I think this is what is needed.
technet.microsoft.com/en-us/sysinternals/bb896645.aspx
en.wikipedia.org/wiki/Process_Monitor

There is a special SysTracer utility specifically designed to track changes in the system by comparing two "system snapshots" - before and after. As a result, we get data presented in a convenient form on changes in the three categories “Registry”, “Files”, “Other settings” (n / a group policies, system utilities trace aka netsh)
(Honestly, I’ll tell you that it doesn’t collect everything, although in most cases it is enough)
And if you are “fighting the defense of evil”, then some tricks are used there that cannot be set on fire with an ordinary trace :)
Otherwise, everything would be very simple, in this case, the most useful tool, in which I support member l0calh0st ,
this is Process Monitorfrom Sysinternals is exactly what you need. (These guys use, apparently, some undocumented features, Mark Russinovich knows a lot :) ) And it is extremely difficult to hide any movements from this utility, if it is configured correctly. (Although it's possible, I know how, but I won't tell you - because it's not her)
PS: The only thing is to carefully read the documentation regarding filtering, since Process Monitor by default logs all events. First of all, you need to target it to the installer process ID, as well as (if it is not used during the installation process, disable the network dump, there is a lot of “garbage” in it that makes it hard to figure it out).

Ashampoo UnInstaller is a special utility for tracking the installation of programs and cleaning up the remaining garbage from them.
The monitor process from Sysinternals is not suitable for this purpose. it only logs the actions of the program and gives a stupidly raw list of actions at the output.

For the registry, there is good old RegShot . There is a Sandboxie
sandbox - you can try to install the program in it and use SandboxDiff . Maybe there is another option here. In some cases, you can gut the installer with UniExtract .