Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DE-1550 Installer v1.03_rev1 07-23-2018.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number
of Pages: 200, Revision Number: {F6296E9E-3D64-43FF-B0A4-736C96B15080}, Title: DE-1550 Installer, Author: Altronic LLC, Number
of Words: 2, Last Saved Time/Date: Tue Jul 24 03:15:26 2018, Last Printed: Tue Jul 24 03:15:26 2018
|
initial sample
|
||
|
C:\Config.Msi\118801c.rbs
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Altronic DE-1550.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Altronic DE-1550.exe.config
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Altronic.ico
|
MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Configuration Files\DEFAULT.afd
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Configuration Files\DEFAULT.pgd
|
Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Configuration Files\DEFAULT.trd
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CFG58FB.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CFG8182.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI584F.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI591B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}\_8FE7F6AC6251280AFC5837.exe
|
MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Altronic LLC\DE-1550\DE-1550.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:25:52
1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
||
|
C:\Windows\Installer\118801b.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number
of Pages: 200, Revision Number: {F6296E9E-3D64-43FF-B0A4-736C96B15080}, Title: DE-1550 Installer, Author: Altronic LLC, Number
of Words: 2, Last Saved Time/Date: Tue Jul 24 03:15:26 2018, Last Printed: Tue Jul 24 03:15:26 2018
|
dropped
|
||
|
C:\Windows\Installer\118801d.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number
of Pages: 200, Revision Number: {F6296E9E-3D64-43FF-B0A4-736C96B15080}, Title: DE-1550 Installer, Author: Altronic LLC, Number
of Words: 2, Last Saved Time/Date: Tue Jul 24 03:15:26 2018, Last Printed: Tue Jul 24 03:15:26 2018
|
dropped
|
||
|
C:\Windows\Installer\MSI80E6.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI81A2.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI8211.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF164F575F959CA334.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF1AD6B9B44D290FF8.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF22D2B4B04A4971FD.TMP
|
data
|
modified
|
||
|
C:\Windows\Temp\~DF23FA9ACE23FCD44B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF7B53429BE2301499.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF8B370F716CC75002.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFA27904E46FB322E6.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFAC25A1076C4CE445.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFB0DDA37AD60475C1.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFC2CAB2504A990051.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFD60CD8828C653DCD.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFEBA6A2164AD9C55F.TMP
|
data
|
dropped
|
There are 24 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\DE-1550 Installer v1.03_rev1 07-23-2018.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 84DA78192880581D6829482FFD39CF6A C
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding C6401D95ECC4BE08AAC131C3978679E2
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\118801c.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\118801c.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Components\E096EEBFAC363219439244E85DC23A35
|
8FD1148781BD47749A4F5A6D0DAD87C7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Components\EA1B9AD625CEE4465A126CAC43C59AA2
|
8FD1148781BD47749A4F5A6D0DAD87C7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Components\BA93911546643F9FC9CAD789D1D873C4
|
8FD1148781BD47749A4F5A6D0DAD87C7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Components\7B828B9B55EE98380DCE4434C78C2547
|
8FD1148781BD47749A4F5A6D0DAD87C7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Components\8FD1148781BD47749A4F5A6D0DAD87C7
|
8FD1148781BD47749A4F5A6D0DAD87C7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Components\7640B7F7A0E82F0A0CF020DCE830A3D5
|
8FD1148781BD47749A4F5A6D0DAD87C7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Components\265FAB29EC43967713368A7FDF22BF9A
|
8FD1148781BD47749A4F5A6D0DAD87C7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Altronic LLC\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Altronic LLC\Altronic DE-1550\Configuration Files\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Altronic LLC\DE-1550\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Altronic LLC\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F949D595FC68D4B459DF80F17A4DBA21
|
8FD1148781BD47749A4F5A6D0DAD87C7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78411DF8-DB18-4774-A9F4-A5D6D0DA787C}
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Assemblies\C:|Program Files (x86)|Altronic LLC|Altronic DE-1550|Altronic DE-1550.exe
|
Altronic DE-1550,Version="1.0.0.7",Culture="neutral",ProcessorArchitecture="x86"
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\8FD1148781BD47749A4F5A6D0DAD87C7
|
DefaultFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\Features
|
DefaultFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3425316567-2969588382-3778222414-1001\Products\8FD1148781BD47749A4F5A6D0DAD87C7\Patches
|
AllPatches
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7
|
ProductName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7
|
PackageCode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7
|
Assignment
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7
|
AdvertiseFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7
|
InstanceType
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7
|
AuthorizedLUAApp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7
|
DeploymentFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\F949D595FC68D4B459DF80F17A4DBA21
|
8FD1148781BD47749A4F5A6D0DAD87C7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7\SourceList
|
PackageName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7\SourceList\Net
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7\SourceList\Media
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7
|
Clients
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\8FD1148781BD47749A4F5A6D0DAD87C7\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
|
SppGetSnapshots (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
|
SppGetSnapshots (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
|
SppEnumGroups (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
|
SppEnumGroups (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
|
NestingLevel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
|
StartNesting
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile
|
NestingLevel
|
There are 87 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
17D55D53000
|
heap
|
page read and write
|
||
|
26686E68000
|
heap
|
page read and write
|
||
|
5CCD9F8000
|
stack
|
page read and write
|
||
|
17D55F30000
|
heap
|
page read and write
|
||
|
26686E02000
|
unkown
|
page read and write
|
||
|
26686E00000
|
unkown
|
page read and write
|
||
|
26686E13000
|
unkown
|
page read and write
|
||
|
26686D30000
|
heap
|
page read and write
|
||
|
26686CC0000
|
heap
|
page read and write
|
||
|
17D55BA0000
|
heap
|
page read and write
|
||
|
5CCDB79000
|
stack
|
page read and write
|
||
|
17D55D24000
|
heap
|
page read and write
|
||
|
26686E54000
|
heap
|
page read and write
|
||
|
5CCD5ED000
|
stack
|
page read and write
|
||
|
26686E71000
|
heap
|
page read and write
|
||
|
17D55DE0000
|
heap
|
page read and write
|
||
|
83EDCFF000
|
stack
|
page read and write
|
||
|
83ED74D000
|
stack
|
page read and write
|
||
|
17D55E70000
|
heap
|
page read and write
|
||
|
17D55D36000
|
heap
|
page read and write
|
||
|
26686E6F000
|
heap
|
page read and write
|
||
|
26686E2A000
|
heap
|
page read and write
|
||
|
83EDEFA000
|
stack
|
page read and write
|
||
|
83EDB7A000
|
stack
|
page read and write
|
||
|
17D55CE0000
|
heap
|
page read and write
|
||
|
26686E6D000
|
heap
|
page read and write
|
||
|
26687213000
|
heap
|
page read and write
|
||
|
17D55F35000
|
heap
|
page read and write
|
||
|
17D55CE8000
|
heap
|
page read and write
|
||
|
26687202000
|
heap
|
page read and write
|
||
|
17D55D1D000
|
heap
|
page read and write
|
||
|
26686F02000
|
trusted library allocation
|
page read and write
|
||
|
17D55CF3000
|
heap
|
page read and write
|
||
|
26686E3A000
|
heap
|
page read and write
|
||
|
26686F15000
|
trusted library allocation
|
page read and write
|
||
|
26686F00000
|
trusted library allocation
|
page read and write
|
||
|
5CCDA7E000
|
stack
|
page read and write
|
||
|
26686E11000
|
unkown
|
page read and write
|
||
|
26686E1A000
|
unkown
|
page read and write
|
||
|
17D55D55000
|
heap
|
page read and write
|
||
|
26686D60000
|
trusted library allocation
|
page read and write
|
||
|
26686E3D000
|
heap
|
page read and write
|
||
|
26686E1C000
|
unkown
|
page read and write
|
There are 33 hidden memdumps, click here to show them.