Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

VLSiVR4Qxs.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\ProgramData\HCAEHDHDAK.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_HCAEHDHDAK.exe_9dabc8e1ebc265b690426eea4de85ddba630cd_4b2dd832_3beb4500-91a4-4e13-a57c-de2c593e1f0d\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_VLSiVR4Qxs.exe_17fe6ad41d7e3651714d7e73af47f4fb88f3f2_d45969d3_43068dcb-f9e7-4a02-91b8-9a16f65cc357\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\freebl3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\mozglue.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\nss3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\softokn3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sql[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\a43486128347[1].exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\HJECAAKKFHCF\AAFBAK

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\ProgramData\HJECAAKKFHCF\BFIJEH

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\HJECAAKKFHCF\CBFCFB

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\HJECAAKKFHCF\DBKKFC

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\ProgramData\HJECAAKKFHCF\GDGHJE

ASCII text, with very long lines (1743), with CRLF line terminators

dropped

C:\ProgramData\HJECAAKKFHCF\HIIIEG

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8

dropped

C:\ProgramData\HJECAAKKFHCF\IDHDGD

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\HJECAAKKFHCF\IDHIDB

SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\HJECAAKKFHCF\IDHIDB-shm

data

dropped

C:\ProgramData\HJECAAKKFHCF\JJDBAE

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\HJECAAKKFHCF\KECGHI

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\HJECAAKKFHCF\KEGCFC

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\HJECAAKKFHCF\KEGCFC-shm

data

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSBuild.exe_43832d93ddcf66f1edc5babbb1e353ebb92236_05bdfb8c_5a143afc-af36-4a87-aa6b-3db9b7c22196\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER544B.tmp.dmp

Mini DuMP crash report, 14 streams, Mon Oct 7 16:01:00 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER549A.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER54D9.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6032.tmp.dmp

Mini DuMP crash report, 15 streams, Mon Oct 7 16:01:03 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER616B.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER618B.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER98AC.tmp.dmp

Mini DuMP crash report, 14 streams, Mon Oct 7 16:00:12 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER991A.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER994A.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\msvcp140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\ProgramData\vcruntime140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\delays.tmp

ISO-8859 text, with very long lines (65536), with no line terminators

dropped

C:\Windows\appcompat\Programs\Amcache.hve

MS Windows registry file, NT/2000 or above

dropped

There are 33 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\VLSiVR4Qxs.exe

"C:\Users\user\Desktop\VLSiVR4Qxs.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\ProgramData\HCAEHDHDAK.exe

"C:\ProgramData\HCAEHDHDAK.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 268

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 276

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 1604

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\HJECAAKKFHCF" & exit

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

There are 3 hidden processes, click here to show them.

URLs

Name

Malicious

frizzettei.sbs

http://lade.petperfectcare.com/mozglue.dll

95.164.90.97

laddyirekyi.sbs

isoplethui.sbs

http://lade.petperfectcare.com/nss3.dll

95.164.90.97

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

unknown

invinjurhey.sbs

http://cowod.hopto.org/

45.132.206.251

https://exemplarou.sbs/api

188.114.97.3

exilepolsiy.sbs

http://lade.petperfectcare.com/sql.dll

95.164.90.97

http://lade.petperfectcare.com/

95.164.90.97

http://lade.petperfectcare.com/msvcp140.dll

95.164.90.97

http://lade.petperfectcare.com/freebl3.dll

95.164.90.97

http://lade.petperfectcare.com/softokn3.dll

95.164.90.97

bemuzzeki.sbs

http://lade.petperfectcare.com:80nfwqnfwovfdkhttps://steamcommunity.com/profiles/76561199780418869u5

unknown

exemplarou.sbs

http://lade.petperfectcare.com/vcruntime140.dll

95.164.90.97

wickedneatr.sbs

https://t.me/ae5edu55uhttps://steamcommunity.com/profiles/76561199780418869sql.dllsqlp.dllMozilla/5.

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://exemplarou.sbs/

unknown

http://lade.petperfectcare.com/freebl3.dll~t

unknown

https://duckduckgo.com/ac/?q=

unknown

http://cowod.BKFHIDGCFBFC

unknown

http://cowod.hopto.GCFBFC

unknown

http://cowod.hopto.org

unknown

https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi

unknown

https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.

unknown

http://lade.petperfectcare.com:80t-Disposition:

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://cowod.hopto.orgHJE

unknown

https://exemplarou.sbs/(

unknown

http://lade.petperfectcare.com:80/sql.dll

unknown

http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe1kkkk

unknown

http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe

147.45.44.104

http://cowod.hopto.org_DEBUG.zip/c

unknown

http://cowod.hopto.org/TZ

unknown

http://cowod.hopto.

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://cowod.hopto

unknown

http://lade.petperfectcare.com:80

unknown

http://lade.petperfectcare.com/K

unknown

http://www.sqlite.org/copyright.html.

unknown

http://lade.petperfectcare.com/#

unknown

http://www.mozilla.com/en-US/blocklist/

unknown

https://mozilla.org0/

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe3

unknown

http://lade.petperfectcare.com/softokn3.dll=

unknown

https://exemplarou.sbs/7y

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://upx.sf.net

unknown

http://cowod.hoptoDGCFBFC

unknown

https://www.ecosia.org/newtab/

unknown

http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exeC

unknown

https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta

unknown

https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br

unknown

https://exemplarou.sbs:443/api

unknown

https://www.cloudflare.com/5xx-error-landing

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg

unknown

https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg

unknown

https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL

unknown

https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref

unknown

http://cowod.hopto.orgbbb071b03nt-Disposition:

unknown

https://exemplarou.sbs/B

unknown

https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477

unknown

https://support.mozilla.org

unknown

http://cowod.hopto.orgare.com:80

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

There are 63 hidden URLs, click here to show them.

Domains

Name

Malicious

cowod.hopto.org

45.132.206.251

Details

Name:	cowod.hopto.org
IP:	45.132.206.251
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
HTTP GET or POST without a user agent	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

lade.petperfectcare.com

95.164.90.97

Details

Name:	lade.petperfectcare.com
IP:	95.164.90.97
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sigma detected: Silenttrinity Stager Msbuild Activity	System Summary
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

exemplarou.sbs

188.114.97.3

Details

Name:	exemplarou.sbs
IP:	188.114.97.3
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Sample uses string decryption to hide its real strings	AV Detection
Uses a known web browser user agent for HTTP communication	Networking	Application Layer Protocol
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

s-part-0036.t-0009.t-msedge.net

13.107.246.64

nsdm.cumpar-auto-orice-tip.ro

147.45.44.104

Details

Name:	nsdm.cumpar-auto-orice-tip.ro
IP:	147.45.44.104
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Suricata IDS alerts with low severity for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

fp2e7a.wpc.phicdn.net

192.229.221.95

IPs

Domain

Country

Malicious

188.114.97.3

exemplarou.sbs

European Union

Details

IP:	188.114.97.3
TargetID:	12
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	exemplarou.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

95.164.90.97

lade.petperfectcare.com

Gibraltar

Details

IP:	95.164.90.97
TargetID:	1
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	Gibraltar
Countrycode:	GIB
ASN number:	39762
ASN name:	VAKPoltavaUkraineUA
Private:	false
Domain:	lade.petperfectcare.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sigma detected: Silenttrinity Stager Msbuild Activity	System Summary

45.132.206.251

cowod.hopto.org

Russian Federation

Details

IP:	45.132.206.251
TargetID:	1
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	59731
ASN name:	LIFELINK-ASRU
Private:	false
Domain:	cowod.hopto.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking

147.45.44.104

nsdm.cumpar-auto-orice-tip.ro

Russian Federation

Details

IP:	147.45.44.104
TargetID:	1
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	2895
ASN name:	FREE-NET-ASFREEnetEU
Private:	false
Domain:	nsdm.cumpar-auto-orice-tip.ro

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached

{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214EF-0000-0000-C000-000000000046} 0xFFFF

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

ProgramId

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

FileId

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

LowerCaseLongPath

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

LongPathHash

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

Name

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

OriginalFileName

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

Publisher

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

Version

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

BinFileVersion

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

BinaryType

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

ProductName

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

ProductVersion

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

LinkDate

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

BinProductVersion

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

AppxPackageFullName

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

AppxPackageRelativeId

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

Size

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

Language

\REGISTRY\A\{2f856bee-c50c-ae05-a4f1-015535773c24}\Root\InventoryApplicationFile\vlsivr4qxs.exe|cc8f1804ab05c10a

Usn

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

ProgramId

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

FileId

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

LowerCaseLongPath

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

LongPathHash

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

Name

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

OriginalFileName

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

Publisher

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

Version

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

BinFileVersion

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

BinaryType

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

ProductName

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

ProductVersion

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

LinkDate

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

BinProductVersion

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

AppxPackageFullName

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

AppxPackageRelativeId

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

Size

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

Language

\REGISTRY\A\{84f87163-391d-32e4-6ee5-9b10b52e45bc}\Root\InventoryApplicationFile\hcaehdhdak.exe|52b939336ff08e27

Usn

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property

00188010B132DD0F

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceTicket

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

ApplicationFlags