Npcap Bug Report: Green-screened BSoD on Windows Insider #194
Description
I was waking up my Surface Book 2 with Windows Insider 19041.330 when the BSoD happens with IRQL_NOT LESS_OR_EQUAL
DiagReport:
*************************************************
DiagReport for Npcap ( http://npcap.org )
*************************************************
Script Architecture: 64-bit
Script Path: C:\Program Files\Npcap\DiagReport.ps1
Current Time: 06/21/2020 16:08:05
Npcap install path: C:\Program Files\Npcap
Npcap Version: 0.9994
PowerShell Version: 5.1.19041.1
*************************************************
OS Info:
*************************************************
Caption : Microsoft Windows 10 专业版
BuildNumber : 19041
Locale : 0804
MUILanguages : {zh-CN, en-US}
OSArchitecture : 64 位
ServicePackMajorVersion : 0
ServicePackMinorVersion : 0
SystemDirectory : C:\WINDOWS\system32
Version : 10.0.19041
*************************************************
CPU Info:
*************************************************
Name : Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
Manufacturer : GenuineIntel
DeviceID : CPU0
NumberOfCores : 4
NumberOfEnabledCore : 4
NumberOfLogicalProcessors : 8
Addresswidth : 64
*************************************************
Memory Info:
*************************************************
Size: 16305 MB (17097428992 Bytes)
*************************************************
Network Adapter(s) Info:
*************************************************
Caption : [00000000] VPN Client Adapter - VPN
GUID : {FDB0209A-D7DB-42BB-8399-8BAA445AB71F}
Index : 0
InterfaceIndex : 26
Manufacturer : SoftEther Corporation
MACAddress : 5E:EF:4F:E9:C8:37
Speed : 100000000
NetConnectionID : VPN - VPN Client
NetConnectionStatus : 7
PNPDeviceID : ROOT\NET\0000
ServiceName : Neo_VPN
AdapterType : 以太网 802.3
Caption : [00000002] Marvell AVASTAR Wireless-AC Network Controller
GUID : {101013EB-6540-442D-B9B3-580C2B682D74}
Index : 2
InterfaceIndex : 5
Manufacturer : Marvell Semiconductors, Inc.
MACAddress : 28:16:A8:4B:B0:7C
Speed : 9223372036854775807
NetConnectionID : WLAN
NetConnectionStatus : 7
PNPDeviceID : PCI\VEN_11AB&DEV_2B38&SUBSYS_045E0007&REV_00\4&32FA7CC7&0&00E0
ServiceName : mrvlpcie8897
AdapterType : 以太网 802.3
Caption : [00000004] Hyper-V Virtual Ethernet Adapter
GUID : {9AFFA7F3-DFD9-47AC-9345-9FB5F5DDFF28}
Index : 4
InterfaceIndex : 16
Manufacturer : Microsoft
MACAddress : 00:15:5D:2C:C4:64
Speed : 10000000000
NetConnectionID : vEthernet (WLAN)
NetConnectionStatus : 2
PNPDeviceID : ROOT\VMS_MP\0000
ServiceName : VMSNPXYMP
AdapterType : 以太网 802.3
Caption : [00000005] Xbox Wireless Adapter for Windows
GUID : {9AAE05B7-B68C-46BD-AA7D-5A61D8CDF305}
Index : 5
InterfaceIndex : 18
Manufacturer : Microsoft Corporation
MACAddress : 62:45:B5:15:9F:BB
Speed :
NetConnectionID : 本地连接
NetConnectionStatus : 2
PNPDeviceID : USB\VID_045E&PID_091E\000000000
ServiceName : mt7612US_bc
AdapterType : 以太网 802.3
Caption : [00000007] Bluetooth Device (Personal Area Network)
GUID : {05682DCB-8A87-4BB1-8822-0A2483C6F47E}
Index : 7
InterfaceIndex : 2
Manufacturer : Microsoft
MACAddress : 28:16:A8:4B:B0:7D
Speed : 3000000
NetConnectionID : 蓝牙网络连接
NetConnectionStatus : 7
PNPDeviceID : BTH\MS_BTHPAN\6&E3528ED&0&2
ServiceName : BthPan
AdapterType : 以太网 802.3
Caption : [00000017] Hyper-V Virtual Ethernet Adapter
GUID : {B440E8DE-6672-42F1-A649-97C629EC3094}
Index : 17
InterfaceIndex : 35
Manufacturer : Microsoft
MACAddress : 00:15:5D:A0:A1:48
Speed : 10000000000
NetConnectionID : vEthernet (Default Switch)
NetConnectionStatus : 2
PNPDeviceID : ROOT\VMS_MP\0001
ServiceName : VMSNPXYMP
AdapterType : 以太网 802.3
Caption : [00000019] Hyper-V Virtual Ethernet Adapter
GUID : {7A2B1A38-2CF2-4721-B63E-FB4AB49A1C31}
Index : 19
InterfaceIndex : 67
Manufacturer : Microsoft
MACAddress : 00:15:5D:61:F8:B8
Speed : 10000000000
NetConnectionID : vEthernet (WSL)
NetConnectionStatus : 2
PNPDeviceID : ROOT\VMS_MP\0002
ServiceName : VMSNPXYMP
AdapterType : 以太网 802.3
Caption : [00000020] Realtek USB FE Family Controller
GUID : {08D45BAA-CF03-49C7-9A94-C5E473279268}
Index : 20
InterfaceIndex : 4
Manufacturer : Realtek
MACAddress : 00:E0:4A:36:AE:86
Speed : 100000000
NetConnectionID : 以太网 2
NetConnectionStatus : 2
PNPDeviceID : USB\VID_0BDA&PID_8152\00E04A36AE86
ServiceName : rtux64w10
AdapterType : 以太网 802.3
Caption : [00000021] Hyper-V Virtual Ethernet Adapter
GUID : {6081ADEA-FEA8-43DE-B7E4-8BAB350AB27B}
Index : 21
InterfaceIndex : 72
Manufacturer : Microsoft
MACAddress : 00:15:5D:E9:9C:3E
Speed : 10000000000
NetConnectionID : vEthernet (以太网 2)
NetConnectionStatus : 2
PNPDeviceID : ROOT\VMS_MP\0003
ServiceName : VMSNPXYMP
AdapterType : 以太网 802.3
*************************************************
NDIS Light-Weight Filter (LWF) Info:
*************************************************
HKLM:\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\*:
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262144
ComponentId : ms_bridge
Description : @%SystemRoot%\system32\bridgeres.dll,-2
InfPath : netbrdg.inf
InfSection : Install
LocDescription : @%SystemRoot%\system32\bridgeres.dll,-2
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262184
ComponentId : ms_wfplwf_lower
Description : @%windir%\System32\drivers\wfplwfs.sys,-6006
InfPath : wfplwfs.inf
InfSection : WfpLwf_Lower_Install
LocDescription : @%windir%\System32\drivers\wfplwfs.sys,-6006
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 40
ComponentId : ms_netbios
Description : @%windir%\system32\drivers\netbios.sys,-501
InfPath : netnb.inf
InfSection : NetBIOS.ndi
LocDescription : @%windir%\system32\drivers\netbios.sys,-501
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262200
ComponentId : ms_ndiscap
Description : @%windir%\System32\drivers\ndiscap.sys,-5000
InfPath : ndiscap.inf
InfSection : Install
LocDescription : @%windir%\System32\drivers\ndiscap.sys,-5000
InstallTimeStamp : {221, 7, 12, 0...}
ComponentId : ms_server
Description : @%systemroot%\system32\srvsvc.dll,-109
InfPath : Netserv.inf
InfSection : Install.ndi
LocDescription : @%systemroot%\system32\srvsvc.dll,-109
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262144
ComponentId : vms_vsf
Description : @%windir%\System32\drivers\vmswitch.sys,-60005
InfPath : wvms_vsft.inf
InfSection : VMSVSF.ndi
LocDescription : @%windir%\System32\drivers\vmswitch.sys,-60005
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262184
ComponentId : ms_vwifi
Description : @%windir%\System32\drivers\vwififlt.sys,-105
InfPath : netvwififlt.inf
InfSection : Install
LocDescription : @%windir%\System32\drivers\vwififlt.sys,-105
InstallTimeStamp : {228, 7, 6, 0...}
Characteristics : 262144
ComponentId : INSECURE_NPCAP
Description : @oem13.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)
InfPath : oem13.inf
InfSection : FilterStandard
LocDescription : @oem13.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)
InstallTimeStamp : {228, 7, 6, 0...}
Characteristics : 262144
ComponentId : INSECURE_NPCAP_WIFI
Description : @oem13.inf,%npf_desc_wifi%;Npcap Packet Driver (NPCAP) (Wi-Fi)
InfPath : oem13.inf
InfSection : FilterWiFi
LocDescription : @oem13.inf,%npf_desc_wifi%;Npcap Packet Driver (NPCAP) (Wi-Fi)
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262144
ComponentId : ms_pacer
Description : @%windir%\System32\drivers\pacer.sys,-101
InfPath : netpacer.inf
InfSection : Install
LocDescription : @%windir%\System32\drivers\pacer.sys,-101
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262184
ComponentId : ms_wfplwf_upper
Description : @%windir%\System32\drivers\wfplwfs.sys,-6005
InfPath : wfplwfs.inf
InfSection : WfpLwf_Upper_Install
LocDescription : @%windir%\System32\drivers\wfplwfs.sys,-6005
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262184
ComponentId : ms_nativewifip
Description : @%windir%\System32\drivers\nwifi.sys,-101
InfPath : netnwifi.inf
InfSection : MS_NWIFI.Install
LocDescription : @%windir%\System32\drivers\nwifi.sys,-101
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262144
ComponentId : ms_wfplwf_vswitch
Description : @%windir%\System32\drivers\wfplwfs.sys,-6004
InfPath : wfplwfs.inf
InfSection : WfpLwf_vSwitch_Install
LocDescription : @%windir%\System32\drivers\wfplwfs.sys,-6004
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262184
ComponentId : ms_vfpext
Description : Microsoft Azure VFP Switch Extension
InfPath : vfpext.inf
InfSection : Install
LocDescription : Microsoft Azure VFP Switch Extension
InstallTimeStamp : {221, 7, 12, 0...}
Characteristics : 262144
ComponentId : ms_l2bridge
Description : @%SystemRoot%\System32\drivers\l2bridge.sys,-5000
InfPath : l2bridge.inf
InfSection : Install
LocDescription : @%SystemRoot%\System32\drivers\l2bridge.sys,-5000
*************************************************
File Info:
*************************************************
目录: C:\Program Files\Npcap
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 2020/6/10 3:14 862 CheckStatus.bat
-a---- 2020/6/21 16:08 0 DiagReport-20200621-160805.txt
-a---- 2020/6/10 3:14 1073 DiagReport.bat
-a---- 2020/6/10 3:14 7642 DiagReport.ps1
-a---- 2020/6/10 3:14 2444 FixInstall.bat
-a---- 2020/6/18 17:37 27993 install.log
-a---- 2020/6/10 3:14 10302 LICENSE
-a---- 2020/6/13 8:16 10934 npcap.cat
-a---- 2020/6/13 8:16 8657 npcap.inf
-a---- 2020/6/13 8:16 80672 npcap.sys
-a---- 2020/6/13 5:51 2402 npcap_wfp.inf
-a---- 2020/6/13 6:02 251736 NPFInstall.exe
-a---- 2020/6/18 17:37 53413 NPFInstall.log
-a---- 2020/6/13 8:16 267856 Uninstall.exe
目录: C:\WINDOWS\System32
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 2020/6/13 6:02 102232 NpcapHelper.exe
-a---- 2020/6/13 6:02 179544 Packet.dll
-a---- 2020/6/13 6:02 65368 WlanHelper.exe
-a---- 2020/6/13 6:02 434520 wpcap.dll
目录: C:\WINDOWS\System32\Npcap
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 2020/6/13 6:02 102232 NpcapHelper.exe
-a---- 2020/6/13 6:02 179544 Packet.dll
-a---- 2020/6/13 6:02 65368 WlanHelper.exe
-a---- 2020/6/13 6:02 434520 wpcap.dll
*************************************************
WinPcap Info:
*************************************************
HKLM:\SOFTWARE\WOW6432Node\WinPcap:
Not present.
*************************************************
Registry Info:
*************************************************
HKLM:\SOFTWARE\WOW6432Node\Npcap:
AdminOnly : 0
WinPcapCompatible : 1
(default) : C:\Program Files\Npcap
HKLM:\SYSTEM\CurrentControlSet\Services\npcap:
Type : 1
Start : 1
ErrorControl : 1
Tag : 24
ImagePath : \SystemRoot\system32\DRIVERS\npcap.sys
DisplayName : @oem13.inf,%NPF_Desc_Standard%;Npcap Packet Driver (NPCAP)
Group : NDIS
Description : @oem13.inf,%NPF_Desc_Standard%;Npcap Packet Driver (NPCAP)
NdisMajorVersion : 6
NdisMinorVersion : 20
DriverMajorVersion : 0
DriverMinorVersion : 49
HKLM:\SYSTEM\CurrentControlSet\Services\npcap\Parameters:
NdisImPlatformBindingOptions : 0
DefaultFilterSettings : 1
LoopbackSupport : 1
DltNull : 1
Edition : Npcap
AdminOnly : 0
Dot11Support : 1
VlanSupport : 0
WinPcapCompatible : 1
HKLM:\SYSTEM\CurrentControlSet\Services\npcap_wifi:
Type : 1
Start : 4
ErrorControl : 1
Tag : 25
ImagePath : \SystemRoot\system32\DRIVERS\npcap.sys
DisplayName : @oem13.inf,%NPF_Desc_WiFi%;Npcap Packet Driver (NPCAP) (Wi-Fi)
Group : NDIS
Description : @oem13.inf,%NPF_Desc_WiFi%;Npcap Packet Driver (NPCAP) (Wi-Fi)
NdisMajorVersion : 6
NdisMinorVersion : 20
DriverMajorVersion : 0
DriverMinorVersion : 49
HKLM:\SYSTEM\CurrentControlSet\Services\npf:
Not present.
HKLM:\SYSTEM\CurrentControlSet\Services\npf\Parameters:
Not present.
HKLM:\SYSTEM\CurrentControlSet\Services\npf_wifi:
Not present.
*************************************************
Service Info:
*************************************************
Status : Running
Name : npcap
DisplayName : Npcap Packet Driver (NPCAP)
Get-Service : 找不到任何服务名称为“npf”的服务。
所在位置 C:\Program Files\Npcap\DiagReport.ps1:211 字符: 1
+ Get-Service npf
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (npf:String) [Get-Service], ServiceCommandException
+ FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand
*************************************************
Install Info:
*************************************************
Please refer to: C:\Program Files\Npcap\install.log
install.log:
Call: 452
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
Jump: 546
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
Jump: 593
Jump: 622
detailprint: Current date: 2020-06-18 13:05:08
Call: 1001
Jump: 1033
Jump: 1036
detailprint: Windows CurrentVersion: 10.0.18362 (Win10)
Call: 62
Call: 1193
IfFileExists: file "C:\WINDOWS\system32\Packet.dll" does not exist, jumping 196
Call: 197
Jump: 214
Jump: 231
Call: 235
Jump: 325
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 117
Call: 1462
File: overwriteflag=0, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\modern-header.bmp"
File: wrote 70976 to "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\modern-header.bmp"
WriteINIStr: wrote [Field 1] State=0 in C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\options.ini
Jump: 715
WriteINIStr: wrote [Field 2] State=0 in C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\options.ini
Jump: 728
WriteINIStr: wrote [Field 3] State=0 in C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\options.ini
Jump: 741
WriteINIStr: wrote [Field 4] State=1 in C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\options.ini
Jump: 758
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\InstallOptions.dll"
File: wrote 23712 to "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\InstallOptions.dll"
Jump: 776
Jump: 781
New install of "Npcap 0.9994" to "C:\Program Files\Npcap"
Section: "WinPcap"
Call: 1244
detailprint: Stopping the npcap driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll"
File: wrote 71840 to "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll"
CreateDirectory: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 251736 to "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\NPFInstall.exe"
Call: 808
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
Call: 1036
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 10302 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 267856 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1365
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 251736 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1085
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 80672 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10934 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8657 to "C:\Program Files\Npcap\npcap.inf"
Jump: 1095
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2402 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1047
CreateDirectory: "C:\WINDOWS\system32" (1)
Call: 1042
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 377688 to "C:\WINDOWS\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 154456 to "C:\WINDOWS\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 88920 to "C:\WINDOWS\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 55128 to "C:\WINDOWS\system32\WlanHelper.exe"
CreateDirectory: "C:\WINDOWS\system32\Npcap" (1)
CreateDirectory: "C:\WINDOWS\system32\Npcap" created
Call: 1042
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 377688 to "C:\WINDOWS\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 154456 to "C:\WINDOWS\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 88920 to "C:\WINDOWS\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 55128 to "C:\WINDOWS\system32\Npcap\WlanHelper.exe"
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
Call: 1074
CreateDirectory: "C:\WINDOWS\system32" (1)
Call: 1069
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 434520 to "C:\WINDOWS\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 179544 to "C:\WINDOWS\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 102232 to "C:\WINDOWS\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65368 to "C:\WINDOWS\system32\WlanHelper.exe"
CreateDirectory: "C:\WINDOWS\system32\Npcap" (1)
CreateDirectory: "C:\WINDOWS\system32\Npcap" created
Call: 1069
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 434520 to "C:\WINDOWS\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 179544 to "C:\WINDOWS\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 102232 to "C:\WINDOWS\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65368 to "C:\WINDOWS\system32\Npcap\WlanHelper.exe"
Call: 1156
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1167
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 806
Call: 1105
detailprint: Clearing Npcap entries from driver store
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll" (overwriteflag=1)
Jump: 1150
detailprint: The npcap service was successfully created
Jump: 1156
detailprint: Writing service options to registry
Call: 1190
Call: 1167
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "LoopbackSupport"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "DltNull"="0x00000001"
WriteRegStr: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Edition"="Npcap"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Dot11Support"="0x00000001"
Jump: 1180
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "VlanSupport"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "WinPcapCompatible"="0x00000001"
Jump: 1190
Call: 1253
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap_wifi" "Start"="0x00000004"
Call: 1221
detailprint: Starting the npcap driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll" (overwriteflag=1)
Jump: 1420
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayName"="Npcap"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayVersion"="0.9994"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "Publisher"="Nmap Project"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLInfoAbout"="https://www.npcap.org"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLUpdateInfo"="https://www.npcap.org"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMajor"="0"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMinor"="9994"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoModify"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoRepair"="0x00000001"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="CheckStatus.bat"
File: wrote 862 to "C:\Program Files\Npcap\CheckStatus.bat"
detailprint: Creating npcapwatchdog scheduled task
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll" (overwriteflag=1)
Jump: 38
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\InstallOptions.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\InstallOptions.dll" (overwriteflag=1)
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\final.ini")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\InstallOptions.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\modern-header.bmp")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\options.ini")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\SimpleSC.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\gjz010\AppData\Local\Temp\nse4F48.tmp\")
Call: 452
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
Jump: 546
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
Jump: 593
Jump: 622
detailprint: Current date: 2020-06-18 17:37:03
Call: 1001
Jump: 1033
Jump: 1036
detailprint: Windows CurrentVersion: 10.0.19041 (Win10)
Call: 62
Call: 1193
Jump: 1209
Jump: 1221
IfFileExists: file "C:\WINDOWS\system32\Packet.dll" exists, jumping 0
Call: 80
Jump: 103
Jump: 113
Call: 117
Jump: 184
Call: 117
Jump: 173
Call: 197
Jump: 214
Jump: 231
Call: 235
Jump: 325
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 235
Call: 117
Jump: 173
Call: 117
Jump: 173
MessageBox: 292,"Npcap 0.9994 is already installed. Reinstall (possibly with different options)?"
Call: 1462
File: overwriteflag=0, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\modern-header.bmp"
File: wrote 70976 to "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\modern-header.bmp"
WriteINIStr: wrote [Field 1] State=0 in C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\options.ini
Jump: 715
WriteINIStr: wrote [Field 2] State=0 in C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\options.ini
Jump: 728
WriteINIStr: wrote [Field 3] State=1 in C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\options.ini
Jump: 741
WriteINIStr: wrote [Field 4] State=1 in C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\options.ini
Jump: 758
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\InstallOptions.dll"
File: wrote 23712 to "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\InstallOptions.dll"
Jump: 776
Jump: 781
New install of "Npcap 0.9994" to "C:\Program Files\Npcap"
Section: "WinPcap"
Call: 1244
detailprint: Stopping the npcap driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll"
File: wrote 71840 to "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll"
CreateDirectory: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 251736 to "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\NPFInstall.exe"
IfFileExists: file "C:\Program Files\Npcap\uninstall.exe" exists, jumping 0
Jump: 1308
Call: 841
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: wrote 15520 to "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
Delete: "C:\Program Files\Npcap\uninstall.exe"
Delete: DeleteFile("C:\Program Files\Npcap\Uninstall.exe")
RMDir: "C:\Program Files\Npcap"
RMDir: RemoveDirectory("C:\Program Files\Npcap\")
RMDir: RemoveDirectory failed("C:\Program Files\Npcap\")
Call: 808
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll" (overwriteflag=1)
Call: 1036
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="LICENSE"
File: wrote 10302 to "C:\Program Files\Npcap\LICENSE"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.bat"
File: wrote 1073 to "C:\Program Files\Npcap\DiagReport.bat"
File: overwriteflag=0, allowskipfilesflag=2, name="DiagReport.ps1"
File: wrote 7642 to "C:\Program Files\Npcap\DiagReport.ps1"
File: overwriteflag=0, allowskipfilesflag=2, name="FixInstall.bat"
File: wrote 2444 to "C:\Program Files\Npcap\FixInstall.bat"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="Uninstall.exe"
File: wrote 267856 to "C:\Program Files\Npcap\Uninstall.exe"
Jump: 1365
File: overwriteflag=0, allowskipfilesflag=2, name="NPFInstall.exe"
File: wrote 251736 to "C:\Program Files\Npcap\NPFInstall.exe"
Call: 1085
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.sys"
File: wrote 80672 to "C:\Program Files\Npcap\npcap.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.cat"
File: wrote 10934 to "C:\Program Files\Npcap\npcap.cat"
File: overwriteflag=0, allowskipfilesflag=2, name="npcap.inf"
File: wrote 8657 to "C:\Program Files\Npcap\npcap.inf"
Jump: 1095
File: overwriteflag=0, allowskipfilesflag=2, name="npcap_wfp.inf"
File: wrote 2402 to "C:\Program Files\Npcap\npcap_wfp.inf"
detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10
Call: 1047
CreateDirectory: "C:\WINDOWS\system32" (1)
Call: 1042
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 377688 to "C:\WINDOWS\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 154456 to "C:\WINDOWS\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 88920 to "C:\WINDOWS\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 55128 to "C:\WINDOWS\system32\WlanHelper.exe"
CreateDirectory: "C:\WINDOWS\system32\Npcap" (1)
CreateDirectory: "C:\WINDOWS\system32\Npcap" created
Call: 1042
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 377688 to "C:\WINDOWS\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 154456 to "C:\WINDOWS\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 88920 to "C:\WINDOWS\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 55128 to "C:\WINDOWS\system32\Npcap\WlanHelper.exe"
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
Call: 1074
CreateDirectory: "C:\WINDOWS\system32" (1)
Call: 1069
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 434520 to "C:\WINDOWS\system32\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 179544 to "C:\WINDOWS\system32\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 102232 to "C:\WINDOWS\system32\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65368 to "C:\WINDOWS\system32\WlanHelper.exe"
CreateDirectory: "C:\WINDOWS\system32\Npcap" (1)
CreateDirectory: "C:\WINDOWS\system32\Npcap" created
Call: 1069
File: overwriteflag=0, allowskipfilesflag=2, name="wpcap.dll"
File: wrote 434520 to "C:\WINDOWS\system32\Npcap\wpcap.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="Packet.dll"
File: wrote 179544 to "C:\WINDOWS\system32\Npcap\Packet.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="NpcapHelper.exe"
File: wrote 102232 to "C:\WINDOWS\system32\Npcap\NpcapHelper.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="WlanHelper.exe"
File: wrote 65368 to "C:\WINDOWS\system32\Npcap\WlanHelper.exe"
Call: 1156
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Npcap" "WinPcapCompatible"="0x00000001"
Jump: 1167
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Npcap" ""="C:\Program Files\Npcap"
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll" (overwriteflag=1)
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallString"=""C:\Program Files\Npcap\uninstall.exe""
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "QuietUninstallString"=""C:\Program Files\Npcap\uninstall.exe" /S"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayIcon"="C:\Program Files\Npcap\uninstall.exe"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "UninstallPath"="C:\Program Files\Npcap"
Call: 806
Call: 1105
detailprint: Clearing Npcap entries from driver store
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing WFP callout driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll" (overwriteflag=1)
detailprint: Installing NDIS filter driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll" (overwriteflag=1)
Jump: 1150
detailprint: The npcap service was successfully created
Jump: 1156
detailprint: Writing service options to registry
Call: 1190
Call: 1167
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "LoopbackSupport"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "DltNull"="0x00000001"
WriteRegStr: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Edition"="Npcap"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "AdminOnly"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "Dot11Support"="0x00000001"
Jump: 1180
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "VlanSupport"="0x00000000"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters" "WinPcapCompatible"="0x00000001"
Jump: 1190
Call: 1253
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap" "Start"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap_wifi" "Start"="0x00000004"
Call: 1221
detailprint: Starting the npcap driver
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll" (overwriteflag=1)
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll" (overwriteflag=1)
Jump: 1420
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayName"="Npcap"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "DisplayVersion"="0.9994"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "Publisher"="Nmap Project"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLInfoAbout"="https://www.npcap.org"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "URLUpdateInfo"="https://www.npcap.org"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMajor"="0"
WriteRegStr: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "VersionMinor"="9994"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoModify"="0x00000001"
WriteRegDWORD: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst" "NoRepair"="0x00000001"
CreateDirectory: "C:\Program Files\Npcap" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="CheckStatus.bat"
File: wrote 862 to "C:\Program Files\Npcap\CheckStatus.bat"
detailprint: Creating npcapwatchdog scheduled task
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll"
File: skipped: "C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll" (overwriteflag=1)
Jump: 38
Call: 1462
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\InstallOptions.dll"
File: skipped: "C:\Users\gjz010\
AppData\Local\Temp\nsvABFD.tmp\InstallOptions.dll" (overwriteflag=1)
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\final.ini")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\InstallOptions.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\modern-header.bmp")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\NPFInstall.exe")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\nsExec.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\options.ini")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\SimpleSC.dll")
Delete: DeleteFile("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\gjz010\AppData\Local\Temp\nsvABFD.tmp\")
Minidump file: