Call: 871 SetFlag: 2=0 Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" (overwriteflag=1) Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" (overwriteflag=1) Jump: 965 Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" (overwriteflag=1) Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" (overwriteflag=1) Jump: 1009 Jump: 1038 Current time UTC: 2025-08-15 09:50:58 Npcap Installer version 1.82 Command line: '"C:\Users\ADMINI~1\AppData\Local\Temp\5\nswCB32.tmp\npcap-1.82.exe" /loopback_support=no' Call: 1539 Jump: 1571 DetailPrint: Windows CurrentVersion: 10.0.17763 (Win10) Call: 116 Jump: 172 Call: 116 Jump: 172 Call: 116 Jump: 1146 Call: 2175 SetFlag: 13=6 File: overwriteflag=0, allowskipfilesflag=2, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\modern-header.bmp" File: wrote 70976 to "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\modern-header.bmp" Call: 1156 WriteINIStr: wrote [Field 1] State=0 in C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\options.ini Jump: 1178 Call: 1156 WriteINIStr: wrote [Field 2] State=0 in C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\options.ini Jump: 1178 Call: 1156 WriteINIStr: wrote [Field 3] State=0 in C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\options.ini Jump: 1178 Call: 1156 WriteINIStr: wrote [Field 4] State=1 in C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\options.ini Jump: 1178 Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\InstallOptions.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\InstallOptions.dll" (overwriteflag=1) Jump: 1252 Jump: 1257 New install of "Npcap 1.82" to "C:\Program Files\Npcap" Section: "WinPcap" CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp" (1) File: overwriteflag=0, allowskipfilesflag=0, name="NPFInstall.exe" File: wrote 323448 to "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\NPFInstall.exe" Call: 116 Jump: 172 Call: 116 Jump: 172 IfFileExists: file "C:\Program Files\Npcap\uninstall.exe" exists, jumping 0 Jump: 1914 IfFileExists: file "C:\Program Files\Npcap\uninstall.exe" exists, jumping 0 Call: 1834 WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000003" WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap_wifi" "Start"="0x00000004" Call: 1350 SetFlag: 2=0 DetailPrint: RunUninstaller: "C:\Program Files\Npcap\uninstall.exe" /Q /keep_logs=yes /no_kill=no _?=C:\Program Files\Npcap settings logging to 0 Call: 284 SetFlag: 2=0 Call: 892 SetFlag: 13=6 SetFlag: 2=0 Delete: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp" CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp" (0) CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp" created File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: wrote 19664 to "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Jump: 378 Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Jump: 422 Jump: 451 Current date: 2025-08-15 12:52:10 Npcap Uninstaller version 1.75 Command line: '"C:\Program Files\Npcap\uninstall.exe" /Q /keep_logs=yes /no_kill=no' SetFlag: 12=0 Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Jump: 507 Call: 116 Call: 122 Jump: 139 Jump: 156 Call: 160 SetFlag: 2=0 Jump: 218 Jump: 180 Jump: 250 Call: 160 SetFlag: 2=0 SetFlag: 2=1 Call: 160 SetFlag: 2=0 Jump: 180 Call: 160 SetFlag: 2=0 Jump: 180 Jump: 225 Jump: 278 Uninstaller window title: Npcap OEM 1.75 Call: 892 SetFlag: 13=6 File: overwriteflag=0, allowskipfilesflag=2, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\modern-header.bmp" File: wrote 70976 to "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\modern-header.bmp" Call: 113 Aborting: "no_confirm" New install of "Npcap OEM 1.75" to "C:\Program Files\Npcap" Section: "Uninstall" DetailPrint: Reading service options from registry Call: 742 Call: 46 Jump: 74 CreateDirectory: "C:\Program Files\Npcap" (1) IfFileExists: file "C:\Program Files\Npcap\NPFInstall.exe" exists, jumping 762 Call: 550 Rename: C:\Windows\system32\wpcap.dll->C:\Windows\system32\wpcap.dll.del Rename: C:\Windows\system32\Packet.dll->C:\Windows\system32\Packet.dll.del Rename: C:\Windows\system32\NpcapHelper.exe->C:\Windows\system32\NpcapHelper.exe.del Rename: C:\Windows\system32\WlanHelper.exe->C:\Windows\system32\WlanHelper.exe.del Rename: C:\Windows\system32\Npcap\wpcap.dll->C:\Windows\system32\Npcap\wpcap.dll.del Rename: C:\Windows\system32\Npcap\Packet.dll->C:\Windows\system32\Npcap\Packet.dll.del Rename: C:\Windows\system32\Npcap\NpcapHelper.exe->C:\Windows\system32\Npcap\NpcapHelper.exe.del Rename: C:\Windows\system32\Npcap\WlanHelper.exe->C:\Windows\system32\Npcap\WlanHelper.exe.del Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 550 Rename: C:\Windows\system32\wpcap.dll->C:\Windows\system32\wpcap.dll.del Rename: C:\Windows\system32\Packet.dll->C:\Windows\system32\Packet.dll.del Rename: C:\Windows\system32\NpcapHelper.exe->C:\Windows\system32\NpcapHelper.exe.del Rename: C:\Windows\system32\WlanHelper.exe->C:\Windows\system32\WlanHelper.exe.del Rename: C:\Windows\system32\Npcap\wpcap.dll->C:\Windows\system32\Npcap\wpcap.dll.del Rename: C:\Windows\system32\Npcap\Packet.dll->C:\Windows\system32\Npcap\Packet.dll.del Rename: C:\Windows\system32\Npcap\NpcapHelper.exe->C:\Windows\system32\Npcap\NpcapHelper.exe.del Rename: C:\Windows\system32\Npcap\WlanHelper.exe->C:\Windows\system32\Npcap\WlanHelper.exe.del Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 74 Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" File: wrote 14544 to "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" No processes using Npcap DetailPrint: Stopping the npcap driver Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" (overwriteflag=1) Call: 560 Delete: "C:\Windows\system32\wpcap.dll.del" Delete: DeleteFile("C:\Windows\system32\wpcap.dll.del") Delete: "C:\Windows\system32\Packet.dll.del" Delete: DeleteFile("C:\Windows\system32\Packet.dll.del") Delete: "C:\Windows\system32\NpcapHelper.exe.del" Delete: DeleteFile("C:\Windows\system32\NpcapHelper.exe.del") Delete: "C:\Windows\system32\WlanHelper.exe.del" Delete: DeleteFile("C:\Windows\system32\WlanHelper.exe.del") Delete: "C:\Windows\system32\Npcap\wpcap.dll.del" Delete: DeleteFile("C:\Windows\system32\Npcap\wpcap.dll.del") Delete: "C:\Windows\system32\Npcap\Packet.dll.del" Delete: DeleteFile("C:\Windows\system32\Npcap\Packet.dll.del") Delete: "C:\Windows\system32\Npcap\NpcapHelper.exe.del" Delete: DeleteFile("C:\Windows\system32\Npcap\NpcapHelper.exe.del") Delete: "C:\Windows\system32\Npcap\WlanHelper.exe.del" Delete: DeleteFile("C:\Windows\system32\Npcap\WlanHelper.exe.del") RMDir: "C:\Windows\system32\Npcap" RMDir: RemoveDirectory("C:\Windows\system32\Npcap\") Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 560 Delete: "C:\Windows\system32\wpcap.dll.del" Delete: DeleteFile("C:\Windows\system32\wpcap.dll.del") Delete: "C:\Windows\system32\Packet.dll.del" Delete: DeleteFile("C:\Windows\system32\Packet.dll.del") Delete: "C:\Windows\system32\NpcapHelper.exe.del" Delete: DeleteFile("C:\Windows\system32\NpcapHelper.exe.del") Delete: "C:\Windows\system32\WlanHelper.exe.del" Delete: DeleteFile("C:\Windows\system32\WlanHelper.exe.del") Delete: "C:\Windows\system32\Npcap\wpcap.dll.del" Delete: DeleteFile("C:\Windows\system32\Npcap\wpcap.dll.del") Delete: "C:\Windows\system32\Npcap\Packet.dll.del" Delete: DeleteFile("C:\Windows\system32\Npcap\Packet.dll.del") Delete: "C:\Windows\system32\Npcap\NpcapHelper.exe.del" Delete: DeleteFile("C:\Windows\system32\Npcap\NpcapHelper.exe.del") Delete: "C:\Windows\system32\Npcap\WlanHelper.exe.del" Delete: DeleteFile("C:\Windows\system32\Npcap\WlanHelper.exe.del") RMDir: "C:\Windows\system32\Npcap" RMDir: RemoveDirectory("C:\Windows\system32\Npcap\") Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 545 Delete: "C:\Program Files\Npcap\LICENSE" Delete: DeleteFile("C:\Program Files\Npcap\LICENSE") Delete: "C:\Program Files\Npcap\DiagReport.bat" Delete: DeleteFile("C:\Program Files\Npcap\DiagReport.bat") Delete: "C:\Program Files\Npcap\DiagReport.ps1" Delete: DeleteFile("C:\Program Files\Npcap\DiagReport.ps1") Delete: "C:\Program Files\Npcap\FixInstall.bat" Delete: DeleteFile("C:\Program Files\Npcap\FixInstall.bat") Call: 515 CreateDirectory: "C:\Program Files\Npcap" (1) IfFileExists: file "C:\Program Files\Npcap\npcap_wfp.inf" exists, jumping 519 Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" (overwriteflag=1) Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" (overwriteflag=1) DetailPrint: The npcap service for Win7, Win8 and Win10 was successfully deleted Jump: 545 IfFileExists: file "C:\Program Files\Npcap\loopback.ini" does not exist, jumping 861 Call: 611 Delete: "C:\Program Files\Npcap\npcap.sys" Delete: DeleteFile("C:\Program Files\Npcap\npcap.sys") Delete: "C:\Program Files\Npcap\npcap.inf" Delete: DeleteFile("C:\Program Files\Npcap\npcap.inf") Delete: "C:\Program Files\Npcap\npcap_wfp.inf" Delete: DeleteFile("C:\Program Files\Npcap\npcap_wfp.inf") Delete: "C:\Program Files\Npcap\npcap.cat" Delete: DeleteFile("C:\Program Files\Npcap\npcap.cat") Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Delete: "C:\Windows\system32\Drivers\npcap.sys" Delete: DeleteFile("C:\Windows\system32\Drivers\npcap.sys") IfFileExists: file "C:\Windows\system32\Drivers\npf.sys" does not exist, jumping 736 Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll" (overwriteflag=1) Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" (overwriteflag=1) DeleteRegKey: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" DeleteRegKey: "HKEY_LOCAL_MACHINE\Software\Npcap" Delete: "C:\Program Files\Npcap\NPFInstall.exe" Delete: DeleteFile("C:\Program Files\Npcap\NPFInstall.exe") Delete: "C:\Program Files\Npcap\CheckStatus.bat" Delete: DeleteFile("C:\Program Files\Npcap\CheckStatus.bat") Call: 892 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll" (overwriteflag=1) Delete: "C:\Program Files\Npcap\uninstall.exe" Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe") Delete: DeleteFile failed("C:\Program Files\Npcap\Uninstall.exe") Delete: "C:\Program Files\Npcap\loopback.ini" RMDir: "C:\Program Files\Npcap" RMDir: RemoveDirectory("C:\Program Files\Npcap\") RMDir: RemoveDirectory on Reboot("C:\Program Files\Npcap\") SetFlag: 4=0 SetFlag: 0=1 Jump: 25 Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\modern-header.bmp") Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\nsExec.dll") Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\System.dll") RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsw550D.tmp\") logging set to 1 Delete: "C:\Program Files\Npcap\uninstall.exe" Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe") RMDir: "C:\Program Files\Npcap" RMDir: RemoveDirectory("C:\Program Files\Npcap\") RMDir: RemoveDirectory failed("C:\Program Files\Npcap\") SetFlag: 2=0 Call: 1311 Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) No processes using Npcap Call: 1441 Call: 1401 SetFlag: 2=0 SetFlag: 2=0 Call: 1401 SetFlag: 2=0 SetFlag: 2=0 Call: 1431 IfFileExists: file "C:\Windows\system32\packet.dll" does not exist, jumping 1435 IfFileExists: file "C:\Windows\system32\wpcap.dll" does not exist, jumping 1438 IfFileExists: file "C:\Windows\system32\pthreadVC.dll" does not exist, jumping 1441 Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" (overwriteflag=1) Delete: "C:\Windows\system32\drivers\npf.sys" Call: 1431 IfFileExists: file "C:\Windows\system32\packet.dll" does not exist, jumping 1435 IfFileExists: file "C:\Windows\system32\wpcap.dll" does not exist, jumping 1438 IfFileExists: file "C:\Windows\system32\pthreadVC.dll" does not exist, jumping 1441 Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" (overwriteflag=1) Jump: 1462 SetFlag: 1=1 RMDir: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap" CreateDirectory: "C:\Program Files\Npcap" (1) Call: 1573 File: overwriteflag=0, allowskipfilesflag=0, name="LICENSE" File: wrote 11784 to "C:\Program Files\Npcap\LICENSE" File: overwriteflag=0, allowskipfilesflag=0, name="DiagReport.bat" File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat" File: overwriteflag=0, allowskipfilesflag=0, name="DiagReport.ps1" File: wrote 18078 to "C:\Program Files\Npcap\DiagReport.ps1" File: overwriteflag=0, allowskipfilesflag=0, name="FixInstall.bat" File: wrote 2513 to "C:\Program Files\Npcap\FixInstall.bat" Sleep(100) File: overwriteflag=0, allowskipfilesflag=0, name="Uninstall.exe" File: wrote 1096448 to "C:\Program Files\Npcap\Uninstall.exe" Call: 2052 CreateDirectory: "C:\Windows\system32" (1) Call: 2047 File: overwriteflag=0, allowskipfilesflag=0, name="wpcap.dll" File: wrote 422776 to "C:\Windows\system32\wpcap.dll" File: overwriteflag=0, allowskipfilesflag=0, name="Packet.dll" File: wrote 174456 to "C:\Windows\system32\Packet.dll" File: overwriteflag=0, allowskipfilesflag=0, name="NpcapHelper.exe" File: wrote 130424 to "C:\Windows\system32\NpcapHelper.exe" File: overwriteflag=0, allowskipfilesflag=0, name="WlanHelper.exe" File: wrote 226168 to "C:\Windows\system32\WlanHelper.exe" CreateDirectory: "C:\Windows\system32\Npcap" (1) CreateDirectory: "C:\Windows\system32\Npcap" created Call: 2047 File: overwriteflag=0, allowskipfilesflag=0, name="wpcap.dll" File: wrote 422776 to "C:\Windows\system32\Npcap\wpcap.dll" File: overwriteflag=0, allowskipfilesflag=0, name="Packet.dll" File: wrote 174456 to "C:\Windows\system32\Npcap\Packet.dll" File: overwriteflag=0, allowskipfilesflag=0, name="NpcapHelper.exe" File: wrote 130424 to "C:\Windows\system32\Npcap\NpcapHelper.exe" File: overwriteflag=0, allowskipfilesflag=0, name="WlanHelper.exe" File: wrote 226168 to "C:\Windows\system32\Npcap\WlanHelper.exe" CreateDirectory: "C:\Program Files\Npcap" (1) File: overwriteflag=0, allowskipfilesflag=0, name="NPFInstall.exe" File: wrote 323448 to "C:\Program Files\Npcap\NPFInstall.exe" Call: 2069 DetailPrint: Installing NDIS6 x64 driver for Win10 CreateDirectory: "C:\Program Files\Npcap" (1) File: overwriteflag=0, allowskipfilesflag=0, name="npcap.sys" File: wrote 80968 to "C:\Program Files\Npcap\npcap.sys" File: overwriteflag=0, allowskipfilesflag=0, name="npcap.cat" File: wrote 12903 to "C:\Program Files\Npcap\npcap.cat" File: overwriteflag=0, allowskipfilesflag=0, name="npcap.inf" File: wrote 9010 to "C:\Program Files\Npcap\npcap.inf" File: overwriteflag=0, allowskipfilesflag=0, name="npcap_wfp.inf" File: wrote 2435 to "C:\Program Files\Npcap\npcap_wfp.inf" Jump: 2109 Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" (overwriteflag=1) Call: 1763 WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000" WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001" Jump: 1772 WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap" Call: 2063 CreateDirectory: "C:\Windows\system32" (1) Call: 2058 File: overwriteflag=0, allowskipfilesflag=0, name="wpcap.dll" File: wrote 494456 to "C:\Windows\system32\wpcap.dll" File: overwriteflag=0, allowskipfilesflag=0, name="Packet.dll" File: wrote 221560 to "C:\Windows\system32\Packet.dll" File: overwriteflag=0, allowskipfilesflag=0, name="NpcapHelper.exe" File: wrote 157048 to "C:\Windows\system32\NpcapHelper.exe" File: overwriteflag=0, allowskipfilesflag=0, name="WlanHelper.exe" File: wrote 277368 to "C:\Windows\system32\WlanHelper.exe" CreateDirectory: "C:\Windows\system32\Npcap" (1) CreateDirectory: "C:\Windows\system32\Npcap" created Call: 2058 File: overwriteflag=0, allowskipfilesflag=0, name="wpcap.dll" File: wrote 494456 to "C:\Windows\system32\Npcap\wpcap.dll" File: overwriteflag=0, allowskipfilesflag=0, name="Packet.dll" File: wrote 221560 to "C:\Windows\system32\Npcap\Packet.dll" File: overwriteflag=0, allowskipfilesflag=0, name="NpcapHelper.exe" File: wrote 157048 to "C:\Windows\system32\Npcap\NpcapHelper.exe" File: overwriteflag=0, allowskipfilesflag=0, name="WlanHelper.exe" File: wrote 277368 to "C:\Windows\system32\Npcap\WlanHelper.exe" Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll" (overwriteflag=1) WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe"" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap" Call: 1635 CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp" (1) SetFlag: 2=0 File: overwriteflag=0, allowskipfilesflag=0, name="DDFB16CD4931C973A2037D3FC83A4D7D775D05E4.sst" File: wrote 1886 to "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4.sst" Call: 1578 DetailPrint: Checking for DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 in store "Root" Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) Call: 1613 DetailPrint: Adding DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 to store "Root" Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) Delete: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4.sst" Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4.sst") CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp" (1) SetFlag: 2=0 File: overwriteflag=0, allowskipfilesflag=0, name="signing.p7b" File: wrote 3754 to "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\signing.p7b" Call: 1600 DetailPrint: Adding signing.p7b to store "TrustedPublisher" Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) Delete: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\signing.p7b" Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\signing.p7b") CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp" (1) SetFlag: 2=0 File: overwriteflag=0, allowskipfilesflag=0, name="digi-ts-2023.p7b" File: wrote 3495 to "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\digi-ts-2023.p7b" Call: 1600 DetailPrint: Adding digi-ts-2023.p7b to store "AddressBook" Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) Delete: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\digi-ts-2023.p7b" Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\digi-ts-2023.p7b") DetailPrint: Clearing Npcap entries from driver store Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) DetailPrint: Installing WFP callout driver Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) DetailPrint: Installing NDIS filter driver Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) Jump: 1741 DetailPrint: The npcap service was successfully created Jump: 1763 DetailPrint: Writing service options to registry Call: 1772 WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001" WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "LoopbackSupport"="0x00000001" WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "DltNull"="0x00000001" WriteRegStr: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Edition"="Npcap" WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "AdminOnly"="0x00000000" WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Dot11Support"="0x00000001" Jump: 1785 WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "VlanSupport"="0x00000000" WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "WinPcapCompatible"="0x00000001" Jump: 1795 Call: 1831 WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001" WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap_wifi" "Start"="0x00000004" Call: 1823 DetailPrint: Starting the npcap driver Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) Jump: 2011 WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayName"="Npcap" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayVersion"="1.82" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "Publisher"="Nmap Project" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLInfoAbout"="https://npcap.com/" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLUpdateInfo"="https://npcap.com/#download" WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "InstallLocation"="C:\Program Files\Npcap" WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMajor"="0x00000001" WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMinor"="0x00000052" WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoModify"="0x00000001" WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoRepair"="0x00000001" Call: 1837 CreateDirectory: "C:\Program Files\Npcap" (1) File: overwriteflag=0, allowskipfilesflag=0, name="CheckStatus.bat" File: wrote 815 to "C:\Program Files\Npcap\CheckStatus.bat" DetailPrint: Creating npcapwatchdog scheduled task Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll" (overwriteflag=1) DetailPrint: Scheduled task created. Jump: 27 Call: 2175 SetFlag: 13=6 File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\InstallOptions.dll" File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\InstallOptions.dll" (overwriteflag=1) Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\final.ini") Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\InstallOptions.dll") Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\modern-header.bmp") Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\NPFInstall.exe") Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\nsExec.dll") Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\options.ini") Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\System.dll") RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\5\nsi3594.tmp\")