Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

installer.msi

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {E80F2B59-D743-41E0-8072-3664F2FD7ADC}, Number of Words: 10, Subject: Cave App, Author: Weqos Apps Industries, Name of Creating Application: Cave App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Cave App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Dec 26 07:05:13 2024, Last Saved Time/Date: Thu Dec 26 07:05:13 2024, Last Printed: Thu Dec 26 07:05:13 2024, Number of Pages: 450

initial sample

C:\Users\user\AppData\Local\Temp\msiB869.txt

Unicode text, UTF-16, little-endian text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\pssB87B.ps1

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\scrB86A.ps1

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Config.Msi\518574.rbs

data

modified

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_03lf0y10.szl.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vi3104ba.aj5.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Roaming\Microsoft\Installer\{7A90929D-3D90-469D-B804-2FF52DD02E47}\icon_22.exe

MS Windows icon resource - 7 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\BCUninstaller.exe

PE32+ executable (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\ImporterREDServer.exe

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\UnRar.exe

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-console-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-console-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-datetime-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-debug-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-errorhandling-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-file-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-file-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-file-l2-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-handle-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-heap-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-interlocked-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-libraryloader-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-localization-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-memory-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-namedpipe-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-processenvironment-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-processthreads-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-processthreads-l1-1-1.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-profile-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-rtlsupport-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-string-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-synch-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-synch-l1-2-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-sysinfo-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-timezone-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-util-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-crt-conio-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-crt-convert-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-crt-environment-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-crt-filesystem-l1-1-0.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_date_time.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_filesystem.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_program_options.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_regex.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_system.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_threads.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\createdump.exe

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\dvacore.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\dvaunittesting.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\ghiuoqfj.rar

RAR archive data, v5

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\msvcp140.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\suriqk.bat

DOS batch file, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\classes.jsa

data

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\classes_nocoops.jsa

data

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\java.datatransfer.jmod

Java jmod module version 1.0

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\java.desktop.jmod

Java jmod module version 1.0

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\java.instrument.jmod

Java jmod module version 1.0

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\java.logging.jmod

Java jmod module version 1.0

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\java.management.jmod

Java jmod module version 1.0

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\utest.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\vcruntime140.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\vcruntime140_1.dll

PE32+ executable (DLL) (console) x86-64, for MS Windows

dropped

C:\Windows\Installer\518572.msi

dropped

C:\Windows\Installer\518575.msi

dropped

C:\Windows\Installer\MSI8D9F.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI8E0E.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI8E4D.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI8E8D.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI8EDC.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI8F0C.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI8F4B.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSIABDD.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSIB7B5.tmp

data

dropped

C:\Windows\Installer\MSIB7C6.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\SourceHash{7A90929D-3D90-469D-B804-2FF52DD02E47}

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Installer\inprogressinstallinfo.ipi

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

dropped

C:\Windows\Temp\~DF27DD58078178F818.TMP

data

dropped

C:\Windows\Temp\~DF2B5BD134BC1726B0.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DF3A0BCDFB624EF5CF.TMP

data

dropped

C:\Windows\Temp\~DF4227810B5775D01B.TMP

data

dropped

C:\Windows\Temp\~DF53012A6A44E5D2D3.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DF5B4CC7E6CB9BEE9A.TMP

data

dropped

C:\Windows\Temp\~DF63D771F9E9FC2697.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DFB03C3957A770F5A3.TMP

data

dropped

C:\Windows\Temp\~DFC8BBCD8D03C5EE05.TMP

data

dropped

C:\Windows\Temp\~DFCE54E98D247B273F.TMP

data

dropped

C:\Windows\Temp\~DFD84883C4F2CAE998.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DFEE9D7868015FD737.TMP

Composite Document File V2 Document, Cannot read section info

dropped

\Device\ConDrv

ASCII text, with CRLF line terminators

dropped

There are 82 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\installer.msi"

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8DC69D35C541E3685C8EA051F14BAC5D

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssB87B.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiB869.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrB86A.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrB86B.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\ImporterREDServer.exe""

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\createdump.exe

"C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\createdump.exe"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\ImporterREDServer.exe

"C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\ImporterREDServer.exe"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

There are 1 hidden processes, click here to show them.

URLs

Name

Malicious

https://successroadway.com/updater.php

104.21.6.3

http://nuget.org/NuGet.exe

unknown

https://github.com/google/googletest/

unknown

https://successroadway.com/updater.phpx

unknown

http://crl.microK

unknown

http://pesterbdd.com/images/Pester.png

unknown

https://aka.ms/pscore6lB

unknown

http://crl.microsoft

unknown

http://www.apache.org/licenses/LICENSE-2.0.html

unknown

https://go.micro

unknown

https://contoso.com/

unknown

https://java.oracle.com/

unknown

https://nuget.org/nuget.exe

unknown

https://contoso.com/License

unknown

https://contoso.com/Icon

unknown

http://schemas.mick

unknown

http://xml.org/sax/features/external-general-entitieshttp://xml.org/sax/features/external-parameter-

unknown

https://aka.ms/winui2/webview2download/Reload():

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://github.com/Pester/Pester

unknown

There are 10 hidden URLs, click here to show them.

Domains

Name

Malicious

successroadway.com

104.21.6.3

Details

Name:	successroadway.com
IP:	104.21.6.3
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sigma detected: Msiexec Initiated Connection	System Summary
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.21.6.3

successroadway.com

United States

Details

IP:	104.21.6.3
TargetID:	3
Current Path:	C:\Windows\SysWOW64\msiexec.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	successroadway.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sigma detected: Msiexec Initiated Connection	System Summary
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Config.Msi\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts

C:\Config.Msi\518574.rbs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts

C:\Config.Msi\518574.rbsLow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Microsoft\Installer\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E443C93FE38A0674D88A2F672090B5F4

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\187E38CB2ED78A74793CE2C69CCBDA28

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E7EE285D6BCFBB0488FD8D57166FADAC

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\51125544FAB230246BBFE149506FE373

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\065A82ED1E5E5304C83A443964682A94

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\89B93D30BB7E2604DB2903D746A2C51F

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\3E23C972A00A3154A9B83D89A4146ABF

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\574D5B86D91DF25448D9F526CAAE9C9D

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\14BA7B05AF5C8754DA7B962E06A867B6

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9B5AF4DE1AB2060489B6AE7B3EA194D6

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\49982E48A3B4BC04FA606F6079F49621

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C66308C74B87A2543A43E47D5062F642

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\23FCC08CDC982854E8B3DC110D4BA6F0

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\4E53B16B1EB817146BB92E24C39E71F9

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EE69BDDFD74852B4581B566E26FC368A

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\DE8D80696CE804542B23A42863608F26

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D8E6B71400CBD04BBD221D5C7C12CE1

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9737E2B1877BA2647A4AC547869EDF03

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\65624D8381D30F249B874F58E818676E

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\1D6B9F26743114741949E7CBD0850B50

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\876E9D03A3628184781AD86C940640F7

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\281AF9D8612EF2E47BDAFD353EBB66DB

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\D63B3F7EA8654C24FB42180178BBBF34

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C04D16F8CDF5F4543AC9A3616BA42840

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\74BFD8668DF9CDF4DAE798C67C0F5E07

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E84195AD854B9A744A14CCC0101E24CE

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\1DD769335A51CEF409558BD4F1FD0D16

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\A90F39F166BA2EA44BC33F5B99568A56

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\448F614546145E44A8D80DE268772838

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\05FD0BAA4CB2CD9439DCE5CDE594202A

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\314863730BAF8734C8564E85B3A047C8

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EA86D228823216D438705787F640D3A5

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6B5745FE5D94C414FA11D00F7E2AB400

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6B581FFC20289EB4099D141CDE7359BB

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\99506DC9F6A09D640842631E2BC2AC70

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\210EE68B5FD50E34281311DD8E8CA8CE

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\BF72C907D7DD14443B547200FB74B315

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E7F5D6A9A9F5C584282653FB24AE4CCB

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\B218C6F033F3D9F4E9F7F1687CFC5E4E

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\ECEF6DC4638DFEF4686CB4AA8C90A457

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\799575847269DFB4B90DB80E9AE3F513

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9AB49572650F2254CB98AFD3B7DA9B2E

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\1DA51AE393E3A2E44AD642274DF874C9

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EE9277BB1523DD045952C0B8CCCF2CF8

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\27B23E0DE8354FA4984FE3E6EA64A0DA

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E053C72B9492790418B6BC8963A132B1

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\418D33948A06A3141BB101F3E34641AE

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\30E3084F57A08354080B6375A86D0459

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\57D46BCA90CDE574793A997F4D70B5FE

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\BE3F70CAE98AB094E896B57BD601796E

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E571FA2CC5C29C246B485717ABC8D733

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6518C1A5576E11E4FBC0C0E45F2E3C59

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Weqos Apps Industries\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Users\user\AppData\Roaming\Microsoft\Installer\{7A90929D-3D90-469D-B804-2FF52DD02E47}\

HKEY_CURRENT_USER\SOFTWARE\Weqos Apps Industries\Cave App

Version

HKEY_CURRENT_USER\SOFTWARE\Weqos Apps Industries\Cave App

Path

HKEY_CURRENT_USER\SOFTWARE\Weqos Apps Industries\Cave App

TruaiLicQuota

HKEY_CURRENT_USER\SOFTWARE\Weqos Apps Industries\Cave App\Durox

Ver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

LocalPackage

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

AuthorizedCDFPrefix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

Comments

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

Contact

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

DisplayVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

HelpLink

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

HelpTelephone

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

InstallDate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

InstallLocation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

InstallSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

ModifyPath

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

NoModify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

NoRepair

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

Publisher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

Readme

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

Size

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

EstimatedSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

UninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

URLInfoAbout

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

URLUpdateInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

VersionMajor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

VersionMinor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

WindowsInstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

Language

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

AuthorizedCDFPrefix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

Comments

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

Contact

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

DisplayVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

HelpLink

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

HelpTelephone

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

InstallDate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

InstallLocation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

InstallSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

ModifyPath

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

NoModify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

NoRepair

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

Publisher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

Readme

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

Size

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

EstimatedSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

UninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

URLInfoAbout

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

URLUpdateInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

VersionMajor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

VersionMinor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

WindowsInstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

Language

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1FC90CF4CE0ACAD4584F37E5506E61F2

D92909A709D3D9648B40F25FD20DE274

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\InstallProperties

DisplayName

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A90929D-3D90-469D-B804-2FF52DD02E47}

DisplayName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\D92909A709D3D9648B40F25FD20DE274

MainFeature

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\Features

MainFeature

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\D92909A709D3D9648B40F25FD20DE274\Patches

AllPatches

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

ProductName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

PackageCode

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

Language

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

Version

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

Assignment

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

AdvertiseFlags

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

ProductIcon

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

InstanceType

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

AuthorizedLUAApp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

DeploymentFlags

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\1FC90CF4CE0ACAD4584F37E5506E61F2

D92909A709D3D9648B40F25FD20DE274

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274\SourceList

PackageName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274\SourceList\Net

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274\SourceList\Media

DiskPrompt

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274\SourceList\Media

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274

Clients

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\D92909A709D3D9648B40F25FD20DE274\SourceList

LastUsedSource

There are 129 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

3540000

trusted library allocation

page read and write

7FF8F85B6000

unkown

page readonly

7A61000

heap

page read and write

1B0000

heap

page read and write

737E000

stack

page read and write

7BC7000

trusted library allocation

page read and write

1C9F57D000

stack

page read and write

7E00000

trusted library allocation

page read and write

46C000

heap

page read and write

3554000

trusted library allocation

page read and write

7FF680278000

unkown

page readonly

1C9F6FF000

stack

page read and write

460000

heap

page read and write

7980000

heap

page read and write

7DB0000

trusted library allocation

page read and write

7DC0000

trusted library allocation

page read and write

327D000

heap

page read and write

2F88000

stack

page read and write

35B0000

trusted library allocation

page read and write

7A01000

heap

page read and write

180428000

unkown

page read and write

7BC0000

trusted library allocation

page read and write

575B000

trusted library allocation

page read and write

79FA000

heap

page read and write

7960000

trusted library allocation

page read and write

180426000

unkown

page write copy

7A0B000

heap

page read and write

88CF000

stack

page read and write

3600000

heap

page readonly

8840000

trusted library allocation

page read and write

7967000

trusted library allocation

page read and write

2F4C000

stack

page read and write

7E20000

trusted library allocation

page execute and read and write

7FF8F85B5000

unkown

page read and write

3210000

heap

page read and write

7FF680270000

unkown

page readonly

3590000

trusted library allocation

page read and write

5235000

heap

page execute and read and write

513F000

stack

page read and write

7FF8FF5B0000

unkown

page readonly

7740000

heap

page read and write

7A72000

heap

page read and write

469000

heap

page read and write

787E000

stack

page read and write

3580000

heap

page read and write

748D000

stack

page read and write

7D30000

trusted library allocation

page read and write

51DE000

stack

page read and write

7FF68027D000

unkown

page readonly

7D60000

trusted library allocation

page read and write

7A53000

heap

page read and write

32C6000

heap

page read and write

527E000

stack

page read and write

3560000

trusted library allocation

page read and write

34DE000

stack

page read and write

140001000

unkown

page execute read

7D70000

trusted library allocation

page read and write

7E10000

trusted library allocation

page read and write

6301000

trusted library allocation

page read and write

14001A000

unkown

page read and write

14C000

stack

page read and write

73BE000

stack

page read and write

79A0000

heap

page read and write

733E000

stack

page read and write

3550000

trusted library allocation

page read and write

7FF680270000

unkown

page readonly

7C6E000

stack

page read and write

180000000

unkown

page readonly

88E0000

trusted library allocation

page execute and read and write

5230000

heap

page execute and read and write

56E8000

trusted library allocation

page read and write

73FF000

stack

page read and write

535B000

trusted library allocation

page read and write

7FF8FF5B1000

unkown

page execute read

7D40000

trusted library allocation

page execute and read and write

7FF8F85E7000

unkown

page readonly

3569000

trusted library allocation

page read and write

78FE000

stack

page read and write

7FF8F85E4000

unkown

page write copy

7FF8FF5C2000

unkown

page readonly

7A12000

heap

page read and write

82F000

stack

page read and write

1F4C62E0000

heap

page read and write

6329000

trusted library allocation

page read and write

7A18000

heap

page read and write

5301000

trusted library allocation

page read and write

7FF8FF5C1000

unkown

page read and write

8830000

trusted library allocation

page read and write

7DA0000

trusted library allocation

page read and write

75CA000

stack

page read and write

7FF8F8561000

unkown

page execute read

3595000

trusted library allocation

page execute and read and write

14001B000

unkown

page readonly

140014000

unkown

page readonly

8920000

trusted library allocation

page read and write

180479000

unkown

page readonly

5200000

heap

page execute and read and write

1802BD000

unkown

page readonly

7FF8FF5C6000

unkown

page read and write

331F000

heap

page read and write

140013000

unkown

page read and write

180001000

unkown

page execute read

7D90000

trusted library allocation

page read and write

2FE0000

heap

page read and write

7FF68027C000

unkown

page write copy

7FF8F8560000

unkown

page readonly

768D000

stack

page read and write

7A07000

heap

page read and write

140000000

unkown

page readonly

758D000

stack

page read and write

7BD0000

trusted library allocation

page read and write

6365000

trusted library allocation

page read and write

74CB000

stack

page read and write

7A21000

heap

page read and write

7A58000

heap

page read and write

7C15000

trusted library allocation

page read and write

519C000

stack

page read and write

7FF680278000

unkown

page readonly

7A65000

heap

page read and write

76CB000

stack

page read and write

7CAE000

stack

page read and write

52F0000

heap

page read and write

754E000

stack

page read and write

7FF68027C000

unkown

page read and write

14001B000

unkown

page readonly

7C29000

trusted library allocation

page read and write

180429000

unkown

page write copy

7FF8FF5C7000

unkown

page readonly

6309000

trusted library allocation

page read and write

7FF8F85E3000

unkown

page read and write

3610000

heap

page read and write

7A50000

heap

page read and write

760D000

stack

page read and write

750E000

stack

page read and write

1F4C64B0000

heap

page read and write

51E0000

trusted library allocation

page execute and read and write

7CEE000

stack

page read and write

79D6000

heap

page read and write

7D2D000

stack

page read and write

7C20000

trusted library allocation

page read and write

355D000

trusted library allocation

page execute and read and write

8940000

trusted library allocation

page read and write

79E0000

heap

page read and write

190000

heap

page read and write

52BE000

stack

page read and write

79AA000

heap

page read and write

140001000

unkown

page execute read

3619000

heap

page read and write

764B000

stack

page read and write

79E6000

heap

page read and write

1802BB000

unkown

page read and write

14001A000

unkown

page write copy

888D000

stack

page read and write

7D50000

trusted library allocation

page read and write

5456000

trusted library allocation

page read and write

72F000

stack

page read and write

35FE000

stack

page read and write

7DD0000

trusted library allocation

page read and write

345E000

stack

page read and write

7FF680271000

unkown

page execute read

7950000

heap

page execute and read and write

1F4C63C0000

heap

page read and write

89A0000

heap

page read and write

7A47000

heap

page read and write

7A28000

heap

page read and write

140000000

unkown

page readonly

7AC1000

heap

page read and write

351E000

stack

page read and write

5657000

trusted library allocation

page read and write

3553000

trusted library allocation

page execute and read and write

1F4C64BB000

heap

page read and write

8800000

heap

page read and write

88D0000

heap

page read and write

7D80000

trusted library allocation

page read and write

3289000

heap

page read and write

78BF000

stack

page read and write

3592000

trusted library allocation

page read and write

1F4C63E0000

heap

page read and write

7DE0000

trusted library allocation

page read and write

5148000

trusted library allocation

page read and write

7FF680271000

unkown

page execute read

2F8D000

stack

page read and write

7DF0000

trusted library allocation

page read and write

349E000

stack

page read and write

1C9F87F000

stack

page read and write

7BB0000

trusted library allocation

page read and write

1F4C6770000

heap

page read and write

3220000

heap

page read and write

3250000

heap

page read and write

51F0000

trusted library allocation

page read and write

140013000

unkown

page readonly

5140000

trusted library allocation

page read and write

7FF68027D000

unkown

page readonly

7A3F000

heap

page read and write

7A43000

heap

page read and write

793E000

stack

page read and write

There are 186 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
installer.msi

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportinstaller.msi

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
installer.msi