Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
StretchInstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Program Files (x86)\Shelter Publications\StretchWare\StchCtrl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
 |
|
|
C:\Program Files (x86)\Shelter Publications\StretchWare\StretchHook.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\3ad364.rbs
|
data
|
modified
|
||
|
C:\Program Files (x86)\Shelter Publications\StretchWare\Stretch.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Shelter Publications\StretchWare\StretchRes.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Shelter Publications\StretchWare\StretchWare.ico
|
MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\StretchWare.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number
of Pages: 200, Revision Number: {F20E5EB4-1FAE-4866-A8F0-484FF0C9EC46}, Title: StretchWare, Author: Quality Process, Number
of Words: 2, Last Saved Time/Date: Wed Jan 2 21:00:23 2013, Last Printed: Wed Jan 2 21:00:23 2013
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\VSDAAAD.tmp\install.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}\_24275761ADC5B212D44AB6.exe
|
MS Windows icon resource - 2 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StretchWare\Stretch.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32
1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
dropped
|
||
|
C:\Windows\Installer\3ad363.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number
of Pages: 200, Revision Number: {F20E5EB4-1FAE-4866-A8F0-484FF0C9EC46}, Title: StretchWare, Author: Quality Process, Number
of Words: 2, Last Saved Time/Date: Wed Jan 2 21:00:23 2013, Last Printed: Wed Jan 2 21:00:23 2013
|
dropped
|
||
|
C:\Windows\Installer\3ad365.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number
of Pages: 200, Revision Number: {F20E5EB4-1FAE-4866-A8F0-484FF0C9EC46}, Title: StretchWare, Author: Quality Process, Number
of Words: 2, Last Saved Time/Date: Wed Jan 2 21:00:23 2013, Last Printed: Wed Jan 2 21:00:23 2013
|
dropped
|
||
|
C:\Windows\Installer\MSID586.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF2ABCACBD02624351.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF46909EA4B1ED9E92.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF4E7E7153EF1D3B16.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF4F66FA6C75604436.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF5847C78C566C8B1F.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF8219D3502EFE3722.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF9797F267E883C7AB.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFC25266A3F7F8776D.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFEE6E11B632B3D2B1.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFEEDFCB541973E719.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFF8D7448D0D1E1ACE.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFFE64E2CB70E22634.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
There are 20 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Shelter Publications\StretchWare\StchCtrl.exe
|
"C:\Program Files (x86)\Shelter Publications\StretchWare\StchCtrl.exe"
|
|
|
|
C:\Users\user\Desktop\StretchInstall.exe
|
"C:\Users\user\Desktop\StretchInstall.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\setup.exe
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\setup.exe
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe" -I "C:\Users\user\AppData\Local\Temp\IXP000.TMP\StretchWare.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.stretchware.com/
|
unknown
|
||
|
http://www.esellerate.net/privacy.asp
|
unknown
|
||
|
http://www.esellerate.net/privacy.aspCONNECTION
|
unknown
|
||
|
http://activate.esellerate.net
|
unknown
|
||
|
http://go.microsoft.c
|
unknown
|
||
|
http://activate.esellerate.net).
|
unknown
|
||
|
http://www.esellerate.net/papolicyhttp://activate.esellerate.netSelect
|
unknown
|
||
|
http://www.shelterpub.com/
|
unknown
|
||
|
http://www.stretchware.com/stretching_resources.html(http://www.stretchware.com/products.html
|
unknown
|
||
|
http://www.esellerate.net/papolicy
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\3ad364.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\3ad364.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\4B9A499C396424B5110630DF35A9FDC8
|
3752F2D1A67AAD74BB6986061DC74CB5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EDAF7F362B227148B78C0B9C4575C848
|
3752F2D1A67AAD74BB6986061DC74CB5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\65C6657EECAD73B8AEE0DD1B09ED309D
|
3752F2D1A67AAD74BB6986061DC74CB5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\3752F2D1A67AAD74BB6986061DC74CB5
|
3752F2D1A67AAD74BB6986061DC74CB5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\24A6DBAB3B65969C410EE574CB5A4856
|
3752F2D1A67AAD74BB6986061DC74CB5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\1E55A298CB3D3EBC5AFFB311D3F6BBB1
|
3752F2D1A67AAD74BB6986061DC74CB5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\8CAC189646532DB0EB08EC567D5A93DB
|
3752F2D1A67AAD74BB6986061DC74CB5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\7AAAB9C64D4DB516D45729AD601DDB0C
|
3752F2D1A67AAD74BB6986061DC74CB5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Shelter Publications\StretchWare\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Shelter Publications\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StretchWare\
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\StretchWare\{E7566C56-DACE-8B37-EA0E-DDB190DE03D9}
|
ProgramMenuFolder
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
StretchWare StchCtrl
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\D2C91D1AA0B02994E99A44B3D8781A66
|
3752F2D1A67AAD74BB6986061DC74CB5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D2F2573-A76A-47DA-BB96-6860D17CC45B}
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\3752F2D1A67AAD74BB6986061DC74CB5
|
DefaultFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\Features
|
DefaultFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\3752F2D1A67AAD74BB6986061DC74CB5\Patches
|
AllPatches
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5
|
ProductName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5
|
PackageCode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5
|
Assignment
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5
|
AdvertiseFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5
|
InstanceType
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5
|
AuthorizedLUAApp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5
|
DeploymentFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\D2C91D1AA0B02994E99A44B3D8781A66
|
3752F2D1A67AAD74BB6986061DC74CB5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5\SourceList
|
PackageName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5\SourceList\Net
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5\SourceList\Media
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5
|
Clients
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\3752F2D1A67AAD74BB6986061DC74CB5\SourceList
|
LastUsedSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\StretchWare
|
Installation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Mode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Clock0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Clock1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Clock2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Clock3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Clock4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Clock5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Interval
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Keys&Mice
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Custom Keys
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Activation Custom Mice
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Notification Sound ON
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Notification Sound
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
SoundPath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Notification Sound Volume
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Notification Use System Volume
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Notification Flash Icon ON
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Notification Flash Interval
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Notification Dialog ON
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
Sequence Index
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
HotKey Enable
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
HotKey Keycode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Shelter Publications\Stretch\Preferences
|
HotKey Modifiers
|
There are 104 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7DEC8FE000
|
stack
|
page read and write
|
||
|
1087000
|
unkown
|
page readonly
|
||
|
2D6F000
|
stack
|
page read and write
|
||
|
529000
|
heap
|
page read and write
|
||
|
48F0000
|
heap
|
page read and write
|
||
|
C63000
|
heap
|
page read and write
|
||
|
1000000
|
unkown
|
page readonly
|
||
|
D21000
|
unkown
|
page execute read
|
||
|
140000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
50E000
|
heap
|
page read and write
|
||
|
539000
|
heap
|
page read and write
|
||
|
10CB000
|
unkown
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
53C000
|
heap
|
page read and write
|
||
|
73F79000
|
unkown
|
page read and write
|
||
|
89E000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
1EA000
|
heap
|
page read and write
|
||
|
2F1F000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
195000
|
heap
|
page read and write
|
||
|
F60000
|
unkown
|
page readonly
|
||
|
1BE000
|
stack
|
page read and write
|
||
|
56C000
|
heap
|
page read and write
|
||
|
100B000
|
unkown
|
page write copy
|
||
|
8C2000
|
heap
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
5A9000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
18976635000
|
heap
|
page read and write
|
||
|
1001000
|
unkown
|
page execute read
|
||
|
18976270000
|
heap
|
page read and write
|
||
|
100D000
|
unkown
|
page readonly
|
||
|
18976350000
|
heap
|
page read and write
|
||
|
5A2000
|
heap
|
page read and write
|
||
|
7DEC87E000
|
stack
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
D21000
|
unkown
|
page execute read
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
73F76000
|
unkown
|
page readonly
|
||
|
7DEC5AC000
|
stack
|
page read and write
|
||
|
F60000
|
unkown
|
page readonly
|
||
|
745000
|
heap
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
4DB000
|
heap
|
page read and write
|
||
|
18976409000
|
heap
|
page read and write
|
||
|
6BCF1000
|
unkown
|
page execute read
|
||
|
5DB000
|
heap
|
page read and write
|
||
|
F36000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
73F7C000
|
unkown
|
page readonly
|
||
|
1000000
|
unkown
|
page readonly
|
||
|
554000
|
heap
|
page read and write
|
||
|
18976370000
|
heap
|
page read and write
|
||
|
100B000
|
unkown
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
592000
|
heap
|
page read and write
|
||
|
8C1000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
10D9000
|
unkown
|
page readonly
|
||
|
4B2F000
|
stack
|
page read and write
|
||
|
532000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
50B000
|
heap
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
5CA000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
73F71000
|
unkown
|
page execute read
|
||
|
18976630000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
5A9000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
26E0000
|
trusted library allocation
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
8C2000
|
heap
|
page read and write
|
||
|
FEE000
|
stack
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
175000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
D75000
|
unkown
|
page readonly
|
||
|
8C8000
|
heap
|
page read and write
|
||
|
6BCF6000
|
unkown
|
page readonly
|
||
|
534000
|
heap
|
page read and write
|
||
|
5A4000
|
heap
|
page read and write
|
||
|
D70000
|
unkown
|
page write copy
|
||
|
8DA000
|
heap
|
page read and write
|
||
|
100D000
|
unkown
|
page readonly
|
||
|
1087000
|
unkown
|
page readonly
|
||
|
D75000
|
unkown
|
page readonly
|
||
|
130000
|
heap
|
page read and write
|
||
|
10D9000
|
unkown
|
page readonly
|
||
|
160000
|
heap
|
page read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
8C9000
|
heap
|
page read and write
|
||
|
52E000
|
heap
|
page read and write
|
||
|
53C000
|
heap
|
page read and write
|
||
|
10CB000
|
unkown
|
page write copy
|
||
|
6BCFA000
|
unkown
|
page readonly
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
58D000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
2F27000
|
heap
|
page read and write
|
||
|
4EC000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
6BCF8000
|
unkown
|
page read and write
|
||
|
4FC000
|
stack
|
page read and write
|
||
|
2356000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
2613000
|
heap
|
page read and write
|
||
|
2D90000
|
trusted library allocation
|
page read and write
|
||
|
7BA000
|
heap
|
page read and write
|
||
|
6BCF0000
|
unkown
|
page readonly
|
||
|
D70000
|
unkown
|
page read and write
|
||
|
56B000
|
stack
|
page read and write
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
18977FB0000
|
heap
|
page read and write
|
||
|
F61000
|
unkown
|
page execute read
|
||
|
8C6000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
46A000
|
stack
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
6BE4A000
|
unkown
|
page readonly
|
||
|
740000
|
heap
|
page read and write
|
||
|
73F70000
|
unkown
|
page readonly
|
||
|
18976400000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
52E000
|
heap
|
page read and write
|
||
|
59E000
|
heap
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
5BF000
|
heap
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
1001000
|
unkown
|
page execute read
|
||
|
554000
|
heap
|
page read and write
|
||
|
FAF000
|
stack
|
page read and write
|
||
|
509000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
F61000
|
unkown
|
page execute read
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
13A000
|
stack
|
page read and write
|
||
|
5F3000
|
heap
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
D20000
|
unkown
|
page readonly
|
||
|
F30000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
58F000
|
heap
|
page read and write
|
||
|
35A1000
|
heap
|
page read and write
|
||
|
D20000
|
unkown
|
page readonly
|
There are 165 hidden memdumps, click here to show them.