:04]i052: Condition 'Kb4019990Windows2012Exists' evaluates to false.
[1204:1260][2023-09-24T17:44:04]i052: Condition 'NetFrameworkRegistryValue >= 460798' evaluates to true.
[1204:1260][2023-09-24T17:44:04]i052: Condition 'NetFrameworkRegistryValue >= 460798' evaluates to true.
[1204:1260][2023-09-24T17:44:04]i101: Detected package: Kb4019990Windows2008R2Package, state: Absent, cached: None
[1204:1260][2023-09-24T17:44:04]i101: Detected package: Kb4019990Windows2012Package, state: Absent, cached: None
[1204:1260][2023-09-24T17:44:04]i101: Detected package: NetFrameworkPackageServer, state: Present, cached: None
[1204:1260][2023-09-24T17:44:04]i101: Detected package: NetFrameworkPackageServerCore, state: Present, cached: None
[1204:1260][2023-09-24T17:44:04]i101: Detected package: MsiPackage, state: Absent, cached: None
[1204:1260][2023-09-24T17:44:04]i199: Detect complete, result: 0x0
[1204:0270][2023-09-24T17:44:04]i000: 2023-09-24 21:44:04.5973 Debug DeploymentModel .ctor [\[]DeploymentAction=Install[\]]
[1204:0270][2023-09-24T17:44:04]i000: 2023-09-24 21:44:04.6755 Debug DeploymentModel .ctor [\[]IsAfterRestartAndConfigured=False[\]]
[1204:0270][2023-09-24T17:44:29]i000: 2023-09-24 21:44:29.6319 Info Model ValidateAsync ValidateCreateSensorAsync returned [\[]validateCreateSensorResult=Success[\]]
[1204:0270][2023-09-24T17:44:29]i000: Setting string variable 'IsConfigured' to value 'True'
[1204:0270][2023-09-24T17:44:29]i000: Setting hidden variable 'AccessKey'
[1204:0270][2023-09-24T17:44:29]i000: Unsetting variable 'DelayedUpdate'
[1204:0270][2023-09-24T17:44:29]i000: Unsetting variable 'LogsPath'
[1204:0270][2023-09-24T17:44:29]i000: Setting hidden variable 'ProxyConfiguration'
[1204:0270][2023-09-24T17:44:29]i000: Setting string variable 'InstallationPath' to value 'C:\Program Files\Azure Advanced Threat Protection Sensor'
[1204:1260][2023-09-24T17:44:29]i200: Plan begin, 5 packages, action: Install
[1204:1260][2023-09-24T17:44:29]i052: Condition 'VersionNT64 = v6.1' evaluates to false.
[1204:1260][2023-09-24T17:44:29]w321: Skipping dependency registration on package with no dependency providers: Kb4019990Windows2008R2Package
[1204:1260][2023-09-24T17:44:29]i052: Condition 'VersionNT64 = v6.2' evaluates to false.
[1204:1260][2023-09-24T17:44:29]w321: Skipping dependency registration on package with no dependency providers: Kb4019990Windows2012Package
[1204:1260][2023-09-24T17:44:29]i052: Condition 'ServerLevelsServerCoreRegistryValue <> 1 OR ServerLevelsServerGuiShellRegistryValue = 1' evaluates to true.
[1204:1260][2023-09-24T17:44:29]w321: Skipping dependency registration on package with no dependency providers: NetFrameworkPackageServer
[1204:1260][2023-09-24T17:44:29]i052: Condition 'ServerLevelsServerCoreRegistryValue = 1 AND ServerLevelsServerGuiShellRegistryValue <> 1' evaluates to false.
[1204:1260][2023-09-24T17:44:29]w321: Skipping dependency registration on package with no dependency providers: NetFrameworkPackageServerCore
[1204:1260][2023-09-24T17:44:29]i000: Setting string variable 'WixBundleRollbackLog_MsiPackage' to value 'C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403_000_MsiPackage_rollback.log'
[1204:1260][2023-09-24T17:44:29]i000: Setting string variable 'WixBundleLog_MsiPackage' to value 'C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403_000_MsiPackage.log'
[1204:1260][2023-09-24T17:44:29]i201: Planned package: Kb4019990Windows2008R2Package, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[1204:1260][2023-09-24T17:44:29]i201: Planned package: Kb4019990Windows2012Package, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[1204:1260][2023-09-24T17:44:29]i201: Planned package: NetFrameworkPackageServer, state: Present, default requested: Present, ba requested: Present, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[1204:1260][2023-09-24T17:44:29]i201: Planned package: NetFrameworkPackageServerCore, state: Present, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[1204:1260][2023-09-24T17:44:29]i201: Planned package: MsiPackage, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
[1204:1260][2023-09-24T17:44:29]i299: Plan complete, result: 0x0
[1204:1260][2023-09-24T17:44:29]i300: Apply begin
[1204:1260][2023-09-24T17:44:29]i010: Launching elevated engine process.
[1204:1260][2023-09-24T17:44:30]i011: Launched elevated engine process.
[1204:1260][2023-09-24T17:44:30]i012: Connected to elevated engine.
[11A8:0948][2023-09-24T17:44:30]i358: Pausing automatic updates.
[11A8:0948][2023-09-24T17:44:32]i359: Paused automatic updates.
[11A8:0948][2023-09-24T17:44:32]i360: Creating a system restore point.
[11A8:0948][2023-09-24T17:44:32]i362: System restore disabled, system restore point not created.
[11A8:0948][2023-09-24T17:44:32]i370: Session begin, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c594ebb0-6384-4672-9f40-374ba46b8ffb}, options: 0x7, disable resume: No
[11A8:0948][2023-09-24T17:44:32]i000: Caching bundle from: 'C:\Windows\Temp\{1E65615E-30AF-4372-A355-0F74946A97D6}\.be\Azure ATP Sensor Setup.exe' to: 'C:\ProgramData\Package Cache\{c594ebb0-6384-4672-9f40-374ba46b8ffb}\Azure ATP Sensor Setup.exe'
[11A8:0948][2023-09-24T17:44:32]i320: Registering bundle dependency provider: {c594ebb0-6384-4672-9f40-374ba46b8ffb}, version: 2.214.17110.17401
[11A8:0948][2023-09-24T17:44:32]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c594ebb0-6384-4672-9f40-374ba46b8ffb}, resume: Active, restart initiated: No, disable resume: No
[11A8:12F0][2023-09-24T17:44:32]i305: Verified acquired payload: MsiPackage at path: C:\ProgramData\Package Cache\.unverified\MsiPackage, moving to: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi.
[11A8:12F0][2023-09-24T17:44:32]i305: Verified acquired payload: cab9C68882706A1052319FE6C1B5DE23439 at path: C:\ProgramData\Package Cache\.unverified\cab9C68882706A1052319FE6C1B5DE23439, moving to: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\1.
[11A8:0948][2023-09-24T17:44:32]i323: Registering package dependency provider: {06A3F555-04E7-47C3-A86C-930693F51E65}, version: 2.214.17110.17401, package: MsiPackage
[11A8:0948][2023-09-24T17:44:32]i301: Applying execute package: MsiPackage, action: Install, path: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\Microsoft.Tri.Sensor.Deployment.Package.msi, arguments: ' ARPSYSTEMCOMPONENT="1" MSIFASTINSTALL="7" ACCESSKEY="*****" DelayedUpdate="" InstallationPath="C:\Program Files\Azure Advanced Threat Protection Sensor" InstalledVersion="" LogsPath="" PROXYCONFIGURATION="*****" WixBundleOriginalSourceFolder="C:\Users\oscar\Downloads\Azure ATP Sensor Setup\"'
[11A8:0948][2023-09-24T17:45:00]e000: Error 0x80070643: Failed to install MSI package.
[11A8:0948][2023-09-24T17:45:00]e000: Error 0x80070643: Failed to execute MSI package.
[1204:1260][2023-09-24T17:45:00]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[1204:1260][2023-09-24T17:45:00]i000: 2023-09-24 21:45:00.9796 Error Model LogError [\[]methodName=BootstrapperApplication_ExecutePackageComplete status=-2147023293 exception=[\]]
[1204:1260][2023-09-24T17:45:00]i319: Applied execute package: MsiPackage, result: 0x80070643, restart: None
[1204:1260][2023-09-24T17:45:00]e000: Error 0x80070643: Failed to execute MSI package.
[11A8:0948][2023-09-24T17:45:00]i318: Skipped rollback of package: MsiPackage, action: Uninstall, already: Absent
[1204:1260][2023-09-24T17:45:00]i319: Applied rollback package: MsiPackage, result: 0x0, restart: None
[11A8:0948][2023-09-24T17:45:00]i329: Removed package dependency provider: {06A3F555-04E7-47C3-A86C-930693F51E65}, package: MsiPackage
[11A8:0948][2023-09-24T17:45:00]i351: Removing cached package: MsiPackage, from path: C:\ProgramData\Package Cache\{06A3F555-04E7-47C3-A86C-930693F51E65}v2.214.17110.17401\
[11A8:0948][2023-09-24T17:45:00]i372: Session end, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c594ebb0-6384-4672-9f40-374ba46b8ffb}, resume: None, restart: None, disable resume: No
[11A8:0948][2023-09-24T17:45:00]i330: Removed bundle dependency provider: {c594ebb0-6384-4672-9f40-374ba46b8ffb}
[11A8:0948][2023-09-24T17:45:00]i352: Removing cached bundle: {c594ebb0-6384-4672-9f40-374ba46b8ffb}, from path: C:\ProgramData\Package Cache\{c594ebb0-6384-4672-9f40-374ba46b8ffb}\
[11A8:0948][2023-09-24T17:45:00]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c594ebb0-6384-4672-9f40-374ba46b8ffb}, resume: None, restart initiated: No, disable resume: No
[1204:1260][2023-09-24T17:45:00]i399: Apply complete, result: 0x80070643, restart: None, ba requested restart: No
[1204:0270][2023-09-24T17:57:23]i000: 2023-09-24 21:57:23.5839 Debug SensorBootstrapperApplication Run Engine.Quit [\[]deploymentResultStatus=-2147023293 isRestartRequired=False[\]]
[1204:1260][2023-09-24T17:57:23]i500: Shutting down, exit code: 0x80070643
[1204:1260][2023-09-24T17:57:23]i410: Variable: AccessKey = *****
[1204:1260][2023-09-24T17:57:23]i410: Variable: InstallationPath = C:\Program Files\Azure Advanced Threat Protection Sensor
[1204:1260][2023-09-24T17:57:23]i410: Variable: IsConfigured = True
[1204:1260][2023-09-24T17:57:23]i410: Variable: Kb4019990Windows2008R2Exists = 0
[1204:1260][2023-09-24T17:57:23]i410: Variable: Kb4019990Windows2012Exists = 0
[1204:1260][2023-09-24T17:57:23]i410: Variable: NetFrameworkCommandLineArguments = /passive /showrmui
[1204:1260][2023-09-24T17:57:23]i410: Variable: NetFrameworkRegistryValue = 528049
[1204:1260][2023-09-24T17:57:23]i410: Variable: RebootPending = 0
[1204:1260][2023-09-24T17:57:23]i410: Variable: ServerLevelsServerCoreRegistryValue = 1
[1204:1260][2023-09-24T17:57:23]i410: Variable: ServerLevelsServerGuiShellRegistryValue = 1
[1204:1260][2023-09-24T17:57:23]i410: Variable: VersionNT64 = 6.3.0.0
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleAction = 5
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleElevated = 1
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleLog = C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403.log
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleLog_MsiPackage = C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403_000_MsiPackage.log
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleManufacturer = Microsoft Corporation
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleName = Azure Advanced Threat Protection Sensor
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleOriginalSource = C:\Users\oscar\Downloads\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleOriginalSourceFolder = C:\Users\oscar\Downloads\Azure ATP Sensor Setup\
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleProviderKey = {c594ebb0-6384-4672-9f40-374ba46b8ffb}
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleRollbackLog_MsiPackage = C:\Users\oscar\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230924174403_000_MsiPackage_rollback.log
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleSourceProcessFolder = C:\Users\oscar\Downloads\Azure ATP Sensor Setup\
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleSourceProcessPath = C:\Users\oscar\Downloads\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleTag =
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleUILevel = 4
[1204:1260][2023-09-24T17:57:23]i410: Variable: WixBundleVersion = 2.214.17110.17401
[1204:1260][2023-09-24T17:57:23]i007: Exit code: 0x80070643, restarting: No
Microsoft.Tri.Sensor.Deployment.Deployer_20230924214436
2023-09-24 21:44:37.6235 Info Program Main Deployer started [arguments=kkZ6VqB3WbnOkSspYitMVw==]
2023-09-24 21:44:37.6704 Warn PcapLibraryHelper IsCaptureDriverExist Did not found capture driver npf or npcap
2023-09-24 21:44:37.6704 Debug InstallActionGroup Apply started
2023-09-24 21:44:37.6704 Debug CreateCertificateAction Apply started [suppressFailure=False]
2023-09-24 21:44:57.7417 Debug CreateCertificateAction Apply finished
2023-09-24 21:44:57.7417 Debug CreateSensorAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.0542 Debug CreateSensorAction Apply finished
2023-09-24 21:44:58.0542 Debug TestCertificateAndProxyAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.1636 Debug TestCertificateAndProxyAction Apply finished
2023-09-24 21:44:58.1636 Debug SaveSensorMandatoryConfigurationAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.1948 Debug SaveSensorMandatoryConfigurationAction Apply finished
2023-09-24 21:44:58.1948 Debug CreateServicesActionGroup Apply started
2023-09-24 21:44:58.1948 Debug CreateServiceAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.2104 Debug CreateServiceAction Apply finished
2023-09-24 21:44:58.2104 Debug SetServiceDescriptionAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.2104 Debug SetServiceDescriptionAction Apply finished
2023-09-24 21:44:58.2104 Debug ConfigureServiceAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.2261 Debug ConfigureServiceAction Apply finished
2023-09-24 21:44:58.2261 Debug SetServicePreshutdownTimeoutAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.2261 Debug SetServicePreshutdownTimeoutAction Apply finished
2023-09-24 21:44:58.2261 Debug CreateServiceAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.2261 Debug CreateServiceAction Apply finished
2023-09-24 21:44:58.2261 Debug SetServiceDescriptionAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.2417 Debug SetServiceDescriptionAction Apply finished
2023-09-24 21:44:58.2417 Debug ConfigureServiceAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.2417 Debug ConfigureServiceAction Apply finished
2023-09-24 21:44:58.2417 Debug SetServicePreshutdownTimeoutAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.2417 Debug SetServicePreshutdownTimeoutAction Apply finished
2023-09-24 21:44:58.2417 Debug CreateServicesActionGroup Apply finished
2023-09-24 21:44:58.2417 Debug ConfigureVirtualServiceAccountAction Apply started [suppressFailure=False]
2023-09-24 21:44:58.2730 Debug ConfigureVirtualServiceAccountAction Apply finished
2023-09-24 21:44:58.2730 Debug InstallNpcapAction Apply started [suppressFailure=False]
2023-09-24 21:45:00.4481 Debug InstallActionGroup Revert started
2023-09-24 21:45:00.4481 Warn InstallActionGroup Revert reverting [rollbackAction=ConfigureVirtualServiceAccountAction index=0 count=6]
2023-09-24 21:45:00.4481 Debug ConfigureVirtualServiceAccountAction Revert started
2023-09-24 21:45:00.4481 Debug ConfigureVirtualServiceAccountAction Revert finished
2023-09-24 21:45:00.4481 Warn InstallActionGroup Revert reverting [rollbackAction=CreateServicesActionGroup index=1 count=6]
2023-09-24 21:45:00.4481 Debug CreateServicesActionGroup Revert started
2023-09-24 21:45:00.4481 Warn CreateServicesActionGroup Revert reverting [rollbackAction=SetServicePreshutdownTimeoutAction index=0 count=8]
2023-09-24 21:45:00.4481 Debug SetServicePreshutdownTimeoutAction Revert started
2023-09-24 21:45:00.4481 Debug SetServicePreshutdownTimeoutAction Revert finished
2023-09-24 21:45:00.4481 Warn CreateServicesActionGroup Revert reverting [rollbackAction=ConfigureServiceAction index=1 count=8]
2023-09-24 21:45:00.4481 Debug ConfigureServiceAction Revert started
2023-09-24 21:45:00.4481 Debug ConfigureServiceAction Revert finished
2023-09-24 21:45:00.4481 Warn CreateServicesActionGroup Revert reverting [rollbackAction=SetServiceDescriptionAction index=2 count=8]
2023-09-24 21:45:00.4481 Debug SetServiceDescriptionAction Revert started
2023-09-24 21:45:00.4481 Debug SetServiceDescriptionAction Revert finished
2023-09-24 21:45:00.4481 Warn CreateServicesActionGroup Revert reverting [rollbackAction=CreateServiceAction index=3 count=8]
2023-09-24 21:45:00.4481 Debug CreateServiceAction Revert started
2023-09-24 21:45:00.4638 Debug ServiceControllerExtension DeleteService succeeded [name=AATPSensor]
2023-09-24 21:45:00.4638 Debug CreateServiceAction Revert finished
2023-09-24 21:45:00.4638 Warn CreateServicesActionGroup Revert reverting [rollbackAction=SetServicePreshutdownTimeoutAction index=4 count=8]
2023-09-24 21:45:00.4638 Debug SetServicePreshutdownTimeoutAction Revert started
2023-09-24 21:45:00.4638 Debug SetServicePreshutdownTimeoutAction Revert finished
2023-09-24 21:45:00.4638 Warn CreateServicesActionGroup Revert reverting [rollbackAction=ConfigureServiceAction index=5 count=8]
2023-09-24 21:45:00.4638 Debug ConfigureServiceAction Revert started
2023-09-24 21:45:00.4638 Debug ConfigureServiceAction Revert finished
2023-09-24 21:45:00.4638 Warn CreateServicesActionGroup Revert reverting [rollbackAction=SetServiceDescriptionAction index=6 count=8]
2023-09-24 21:45:00.4638 Debug SetServiceDescriptionAction Revert started
2023-09-24 21:45:00.4638 Debug SetServiceDescriptionAction Revert finished
2023-09-24 21:45:00.4638 Warn CreateServicesActionGroup Revert reverting [rollbackAction=CreateServiceAction index=7 count=8]
2023-09-24 21:45:00.4638 Debug CreateServiceAction Revert started
2023-09-24 21:45:00.4950 Debug ServiceControllerExtension DeleteService succeeded [name=AATPSensorUpdater]
2023-09-24 21:45:00.4950 Debug CreateServiceAction Revert finished
2023-09-24 21:45:00.4950 Debug CreateServicesActionGroup Revert finished
2023-09-24 21:45:00.4950 Warn InstallActionGroup Revert reverting [rollbackAction=SaveSensorMandatoryConfigurationAction index=2 count=6]
2023-09-24 21:45:00.4950 Debug SaveSensorMandatoryConfigurationAction Revert started
2023-09-24 21:45:00.4950 Debug SaveSensorMandatoryConfigurationAction Revert finished
2023-09-24 21:45:00.4950 Warn InstallActionGroup Revert reverting [rollbackAction=TestCertificateAndProxyAction index=3 count=6]
2023-09-24 21:45:00.4950 Debug TestCertificateAndProxyAction Revert started
2023-09-24 21:45:00.4950 Debug TestCertificateAndProxyAction Revert finished
2023-09-24 21:45:00.4950 Warn InstallActionGroup Revert reverting [rollbackAction=CreateSensorAction index=4 count=6]
2023-09-24 21:45:00.4950 Debug CreateSensorAction Revert started
2023-09-24 21:45:00.6827 Debug CreateSensorAction Revert finished
2023-09-24 21:45:00.6827 Warn InstallActionGroup Revert reverting [rollbackAction=CreateCertificateAction index=5 count=6]
2023-09-24 21:45:00.6827 Debug CreateCertificateAction Revert started
2023-09-24 21:45:00.6982 Debug CreateCertificateAction Revert finished
2023-09-24 21:45:00.6982 Debug InstallActionGroup Revert finished
2023-09-24 21:45:00.7607 Error DeploymentAction Deployer failed [arguments=kkZ6VqB3WbnOkSspYitMVw==]
Microsoft.Tri.Infrastructure.ExtendedException: Apply failed [Type=InstallNpcapAction]
at void Microsoft.Tri.Sensor.Common.DeploymentAction.Apply(bool suppressFailure)
at void Microsoft.Tri.Sensor.Common.DeploymentActionGroup.Apply(bool suppressFailure)
at int Microsoft.Tri.Sensor.Deployment.Deployer.Program.Main(string[] commandLineArguments)
any suggestion on cause of failure would be greatly appreciated.- EliOfekNpcap failed to install.
Try to install it manually using the npcap installer provided in the zip as well, and collect it's logs to understand why it is failing.
make sure to install it with proper parameters:
npcap-1.00-oem.exe /loopback_support=no /winpcap_mode=yes /admin_only=no /S
Details:
https://aka.ms/mdi/npcap- manual npcap install failed as well, install log below:
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-23 0:01:07
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" does not exist, jumping 219
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nsz52FD.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-23 0:12:58
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nslCAF1.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-23 0:53:38
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nsx794B.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-23 1:16:45
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nshA3B1.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-23 1:23:39
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nsmF156.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-24 12:09:32
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nss9AB0.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-24 12:31:00
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nso3FBE.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-24 17:44:58
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nsc4A9C.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-27 15:21:40
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nsm1C50.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-27 15:23:23
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nsoAB5C.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-27 15:40:52
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Jump: 278
Jump: 323
Jump: 364
Jump: 366
Call: 258
Jump: 278
Jump: 323
Jump: 376
Jump: 378
Call: 258
Call: 258
Call: 258
Jump: 278
Jump: 323
Jump: 410
Jump: 412
Jump: 414
Jump: 416
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Jump: 1523
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nsoAFF2.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-27 16:01:10
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Call: 258
Call: 258
Call: 258
Call: 258
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Call: 1524
File: overwriteflag=0, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\modern-header.bmp"
File: wrote 70976 to "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\modern-header.bmp"
WriteINIStr: wrote [Field 1] State=0 in C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\options.ini
Jump: 770
WriteINIStr: wrote [Field 2] State=0 in C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\options.ini
Jump: 783
WriteINIStr: wrote [Field 3] State=0 in C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\options.ini
Jump: 796
WriteINIStr: wrote [Field 4] State=1 in C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\options.ini
Jump: 813
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\InstallOptions.dll"
File: wrote 23712 to "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\InstallOptions.dll"
Jump: 831
Jump: 841
New install of "Npcap OEM 1.00" to "C:\Program Files\Npcap"
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000001"
Jump: 1245
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Aborting: ""
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\final.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\InstallOptions.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\modern-header.bmp")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\options.ini")
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\")
RMDir: RemoveDirectory on Reboot("C:\Users\oscar\AppData\Local\Temp\nsn45A3.tmp\")
Call: 474
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll" (overwriteflag=1)
Jump: 568
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll" (overwriteflag=1)
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll" (overwriteflag=1)
Jump: 615
Jump: 644
detailprint: Current date: 2023-09-27 16:07:53
Call: 1060
Jump: 1089
Jump: 1092
Jump: 1095
detailprint: Windows CurrentVersion: 6.3 (Win8.1)
Call: 85
Call: 1277
IfFileExists: file "C:\Windows\system32\Packet.dll" exists, jumping 0
Call: 103
Jump: 126
Jump: 136
Call: 140
Jump: 207
Call: 140
Jump: 196
Call: 220
Jump: 237
Jump: 254
Call: 258
Jump: 348
Call: 258
Call: 258
Call: 258
Call: 258
Call: 258
Call: 258
Call: 258
Call: 258
Call: 258
Call: 140
Call: 1524
File: overwriteflag=0, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\modern-header.bmp"
File: wrote 70976 to "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\modern-header.bmp"
WriteINIStr: wrote [Field 1] State=0 in C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\options.ini
Jump: 770
WriteINIStr: wrote [Field 2] State=0 in C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\options.ini
Jump: 783
WriteINIStr: wrote [Field 3] State=0 in C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\options.ini
Jump: 796
WriteINIStr: wrote [Field 4] State=1 in C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\options.ini
Jump: 813
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\InstallOptions.dll"
File: wrote 23712 to "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\InstallOptions.dll"
Jump: 831
Jump: 841
New install of "Npcap OEM 1.00" to "C:\Program Files\Npcap"
Section: "WinPcap"
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\NPFInstall.exe"
Call: 863
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll"
Call: 1095
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 11122 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 842336 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1427
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 307544 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1149
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 65880 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10356 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8658 to "C:\Program Files\Npcap\npcap.inf"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2403 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1106
CreateDirectory: "C:\Windows\system32" (1)
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1101
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 385368 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 175448 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 118616 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 58200 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll" (overwriteflag=1)
Call: 1138
CreateDirectory: "C:\Windows\system32" (1)
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\WlanHelper.exe"
CreateDirectory: "C:\Windows\system32\Npcap" (1)
CreateDirectory: "C:\Windows\system32\Npcap" created
Call: 1133
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 440152 to "C:\Windows\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 212312 to "C:\Windows\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 138072 to "C:\Windows\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65880 to "C:\Windows\system32\Npcap\WlanHelper.exe"
Call: 1240
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000001"
Jump: 1245
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1251
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 861
Call: 1174
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV.cer"
File: wrote 1479 to "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\Insecure-EV.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\Insecure-EV.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\Insecure-EV.cer")
CreateDirectory: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Insecure-EV-sha1.cer"
File: wrote 1459 to "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\Insecure-EV-sha1.cer"
Call: 1165
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\Insecure-EV-sha1.cer"
Delete: DeleteFile("C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\Insecure-EV-sha1.cer")
detailprint: Clearing Npcap entries from driver store
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1524
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Failed to create the npcap service for Win7, Win8 and Win10: 0x0004a020
MessageBox: 2097152,"Failed to create the npcap service: 0x0004a020. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
Jump: 1502
Call: 897
Call: 1524
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll"
File: skipped: "C:\Users\oscar\AppData\Local\Temp\nsw695A.tmp\nsExec.dll" (overwriteflag=1)
Delete: "C:\Program Files\Npcap\Uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Aborting: ""
