Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.HLLW.Autoruner1.41577.13226.11498.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Fire\Gravity\Star Help.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Sun Apr 24 12:23:10 2005, length=185175, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Fireworks Readme.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Sun Jan 30 10:28:22 2011, length=11618, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Fireworks.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Fri May 1 20:51:56 2009, length=991232, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Galaxies Readme.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Sun Jan 30 10:23:40 2011, length=11385, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Galaxies.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:36
2024, mtime=Sun Apr 28 23:24:36 2024, atime=Sun Jan 30 09:26:54 2011, length=1466368, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Galaxy Help.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Sun Jun 29 12:02:00 2003, length=209090, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Gravity Wells Readme.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Sun Jan 30 10:29:24 2011, length=11004, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Gravity Wells.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Fri May 1 20:52:04 2009, length=827392, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Light Help.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Sun Apr 24 06:56:02 2005, length=123726, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Light Readme.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Sun Jan 30 10:29:46 2011, length=9123, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Light.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:36
2024, mtime=Sun Apr 28 23:24:36 2024, atime=Mon Nov 15 05:23:16 2010, length=933888, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Starfields Readme.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Sun Jan 30 10:30:14 2011, length=10635, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Starfields.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Fri May 1 20:52:08 2009, length=831488, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\MBSS Website.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Thu Jun 9 04:45:16 2005, length=62, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MBSS All Products\Uninstall MBSS All Products.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:36
2024, mtime=Sun Apr 28 23:24:36 2024, atime=Sun Apr 28 23:23:54 2024, length=699674, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-2J8KK.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-2J8KK.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-2J8KK.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-3U7SU.tmp\SecuriteInfo.com.Win32.HLLW.Autoruner1.41577.13226.11498.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\MBSS Fireworks.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Fri May 1 20:51:56 2009, length=991232, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\MBSS Galaxies.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:36
2024, mtime=Sun Apr 28 23:24:36 2024, atime=Sun Jan 30 09:26:54 2011, length=1466368, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\MBSS Gravity Wells.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Fri May 1 20:52:04 2009, length=827392, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\MBSS Light.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:36
2024, mtime=Sun Apr 28 23:24:36 2024, atime=Mon Nov 15 05:23:16 2010, length=933888, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\MBSS Starfields.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Apr 28 23:24:37
2024, mtime=Sun Apr 28 23:24:37 2024, atime=Fri May 1 20:52:08 2009, length=831488, window=hide
|
dropped
|
||
|
C:\Windows\MBSS All Products\is-TTH1H.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\MBSS All Products\unins000.dat
|
InnoSetup Log MBSS All Products, version 0x30, 7405 bytes, 724536\user, "C:\Windows\MBSS All Products"
|
dropped
|
||
|
C:\Windows\MBSS All Products\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Fireworks Readme.txt (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Fireworks.scr (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Galaxies Readme.txt (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Galaxies.scr (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Galaxy.hlp (copy)
|
MS Windows 3.1 help, Mon Jun 30 00:02:10 2003, 209090 bytes
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Gravity Wells Readme.txt (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Gravity Wells.scr (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Light Readme.txt (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Light.hlp (copy)
|
MS Windows 3.1 help, Sun Apr 24 19:56:02 2005, 123726 bytes
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Light.scr (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Starfields Readme.txt (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS Starfields.scr (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSSFireworksDecayStars8.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSSFireworksJetBurst8.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSSFireworksLaunch8.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSSFireworksMultiBurst8.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSSFireworksScintilators8.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSSFireworksSparkler8.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSSFireworksStandardBurst8.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSSFireworksTwisters8.wav (copy)
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSSM6.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS_Gen.hlp (copy)
|
MS Windows 3.1 help, Mon Apr 25 01:23:09 2005, 185175 bytes
|
dropped
|
||
|
C:\Windows\SysWOW64\MBSS_GoTo_MathSavers.url (copy)
|
MS Windows 95 Internet shortcut text (URL=<http://www.mathsavers.com/savers.htm>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\is-0OC1R.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\is-0QTJN.tmp
|
MS Windows 95 Internet shortcut text (URL=<http://www.mathsavers.com/savers.htm>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\is-188RC.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\is-1BOUR.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\is-24KDP.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\is-5ITG0.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\is-8HO2N.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\is-99LG3.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\is-A071M.tmp
|
MS Windows 3.1 help, Sun Apr 24 19:56:02 2005, 123726 bytes
|
dropped
|
||
|
C:\Windows\SysWOW64\is-A1AL2.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\is-AJOP0.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\is-CJAM5.tmp
|
MS Windows 3.1 help, Mon Jun 30 00:02:10 2003, 209090 bytes
|
dropped
|
||
|
C:\Windows\SysWOW64\is-F6CPB.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\is-FPQL9.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\is-JG6KC.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\is-JGPHN.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\is-JUSIF.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\is-K99HS.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\is-M1MRN.tmp
|
MS Windows 3.1 help, Mon Apr 25 01:23:09 2005, 185175 bytes
|
dropped
|
||
|
C:\Windows\SysWOW64\is-PB7LK.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\is-Q3TRV.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\is-Q8BC7.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
||
|
C:\Windows\SysWOW64\is-TC383.tmp
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, stereo 8000 Hz
|
dropped
|
There are 64 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\rundll32.exe
|
"rundll32.exe" desk.cpl,InstallScreenSaver C:\Windows\system32\MBSS Light.scr
|
 |
|
|
C:\Windows\SysWOW64\MBSS Light.scr
|
"C:\Windows\system32\MBSS Light.scr" /p 66834
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.HLLW.Autoruner1.41577.13226.11498.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.HLLW.Autoruner1.41577.13226.11498.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-3U7SU.tmp\SecuriteInfo.com.Win32.HLLW.Autoruner1.41577.13226.11498.tmp
|
"C:\Users\user\AppData\Local\Temp\is-3U7SU.tmp\SecuriteInfo.com.Win32.HLLW.Autoruner1.41577.13226.11498.tmp" /SL5="$1046E,1226042,57344,C:\Users\user\Desktop\SecuriteInfo.com.Win32.HLLW.Autoruner1.41577.13226.11498.exe"
|
||
|
C:\Windows\SysWOW64\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Windows\system32\MBSS Light Readme.txt
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://www.mathsavers.com/buy_galaxies.htmXhttp://www.mathsavers.com/buy_starfields.htm$MBSS
|
unknown
|
||
|
http://www.mathsavers.com/savers.htm
|
unknown
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
http://www.mathsavers.com
|
unknown
|
||
|
http://www.mathsavers.com/starflds.htm
|
unknown
|
||
|
http://www.mathsavers.com/buy_starfields.htm$MBSS
|
unknown
|
||
|
http://www.mathsavers.com/faq.htm7
|
unknown
|
||
|
http://www.mathsavers.com/buy_gravwells.htmDA
|
unknown
|
||
|
http://www.mathsavers.com/register.htm
|
unknown
|
||
|
https://www.paypal.com/cgi-bin/webscr?cmd=_xclick
|
unknown
|
||
|
http://www.mathsavers.com/faq.htm
|
unknown
|
||
|
http://www.mathsavers.com2
|
unknown
|
||
|
http://www.mathsavers.com/buy_galaxies.htm
|
unknown
|
||
|
http://www.mathsavers.com/buy_starfields.htmVhttp://www.mathsavers.com/buy_gravwells.htm
|
unknown
|
||
|
http://www.mathsavers.com/paypaltip.htm
|
unknown
|
||
|
http://www.mathsavers.com/galaxy.htm
|
unknown
|
||
|
http://www.mathsavers.com/buy_gravwells.htm
|
unknown
|
||
|
http://www.mathsavers.com/buy_light.htm
|
unknown
|
||
|
http://www.mathsavers.com/buy_light.htmVhttp://www.mathsavers.com/buy_fireworks.htm
|
unknown
|
||
|
http://www.mathsavers.com/buy_fireworks.htm
|
unknown
|
||
|
http://www.mathsavers.com/buy_fireworks.htmThttp://www.mathsavers.com/buy_galaxies.htm
|
unknown
|
||
|
http://www.mathsavers.com/buy_starfields.htm
|
unknown
|
||
|
http://www.mathsavers.com/light.htm
|
unknown
|
||
|
http://www.mathsavers.com/fireworks.htm
|
unknown
|
||
|
http://www.mathsavers.com/faq.htmCurrent
|
unknown
|
||
|
http://www.mathsavers.com/gravwell.htm
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 18 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Control Panel\Desktop
|
SCRNSAVE.EXE
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Windows\system32\MBSSM6.dll
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Windows\system32\MBSS Light.hlp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Windows\system32\MBSS Galaxy.hlp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Windows\system32\MBSS_Gen.hlp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Windows\system32\MBSS_GoTo_MathSavers.url
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
Inno Setup: Selected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
Inno Setup: Deselected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MBSS All Products_is1
|
InstallDate
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@mmres.dll,-800
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@%SystemRoot%\System32\mmres.dll,-800
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@themeui.dll,-850
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@themeui.dll,-851
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@themeui.dll,-852
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@themeui.dll,-853
|
||
|
HKEY_CURRENT_USER\SOFTWARE\MBSS\Light\DirectX
|
DX_WinWidth
|
||
|
HKEY_CURRENT_USER\SOFTWARE\MBSS\Light\DirectX
|
DX_WinHeight
|
||
|
HKEY_CURRENT_USER\SOFTWARE\MBSS\Light\General
|
SaverStartDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\MBSS\Light\Advanced
|
Adv_CycleStyleIndex
|
There are 26 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2188000
|
direct allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
3005000
|
heap
|
page read and write
|
||
|
2DA4000
|
heap
|
page read and write
|
||
|
707000
|
heap
|
page read and write
|
||
|
69F000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
2154000
|
direct allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
93C000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2B19000
|
heap
|
page read and write
|
||
|
498E000
|
stack
|
page read and write
|
||
|
2DA4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2F84000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2DA2000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
3315000
|
heap
|
page read and write
|
||
|
4E5000
|
unkown
|
page read and write
|
||
|
5188000
|
direct allocation
|
page read and write
|
||
|
3324000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
5CE000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
4B24000
|
heap
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
30B5000
|
heap
|
page read and write
|
||
|
87E000
|
heap
|
page read and write
|
||
|
711000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
712000
|
heap
|
page read and write
|
||
|
349F000
|
stack
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
331F000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
32E9000
|
heap
|
page read and write
|
||
|
3355000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
85E000
|
heap
|
page read and write
|
||
|
335F000
|
heap
|
page read and write
|
||
|
748000
|
heap
|
page read and write
|
||
|
4A2000
|
unkown
|
page readonly
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
491000
|
unkown
|
page write copy
|
||
|
2820000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
30B2000
|
heap
|
page read and write
|
||
|
62E000
|
stack
|
page read and write
|
||
|
30AC000
|
heap
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2E8D000
|
heap
|
page read and write
|
||
|
2F08000
|
stack
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
335F000
|
heap
|
page read and write
|
||
|
30A2000
|
heap
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
7EF000
|
stack
|
page read and write
|
||
|
4F2E000
|
stack
|
page read and write
|
||
|
2140000
|
direct allocation
|
page read and write
|
||
|
2339000
|
heap
|
page read and write
|
||
|
70D000
|
heap
|
page read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
523E000
|
stack
|
page read and write
|
||
|
509C000
|
stack
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
3355000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
30AC000
|
heap
|
page read and write
|
||
|
2F4A000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
941000
|
heap
|
page read and write
|
||
|
2390000
|
direct allocation
|
page read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
640000
|
direct allocation
|
page execute and read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4AFF000
|
stack
|
page read and write
|
||
|
723000
|
heap
|
page read and write
|
||
|
723000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
18C000
|
stack
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
30D2000
|
heap
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
6E7000
|
heap
|
page read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
333A000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
4F6F000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
331E000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
85F000
|
stack
|
page read and write
|
||
|
2074000
|
direct allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2172000
|
direct allocation
|
page read and write
|
||
|
2148000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
748000
|
heap
|
page read and write
|
||
|
6920000
|
trusted library allocation
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
30B2000
|
heap
|
page read and write
|
||
|
6C2000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
99000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
494000
|
unkown
|
page write copy
|
||
|
516E000
|
stack
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
5020000
|
heap
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2DA2000
|
heap
|
page read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
6940000
|
trusted library allocation
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
748000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
30D1000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
68B000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
332F000
|
stack
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
30CF000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4E7000
|
unkown
|
page readonly
|
||
|
99F000
|
stack
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
6E8000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
91000
|
stack
|
page read and write
|
||
|
2170000
|
direct allocation
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
2FE5000
|
heap
|
page read and write
|
||
|
49CE000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2D81000
|
heap
|
page read and write
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
4F5F000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
93C000
|
heap
|
page read and write
|
||
|
2DA2000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
93C000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
4D84000
|
heap
|
page read and write
|
||
|
2320000
|
trusted library allocation
|
page read and write
|
||
|
2DA4000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
670000
|
trusted library allocation
|
page execute read
|
||
|
3342000
|
heap
|
page read and write
|
||
|
93C000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
3324000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
723000
|
heap
|
page read and write
|
||
|
30B5000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
334D000
|
heap
|
page read and write
|
||
|
2390000
|
direct allocation
|
page read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
2DA2000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
535F000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
3326000
|
heap
|
page read and write
|
||
|
30C6000
|
heap
|
page read and write
|
||
|
192000
|
stack
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
2DA3000
|
heap
|
page read and write
|
||
|
69C000
|
heap
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
2E35000
|
stack
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
2D91000
|
heap
|
page read and write
|
||
|
52DF000
|
stack
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
2134000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2DA2000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
5177000
|
direct allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
179000
|
stack
|
page read and write
|
||
|
2174000
|
direct allocation
|
page read and write
|
||
|
4FEF000
|
stack
|
page read and write
|
||
|
94C000
|
heap
|
page read and write
|
||
|
4E7000
|
unkown
|
page readonly
|
||
|
7640000
|
heap
|
page read and write
|
||
|
4A2000
|
unkown
|
page readonly
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
93C000
|
heap
|
page read and write
|
||
|
87B000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2070000
|
direct allocation
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
2145000
|
direct allocation
|
page read and write
|
||
|
2178000
|
direct allocation
|
page read and write
|
||
|
3337000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
3355000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
51AF000
|
stack
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
6A8000
|
heap
|
page read and write
|
||
|
2DA2000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2C84000
|
heap
|
page read and write
|
||
|
32F7000
|
heap
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
2DA4000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
3355000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
333B000
|
heap
|
page read and write
|
||
|
2335000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
2DA2000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
3160000
|
direct allocation
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
30C6000
|
heap
|
page read and write
|
||
|
249E000
|
stack
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
56A0000
|
trusted library allocation
|
page read and write
|
||
|
4E0000
|
unkown
|
page read and write
|
||
|
24D4000
|
heap
|
page read and write
|
||
|
331F000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7230000
|
heap
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
5CA000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
718000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
4C6F000
|
stack
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
32E6000
|
heap
|
page read and write
|
||
|
491000
|
unkown
|
page read and write
|
||
|
2DA4000
|
heap
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
4F9C000
|
stack
|
page read and write
|
||
|
2080000
|
direct allocation
|
page read and write
|
||
|
93C000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
2084000
|
direct allocation
|
page read and write
|
||
|
2E79000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
A4F000
|
stack
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
93C000
|
heap
|
page read and write
|
||
|
717000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
There are 336 hidden memdumps, click here to show them.