Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

setup.msi

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {1E282293-F569-4B57-A204-E05DDA8D05B2}, Number of Words: 10, Subject: App x installer, Author: Coors Q Corporation, Name of Creating Application: App x installer, Template: x64;2057, Comments: This installer database contains the logic and data required to install App x installer., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Dec 21 08:40:04 2024, Last Saved Time/Date: Sat Dec 21 08:40:04 2024, Last Printed: Sat Dec 21 08:40:04 2024, Number of Pages: 450

initial sample

C:\Users\user\AppData\Local\Temp\msi55F6.txt

Unicode text, UTF-16, little-endian text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\pss55F9.ps1

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scr55F7.ps1

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Config.Msi\682051.rbs

data

modified

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bjgd5omh.5xq.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vrrd2zww.oet.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\BCUninstaller.exe

PE32+ executable (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\UnRar.exe

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-console-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-console-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-datetime-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-debug-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-errorhandling-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-file-l2-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-handle-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-heap-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-interlocked-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-libraryloader-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-localization-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-memory-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-namedpipe-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processenvironment-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processthreads-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-processthreads-l1-1-1.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-profile-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-rtlsupport-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-string-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-synch-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-synch-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-sysinfo-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-timezone-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-core-util-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-conio-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-convert-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-environment-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\api-ms-win-crt-filesystem-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_date_time.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_filesystem.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_program_options.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_regex.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_system.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\boost_threads.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\dvacore.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\dvaunittesting.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ghiuoqfj.rar

RAR archive data, v5

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\msvcp140.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\suriqk.bat

DOS batch file, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\una_front\classes.jsa

data

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\una_front\classes_nocoops.jsa

data

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\una_front\java.datatransfer.jmod

Java jmod module version 1.0

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\una_front\java.desktop.jmod

Java jmod module version 1.0

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\una_front\java.instrument.jmod

Java jmod module version 1.0

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\una_front\java.logging.jmod

Java jmod module version 1.0

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\una_front\java.management.jmod

Java jmod module version 1.0

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\utest.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\vcruntime140.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\vcruntime140_1.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Microsoft\Installer\{9323EC13-B736-45ED-8845-7358C228FF45}\icon_22.exe

MS Windows icon resource - 7 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel

dropped

C:\Windows\Installer\68204f.msi

dropped

C:\Windows\Installer\682052.msi

dropped

C:\Windows\Installer\MSI29D5.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI2AD0.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI2B0F.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI2B3F.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI2B8E.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI2BCE.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI2BFE.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI4A06.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI5590.tmp

data

dropped

C:\Windows\Installer\MSI55A1.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\SourceHash{9323EC13-B736-45ED-8845-7358C228FF45}

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Installer\inprogressinstallinfo.ipi

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

dropped

C:\Windows\System32\wbem\Performance\WmiApRpl_new.h

ASCII text, with CRLF line terminators

dropped

C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini

Unicode text, UTF-16, little-endian text, with CRLF line terminators

modified

C:\Windows\Temp\~DF05964E7DC495F044.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DF0EC2EA038AE7EA34.TMP

data

dropped

C:\Windows\Temp\~DF29F784B12D4340C7.TMP

data

dropped

C:\Windows\Temp\~DF40FE44FE3FCFCF29.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DF518574BEBB17DA44.TMP

data

dropped

C:\Windows\Temp\~DFA40D511CD4807B1E.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DFC00E80CFD125019D.TMP

data

dropped

C:\Windows\Temp\~DFC789578337D11947.TMP

data

dropped

C:\Windows\Temp\~DFDE1B683AE77A0F1F.TMP

data

dropped

C:\Windows\Temp\~DFE0827AA7176D08B4.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DFF78FD8D9E4051391.TMP

data

dropped

C:\Windows\Temp\~DFFD19157CFEB7B480.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\system32\wbem\Performance\WmiApRpl.h (copy)

ASCII text, with CRLF line terminators

dropped

\Device\ConDrv

ASCII text, with CRLF line terminators

dropped

There are 85 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CFC4A735AC50180D686C8F7014EE44E3

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss55F9.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi55F6.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr55F7.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr55F8.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\suriqk.bat" "C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe""

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe

"C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\createdump.exe"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe

"C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\ImporterREDServer.exe"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\wbem\WMIADAP.exe

wmiadap.exe /F /T /R

There are 2 hidden processes, click here to show them.

URLs

Name

Malicious

https://cubermo.com/updater.php

172.67.164.25

http://nuget.org/NuGet.exe

unknown

http://crl.micro

unknown

http://pesterbdd.com/images/Pester.png

unknown

https://aka.ms/pscore6lB

unknown

http://www.apache.org/licenses/LICENSE-2.0.html

unknown

https://go.micro

unknown

https://contoso.com/

unknown

https://nuget.org/nuget.exe

unknown

https://contoso.com/License

unknown

https://contoso.com/Icon

unknown

http://schemas.mick

unknown

http://xml.org/sax/features/external-general-entitieshttp://xml.org/sax/features/external-parameter-

unknown

https://aka.ms/winui2/webview2download/Reload():

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://cubermo.com/updater.phpx

unknown

https://github.com/Pester/Pester

unknown

There are 7 hidden URLs, click here to show them.

Domains

Name

Malicious

cubermo.com

172.67.164.25

Details

Name:	cubermo.com
IP:	172.67.164.25
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sigma detected: Msiexec Initiated Connection	System Summary
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

172.67.164.25

cubermo.com

United States

Details

IP:	172.67.164.25
TargetID:	3
Current Path:	C:\Windows\SysWOW64\msiexec.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	cubermo.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sigma detected: Msiexec Initiated Connection	System Summary
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Config.Msi\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts

C:\Config.Msi\682051.rbs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts

C:\Config.Msi\682051.rbsLow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Microsoft\Installer\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E443C93FE38A0674D88A2F672090B5F4

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\187E38CB2ED78A74793CE2C69CCBDA28

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E7EE285D6BCFBB0488FD8D57166FADAC

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\51125544FAB230246BBFE149506FE373

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\065A82ED1E5E5304C83A443964682A94

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\89B93D30BB7E2604DB2903D746A2C51F

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\3E23C972A00A3154A9B83D89A4146ABF

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\574D5B86D91DF25448D9F526CAAE9C9D

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\14BA7B05AF5C8754DA7B962E06A867B6

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9B5AF4DE1AB2060489B6AE7B3EA194D6

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\49982E48A3B4BC04FA606F6079F49621

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C66308C74B87A2543A43E47D5062F642

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\23FCC08CDC982854E8B3DC110D4BA6F0

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\4E53B16B1EB817146BB92E24C39E71F9

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EE69BDDFD74852B4581B566E26FC368A

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\DE8D80696CE804542B23A42863608F26

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D8E6B71400CBD04BBD221D5C7C12CE1

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9737E2B1877BA2647A4AC547869EDF03

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\65624D8381D30F249B874F58E818676E

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\1D6B9F26743114741949E7CBD0850B50

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\876E9D03A3628184781AD86C940640F7

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\281AF9D8612EF2E47BDAFD353EBB66DB

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\D63B3F7EA8654C24FB42180178BBBF34

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C04D16F8CDF5F4543AC9A3616BA42840

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\74BFD8668DF9CDF4DAE798C67C0F5E07

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E84195AD854B9A744A14CCC0101E24CE

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\1DD769335A51CEF409558BD4F1FD0D16

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\A90F39F166BA2EA44BC33F5B99568A56

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\448F614546145E44A8D80DE268772838

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\05FD0BAA4CB2CD9439DCE5CDE594202A

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\314863730BAF8734C8564E85B3A047C8

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EA86D228823216D438705787F640D3A5

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6B5745FE5D94C414FA11D00F7E2AB400

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6B581FFC20289EB4099D141CDE7359BB

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\99506DC9F6A09D640842631E2BC2AC70

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\210EE68B5FD50E34281311DD8E8CA8CE

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\BF72C907D7DD14443B547200FB74B315

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E7F5D6A9A9F5C584282653FB24AE4CCB

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\B218C6F033F3D9F4E9F7F1687CFC5E4E

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\ECEF6DC4638DFEF4686CB4AA8C90A457

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\799575847269DFB4B90DB80E9AE3F513

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9AB49572650F2254CB98AFD3B7DA9B2E

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\1DA51AE393E3A2E44AD642274DF874C9

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EE9277BB1523DD045952C0B8CCCF2CF8

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\27B23E0DE8354FA4984FE3E6EA64A0DA

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E053C72B9492790418B6BC8963A132B1

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\418D33948A06A3141BB101F3E34641AE

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\30E3084F57A08354080B6375A86D0459

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\57D46BCA90CDE574793A997F4D70B5FE

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\BE3F70CAE98AB094E896B57BD601796E

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E571FA2CC5C29C246B485717ABC8D733

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6518C1A5576E11E4FBC0C0E45F2E3C59

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Coors Q Corporation\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Coors Q Corporation\App x installer\una_front\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Microsoft\Installer\{9323EC13-B736-45ED-8845-7358C228FF45}\

HKEY_CURRENT_USER\SOFTWARE\Coors Q Corporation\App x installer

Version

HKEY_CURRENT_USER\SOFTWARE\Coors Q Corporation\App x installer

Path

HKEY_CURRENT_USER\SOFTWARE\Coors Q Corporation\App x installer

CivineQuiteLic

HKEY_CURRENT_USER\SOFTWARE\Coors Q Corporation\App x installer\Durox

Ver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

LocalPackage

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

AuthorizedCDFPrefix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

Comments

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

Contact

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

DisplayVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

HelpLink

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

HelpTelephone

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

InstallDate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

InstallLocation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

InstallSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

ModifyPath

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

NoModify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

NoRepair

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

Publisher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

Readme

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

Size

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

EstimatedSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

UninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

URLInfoAbout

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

URLUpdateInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

VersionMajor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

VersionMinor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

WindowsInstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

Language

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

AuthorizedCDFPrefix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

Comments

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

Contact

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

DisplayVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

HelpLink

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

HelpTelephone

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

InstallDate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

InstallLocation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

InstallSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

ModifyPath

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

NoModify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

NoRepair

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

Publisher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

Readme

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

Size

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

EstimatedSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

UninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

URLInfoAbout

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

URLUpdateInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

VersionMajor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

VersionMinor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

WindowsInstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

Language

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\89FF345CAA631E247984F173355299DC

31CE3239637BDE54885437852C82FF54

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\InstallProperties

DisplayName

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9323EC13-B736-45ED-8845-7358C228FF45}

DisplayName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\31CE3239637BDE54885437852C82FF54

MainFeature

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\Features

MainFeature

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\31CE3239637BDE54885437852C82FF54\Patches

AllPatches

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

ProductName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

PackageCode

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

Language

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

Version

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

Assignment

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

AdvertiseFlags

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

ProductIcon

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

InstanceType

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

AuthorizedLUAApp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

DeploymentFlags

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\89FF345CAA631E247984F173355299DC

31CE3239637BDE54885437852C82FF54

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54\SourceList

PackageName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54\SourceList\Net

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54\SourceList\Media

DiskPrompt

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54\SourceList\Media

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54

Clients

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\31CE3239637BDE54885437852C82FF54\SourceList

LastUsedSource

There are 129 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7530000

heap

page read and write

6D9E000

stack

page read and write

F40000

heap

page read and write

ED0000

trusted library allocation

page read and write

4D50000

heap

page execute and read and write

518B000

trusted library allocation

page read and write

7FF8BFB61000

unkown

page read and write

7FF7482BC000

unkown

page write copy

140013000

unkown

page readonly

7391000

heap

page read and write

C49000

heap

page read and write

75F9000

trusted library allocation

page read and write

558577D000

stack

page read and write

82A0000

heap

page read and write

6EEE000

stack

page read and write

7FF8B91A7000

unkown

page readonly

7720000

trusted library allocation

page read and write

56D0000

trusted library allocation

page read and write

1B0000

heap

page read and write

8320000

trusted library allocation

page read and write

960000

heap

page read and write

728E000

stack

page read and write

1D5A53F0000

heap

page read and write

74E9000

heap

page read and write

7FF7482B1000

unkown

page execute read

14C000

stack

page read and write

6F8E000

stack

page read and write

7544000

heap

page read and write

4CEE000

stack

page read and write

14001B000

unkown

page readonly

140013000

unkown

page read and write

7509000

heap

page read and write

4C6E000

stack

page read and write

30C7000

heap

page read and write

7FF7482B0000

unkown

page readonly

700E000

stack

page read and write

F20000

trusted library allocation

page read and write

704D000

stack

page read and write

763E000

stack

page read and write

5585A7F000

stack

page read and write

EE0000

trusted library allocation

page read and write

EC0000

trusted library allocation

page read and write

140001000

unkown

page execute read

6E6D000

stack

page read and write

825E000

stack

page read and write

140001000

unkown

page execute read

77C0000

trusted library allocation

page read and write

7730000

trusted library allocation

page read and write

1D5A53D0000

heap

page read and write

9F0000

heap

page read and write

30C0000

heap

page read and write

8AC000

stack

page read and write

5A0000

heap

page read and write

75A0000

trusted library allocation

page read and write

4DC2000

trusted library allocation

page read and write

5AC000

heap

page read and write

708E000

stack

page read and write

7750000

trusted library allocation

page read and write

751E000

heap

page read and write

752A000

heap

page read and write

7357000

trusted library allocation

page read and write

140014000

unkown

page readonly

2FF0000

trusted library allocation

page read and write

75F0000

trusted library allocation

page read and write

180429000

unkown

page write copy

C94000

heap

page read and write

ED4000

trusted library allocation

page read and write

140000000

unkown

page readonly

82C0000

trusted library allocation

page read and write

8200000

trusted library allocation

page read and write

4CAF000

stack

page read and write

DF6000

heap

page read and write

7780000

trusted library allocation

page read and write

7FF7482B1000

unkown

page execute read

180428000

unkown

page read and write

70CE000

stack

page read and write

E3E000

stack

page read and write

7580000

trusted library allocation

page read and write

5D89000

trusted library allocation

page read and write

3000000

heap

page read and write

82D0000

heap

page read and write

14001A000

unkown

page read and write

2FD8000

trusted library allocation

page read and write

1D5A5200000

heap

page read and write

77E0000

trusted library allocation

page read and write

1D5A55E0000

heap

page read and write

7FF8B9121000

unkown

page execute read

7521000

heap

page read and write

6FCA000

stack

page read and write

6F40000

heap

page execute and read and write

4D61000

trusted library allocation

page read and write

F00000

trusted library allocation

page read and write

7700000

trusted library allocation

page read and write

E80000

heap

page read and write

C10000

heap

page read and write

7350000

trusted library allocation

page read and write

74A0000

heap

page read and write

180426000

unkown

page write copy

75E5000

trusted library allocation

page read and write

8ED000

stack

page read and write

ED3000

trusted library allocation

page execute and read and write

55858FF000

stack

page read and write

7FF8B9175000

unkown

page read and write

5391000

trusted library allocation

page read and write

82B0000

trusted library allocation

page execute and read and write

1D5A520B000

heap

page read and write

5A9000

heap

page read and write

C3D000

heap

page read and write

72CE000

stack

page read and write

7532000

heap

page read and write

7760000

trusted library allocation

page read and write

14001B000

unkown

page readonly

7FF8B9176000

unkown

page readonly

7FF7482BD000

unkown

page readonly

74C2000

heap

page read and write

4C2E000

stack

page read and write

7FF8B91A3000

unkown

page read and write

7FF8B9120000

unkown

page readonly

1802BD000

unkown

page readonly

7480000

heap

page read and write

1802BB000

unkown

page read and write

F05000

trusted library allocation

page execute and read and write

C98000

heap

page read and write

74F5000

heap

page read and write

C18000

heap

page read and write

4EB6000

trusted library allocation

page read and write

7597000

trusted library allocation

page read and write

70D0000

heap

page read and write

7FF7482B0000

unkown

page readonly

7FF7482BC000

unkown

page read and write

7790000

trusted library allocation

page read and write

6DDE000

stack

page read and write

7360000

heap

page execute and read and write

8E9000

stack

page read and write

7590000

trusted library allocation

page read and write

77A0000

trusted library allocation

page read and write

180479000

unkown

page readonly

81D0000

heap

page read and write

753C000

heap

page read and write

77B0000

trusted library allocation

page read and write

77F0000

trusted library allocation

page execute and read and write

7FF7482BD000

unkown

page readonly

720E000

stack

page read and write

6F45000

heap

page execute and read and write

7FF7482B8000

unkown

page readonly

829F000

stack

page read and write

5D69000

trusted library allocation

page read and write

D09000

heap

page read and write

7FF8BFB66000

unkown

page read and write

7770000

trusted library allocation

page read and write

9AD000

stack

page read and write

74FB000

heap

page read and write

7FF8BFB50000

unkown

page readonly

767E000

stack

page read and write

308E000

stack

page read and write

5DCB000

trusted library allocation

page read and write

F02000

trusted library allocation

page read and write

74EF000

heap

page read and write

EE9000

trusted library allocation

page read and write

7FF7482B8000

unkown

page readonly

5424000

trusted library allocation

page read and write

4D2F000

stack

page read and write

1D5A51F0000

heap

page read and write

7FF8B91A4000

unkown

page write copy

304E000

stack

page read and write

E7F000

stack

page read and write

2FD0000

trusted library allocation

page read and write

180000000

unkown

page readonly

C8B000

heap

page read and write

77D0000

trusted library allocation

page read and write

76FD000

stack

page read and write

F30000

heap

page readonly

180001000

unkown

page execute read

14001A000

unkown

page write copy

140000000

unkown

page readonly

6EAB000

stack

page read and write

7740000

trusted library allocation

page read and write

7FF8BFB67000

unkown

page readonly

76BE000

stack

page read and write

724E000

stack

page read and write

7FF8BFB51000

unkown

page execute read

500F000

trusted library allocation

page read and write

558C000

trusted library allocation

page read and write

8210000

trusted library allocation

page read and write

7710000

trusted library allocation

page execute and read and write

DF0000

heap

page read and write

EDD000

trusted library allocation

page execute and read and write

190000

heap

page read and write

9EE000

stack

page read and write

4BEC000

stack

page read and write

F50000

trusted library allocation

page execute and read and write

749B000

heap

page read and write

5D61000

trusted library allocation

page read and write

7FF8BFB62000

unkown

page readonly

6F2F000

stack

page read and write

There are 185 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
setup.msi

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportsetup.msi

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
setup.msi