IOC Report
MBII_Launcher_Setup.msi

loading gifFilesProcessesURLsRegistryMemdumps105010Label

Files

File Path
Type
Category
Malicious
Download
MBII_Launcher_Setup.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: MBII Launcher, Author: Moviebattles Team, Keywords: Installer, Comments: This installer database contains the logic and data required to install MBII Launcher., Template: Intel;1033, Revision Number: {5A519A61-5775-494F-86D4-1E6A7DA46B2B}, Create Time/Date: Thu Mar 13 10:55:02 2025, Last Saved Time/Date: Thu Mar 13 10:55:02 2025, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
initial sample
 malicious
C:\Program Files (x86)\MBII Launcher\MBIILauncher.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\MBII Launcher\MBII_Patcher.XmlSerializers.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\MBII Launcher\MBII_Patcher.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\MBII Launcher\Newtonsoft.Json.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\MBII Launcher\System.Net.Http.Formatting.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\MBII Launcher\System.Windows.Controls.Input.Toolkit.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\MBII Launcher\System.Windows.Controls.Layout.Toolkit.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\MBII Launcher\WPFToolkit.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\MBII Launcher\ndp48web.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\MSI56DD.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI6CC7.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
modified
 malicious
C:\Windows\Installer\MSI6CC7.tmp-\MBIILauncher_Net48_CA.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI6CC7.tmp-\Microsoft.Deployment.WindowsInstaller.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Config.Msi\6c67b6.rbs
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moviebattles II Launcher\MBII Launcher.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Thu Mar 13 13:54:54 2025, mtime=Thu Apr 24 20:52:57 2025, atime=Thu Mar 13 13:54:54 2025, length=1953280, window=hide
dropped
C:\Users\Public\Desktop\MBII Launcher.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Thu Mar 13 13:54:54 2025, mtime=Thu Apr 24 20:52:57 2025, atime=Thu Mar 13 13:54:54 2025, length=1953280, window=hide
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
CSV text
dropped
C:\Windows\Installer\6c67b5.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: MBII Launcher, Author: Moviebattles Team, Keywords: Installer, Comments: This installer database contains the logic and data required to install MBII Launcher., Template: Intel;1033, Revision Number: {5A519A61-5775-494F-86D4-1E6A7DA46B2B}, Create Time/Date: Thu Mar 13 10:55:02 2025, Last Saved Time/Date: Thu Mar 13 10:55:02 2025, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
dropped
C:\Windows\Installer\6c67b7.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: MBII Launcher, Author: Moviebattles Team, Keywords: Installer, Comments: This installer database contains the logic and data required to install MBII Launcher., Template: Intel;1033, Revision Number: {5A519A61-5775-494F-86D4-1E6A7DA46B2B}, Create Time/Date: Thu Mar 13 10:55:02 2025, Last Saved Time/Date: Thu Mar 13 10:55:02 2025, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
dropped
C:\Windows\Installer\MSI695B.tmp
data
dropped
C:\Windows\Installer\MSI6CC7.tmp-\CustomAction.config
XML 1.0 document, ASCII text
dropped
C:\Windows\Installer\SourceHash{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\inprogressinstallinfo.ipi
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}\Icon
MS Windows icon resource - 3 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48, 32 bits/pixel
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\Temp\~DF090A5B5610665CBB.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF1892603CB1E8E91A.TMP
data
dropped
C:\Windows\Temp\~DF4F920592910A3214.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF74A106C135A0907A.TMP
data
dropped
C:\Windows\Temp\~DF916D3866EA37FB49.TMP
data
dropped
C:\Windows\Temp\~DFA47D00D08E2120D3.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFB0B112949C7D1FA9.TMP
data
dropped
C:\Windows\Temp\~DFBCDE24EA8995C734.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFEC0C97BC90A376AB.TMP
data
dropped
C:\Windows\Temp\~DFF21B531E46D68FF6.TMP
data
dropped
C:\Windows\Temp\~DFF2BE7CCB44C7CF0E.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFF6523E2A9F02274E.TMP
data
dropped
There are 28 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\MBII_Launcher_Setup.msi"
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 0E678525780BF4B6AB7EB041428B7135 C
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 105D80CEB2F9369D290097623B1B0610
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI6CC7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_7105984 2 MBIILauncher_Net48_CA!MBIILauncher_Net48_CA.CustomActions.DownloadAndInstallNet48

URLs

Name
IP
Malicious
https://www.newtonsoft.com/json
unknown
http://wixtoolset.org/releases/
unknown
https://patcher.moviebattles.org
unknown
https://www.nuget.org/packages/Newtonsoft.Json.Bson
unknown
http://wixtoolset.org
unknown
http://wixtoolset.org/news/
unknown
http://www.codeplex.com/wpf
unknown
http://james.newtonking.com/projects/json
unknown
https://www.asp.net
unknown
https://www.newtonsoft.com/jsonschema
unknown
http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
unknown
https://github.com/JamesNK/Newtonsoft.Json
unknown
There are 2 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\6c67b6.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\6c67b6.rbsLow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8BA80831F7A86246938C68E48992174
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8F63685C2C6625428CC9E9831308DD1
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20EB6DEC6857A1F44890840EF7663C0B
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC96925E5807F2B43921D9C7A5DF6E66
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE855F293E52E3B46886C7B5840B8E73
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DBBC81F61D54CA42B06E30DF07FD615
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7825F3D739FF24C488450313F4296693
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\091C2C5BFF8AF5549947A22A855B4690
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26CFB7D1A2ADEC44C8873165A90B0DBB
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D7F963200BDEFA4BAE01F06F95AE4C1
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1CB17DE97D70E7A438AB128E5ADB97A9
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files (x86)\MBII Launcher\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moviebattles II Launcher\
HKEY_CURRENT_USER\SOFTWARE\Moviebattles Team\MBII Launcher
installed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
LocalPackage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
Language
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
Size
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\80A4A2769C1E4CA49AE9219454E4B405
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\InstallProperties
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5652CFAF-3F60-41EE-A878-DE92DAA0D0B3}
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\FAFC256506F3EE148A87ED29AD0A0D3B
ProductFeature
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\Features
ProductFeature
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FAFC256506F3EE148A87ED29AD0A0D3B\Patches
AllPatches
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
Assignment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
AdvertiseFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
ProductIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
AuthorizedLUAApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
DeploymentFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\80A4A2769C1E4CA49AE9219454E4B405
FAFC256506F3EE148A87ED29AD0A0D3B
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B\SourceList
PackageName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B\SourceList\Net
1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B\SourceList\Media
1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B
Clients
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FAFC256506F3EE148A87ED29AD0A0D3B\SourceList
LastUsedSource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
There are 82 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
45CF000
stack
page read and write
B1E000
stack
page read and write
7AB000
stack
page read and write
48C0000
trusted library allocation
page read and write
4940000
heap
page execute and read and write
48CE000
heap
page read and write
C31000
heap
page read and write
D80000
heap
page read and write
BCD000
heap
page read and write
4740000
trusted library allocation
page read and write
4700000
trusted library allocation
page read and write
482F000
stack
page read and write
6E00000
trusted library allocation
page read and write
4760000
trusted library allocation
page read and write
AD0000
heap
page read and write
48B0000
trusted library allocation
page execute and read and write
C03000
heap
page read and write
6E40000
trusted library allocation
page read and write
BC4000
heap
page read and write
4951000
trusted library allocation
page read and write
4714000
trusted library allocation
page read and write
474B000
trusted library allocation
page execute and read and write
BD9000
heap
page read and write
46FA000
heap
page read and write
6CDC000
trusted library allocation
page execute and read and write
47AE000
stack
page read and write
7F938000
trusted library allocation
page execute and read and write
B5F000
stack
page read and write
48F0000
heap
page execute and read and write
48E0000
trusted library allocation
page read and write
48D4000
trusted library allocation
page read and write
47B0000
heap
page readonly
48AE000
stack
page read and write
46CE000
heap
page read and write
5951000
trusted library allocation
page read and write
AA0000
heap
page read and write
7E8000
stack
page read and write
486D000
stack
page read and write
46E0000
heap
page read and write
471D000
trusted library allocation
page execute and read and write
6E40000
trusted library allocation
page read and write
A50000
heap
page read and write
BD3000
heap
page read and write
A60000
heap
page read and write
47E0000
heap
page read and write
6CCD000
stack
page read and write
7F920000
trusted library allocation
page execute and read and write
48D0000
trusted library allocation
page read and write
6DE0000
trusted library allocation
page read and write
AD5000
heap
page read and write
6CD0000
trusted library allocation
page read and write
C2E000
heap
page read and write
493E000
stack
page read and write
6CF0000
heap
page read and write
4720000
trusted library allocation
page read and write
4747000
trusted library allocation
page execute and read and write
4710000
trusted library allocation
page read and write
BE7000
heap
page read and write
BAA000
heap
page read and write
5955000
trusted library allocation
page read and write
BA0000
heap
page read and write
458E000
stack
page read and write
6CE0000
heap
page read and write
4713000
trusted library allocation
page execute and read and write
C22000
heap
page read and write
C05000
heap
page read and write
46C0000
heap
page read and write
6DF0000
trusted library allocation
page execute and read and write
There are 58 hidden memdumps, click here to show them.