Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

f1r6P3j3g7.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\ProgramData\KEGIDHJKKJ.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_KEGIDHJKKJ.exe_5d48e568e7ddaed7c715c34ba7d8a94937a0f9_bcd0fe0f_18242657-267c-46a5-87ff-84750f054ab7\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_f1r6P3j3g7.exe_b95f3ae3b15bcd5a4383aa615a5f42f59835b9_234f6c94_fda499e8-cf30-46d3-9443-7513842412cb\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\freebl3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\mozglue.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\nss3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\softokn3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\a43486128347[1].exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sql[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\BGIJDGCAEBFI\AFIDGD

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\BGIJDGCAEBFI\BGIJDG

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\BGIJDGCAEBFI\BGIJDG-shm

data

dropped

C:\ProgramData\BGIJDGCAEBFI\DAKEBA

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\BGIJDGCAEBFI\EBFBKF

SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\BGIJDGCAEBFI\ECGIII

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\BGIJDGCAEBFI\EHCGIJ

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\BGIJDGCAEBFI\GIIEGH

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4

dropped

C:\ProgramData\BGIJDGCAEBFI\HJEHIJ

SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\BGIJDGCAEBFI\HJEHIJ-shm

data

dropped

C:\ProgramData\BGIJDGCAEBFI\JKECFC

ASCII text, with very long lines (1809), with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSBuild.exe_43832d93ddcf66f1edc5babbb1e353ebb92236_05bdfb8c_cc67cea2-f6cd-451e-b7c7-aa0c52bc58ac\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER16A2.tmp.dmp

Mini DuMP crash report, 15 streams, Mon Oct 7 16:43:49 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1859.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1889.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5074.tmp.dmp

Mini DuMP crash report, 14 streams, Mon Oct 7 16:42:58 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER50C3.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER50F3.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC71.tmp.dmp

Mini DuMP crash report, 14 streams, Mon Oct 7 16:43:46 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA1.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD1.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\msvcp140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\ProgramData\vcruntime140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\delays.tmp

ASCII text, with very long lines (65536), with no line terminators

dropped

C:\Windows\appcompat\Programs\Amcache.hve

MS Windows registry file, NT/2000 or above

dropped

There are 31 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\f1r6P3j3g7.exe

"C:\Users\user\Desktop\f1r6P3j3g7.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\ProgramData\KEGIDHJKKJ.exe

"C:\ProgramData\KEGIDHJKKJ.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 288

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 268

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BGIJDGCAEBFI" & exit

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 840

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

There are 2 hidden processes, click here to show them.

URLs

Name

Malicious

frizzettei.sbs

http://lade.petperfectcare.com/mozglue.dll

95.164.90.97

laddyirekyi.sbs

isoplethui.sbs

http://lade.petperfectcare.com/nss3.dll

95.164.90.97

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

unknown

invinjurhey.sbs

http://cowod.hopto.org/

45.132.206.251

exilepolsiy.sbs

https://wickedneatr.sbs/api

188.114.96.3

http://lade.petperfectcare.com/sql.dll

95.164.90.97

http://lade.petperfectcare.com/

95.164.90.97

http://lade.petperfectcare.com/msvcp140.dll

95.164.90.97

http://lade.petperfectcare.com/freebl3.dll

95.164.90.97

http://lade.petperfectcare.com/softokn3.dll

95.164.90.97

bemuzzeki.sbs

http://lade.petperfectcare.com:80nfwqnfwovfdkhttps://steamcommunity.com/profiles/76561199780418869u5

unknown

exemplarou.sbs

http://lade.petperfectcare.com/vcruntime140.dll

95.164.90.97

wickedneatr.sbs

https://t.me/ae5edu55uhttps://steamcommunity.com/profiles/76561199780418869sql.dllsqlp.dllMozilla/5.

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF

unknown

https://duckduckgo.com/ac/?q=

unknown

http://lade.petperfectcare.com/nss3.dllZ_

unknown

http://lade.petperfectcare.com/msvcp140.dll2

unknown

https://wickedneatr.sbs/pi

unknown

http://cowod.hopto.org

unknown

https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.

unknown

http://lade.petperfectcare.com:80t-Disposition:

unknown

http://lade.petperfectcare.com/mozglue.dllC

unknown

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17

unknown

http://lade.petperfectcare.com:80/sql.dll

unknown

https://frizzettei.sbs/apiwDVP

unknown

http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe1kkkk

unknown

http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe

147.45.44.104

http://lade.petperfectcare.com/softokn3.dllb

unknown

http://cowod.hopto.org_DEBUG.zip/c

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe

unknown

https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi

unknown

http://cowod.hopto.

unknown

https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://cowod.hopto

unknown

https://frizzettei.sbs/api

unknown

http://cowod.EBFIIECAKFHI

unknown

http://cowod.hopto.org/S

unknown

http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe-

unknown

http://lade.petperfectcare.com:80

unknown

https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94

unknown

http://www.sqlite.org/copyright.html.

unknown

http://cowod.hoptoECAKFHI

unknown

http://www.mozilla.com/en-US/blocklist/

unknown

https://mozilla.org0/

unknown

https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

http://nsdm.cumpar-auto-orice-tip.ro/ldms/a43486128347.exe=

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta

unknown

http://upx.sf.net

unknown

http://cowod.hopto.orgCFH

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe

unknown

http://lade.petperfectcare.com/freebl3.dllg

unknown

https://www.ecosia.org/newtab/

unknown

https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br

unknown

http://lade.petperfectcare.com/softokn3.dllO

unknown

https://wickedneatr.sbs/cDWE

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://wickedneatr.sbs:443/api

unknown

https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg

unknown

http://cowod.hopto.CAKFHI

unknown

http://cowod.hopto.orga535a6c5ent-Disposition:

unknown

https://support.mozilla.org

unknown

http://cowod.hopto.orgare.com:80

unknown

https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

There are 69 hidden URLs, click here to show them.

Domains

Name

Malicious

wickedneatr.sbs

188.114.96.3

cowod.hopto.org

45.132.206.251

lade.petperfectcare.com

95.164.90.97

frizzettei.sbs

unknown

laddyirekyi.sbs

unknown

bemuzzeki.sbs

unknown

invinjurhey.sbs

unknown

isoplethui.sbs

unknown

exilepolsiy.sbs

unknown

exemplarou.sbs

unknown

bg.microsoft.map.fastly.net

199.232.214.172

nsdm.cumpar-auto-orice-tip.ro

147.45.44.104

s-part-0017.t-0009.t-msedge.net

13.107.246.45

fp2e7a.wpc.phicdn.net

192.229.221.95

198.187.3.20.in-addr.arpa

unknown

There are 5 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

188.114.96.3

wickedneatr.sbs

European Union

Details

IP:	188.114.96.3
TargetID:	11
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	wickedneatr.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

95.164.90.97

lade.petperfectcare.com

Gibraltar

Details

IP:	95.164.90.97
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	Gibraltar
Countrycode:	GIB
ASN number:	39762
ASN name:	VAKPoltavaUkraineUA
Private:	false
Domain:	lade.petperfectcare.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sigma detected: Silenttrinity Stager Msbuild Activity	System Summary

45.132.206.251

cowod.hopto.org

Russian Federation

Details

IP:	45.132.206.251
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	59731
ASN name:	LIFELINK-ASRU
Private:	false
Domain:	cowod.hopto.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking

147.45.44.104

nsdm.cumpar-auto-orice-tip.ro

Russian Federation

Details

IP:	147.45.44.104
TargetID:	3
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	2895
ASN name:	FREE-NET-ASFREEnetEU
Private:	false
Domain:	nsdm.cumpar-auto-orice-tip.ro

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts with low severity for network traffic	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached

{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214EF-0000-0000-C000-000000000046} 0xFFFF

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

ProgramId

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

FileId

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

LowerCaseLongPath

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

LongPathHash

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

Name

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

OriginalFileName

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

Publisher

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

Version

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

BinFileVersion

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

BinaryType

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

ProductName

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

ProductVersion

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

LinkDate

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

BinProductVersion

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

AppxPackageFullName

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

AppxPackageRelativeId

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

Size

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

Language

\REGISTRY\A\{e57f2d1e-ffd8-9976-d6a9-e81ab57ad40c}\Root\InventoryApplicationFile\f1r6p3j3g7.exe|7456cea247a6cc77

Usn

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

ClockTimeSeconds

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

TickCount

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

ProgramId

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

FileId

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

LowerCaseLongPath

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

LongPathHash

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

Name

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

OriginalFileName

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

Publisher

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

Version

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

BinFileVersion

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

BinaryType

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

ProductName

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

ProductVersion

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

LinkDate

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

BinProductVersion

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

AppxPackageFullName

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

AppxPackageRelativeId

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

Size

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

Language

\REGISTRY\A\{2cb6c6bd-873c-ea83-406b-fa9ceb6a6f31}\Root\InventoryApplicationFile\kegidhjkkj.exe|49dc5f0369991e24

Usn

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property

00180011DFCF3602

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceTicket

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceId