Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\810b84e2bfa3a9\clip64.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\810b84e2bfa3a9\cred64.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_39f3a123948b719cd48bc05f69c9c7e93d7c7f_8822d4be_d53aac1b-d670-4f53-8b5d-dc608a0cfa70\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

modified

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_b991b748e47c6ccd77bb3bd4e167d41cff9d8_8822d4be_000ccc68-8ab1-47df-82ab-de2c5ecc3085\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_b991b748e47c6ccd77bb3bd4e167d41cff9d8_8822d4be_62a77d67-a71f-499d-9bc7-dfc3a2867dad\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_b991b748e47c6ccd77bb3bd4e167d41cff9d8_8822d4be_69af27f2-09ec-4205-ae27-a77790f57821\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_b991b748e47c6ccd77bb3bd4e167d41cff9d8_8822d4be_b9e459ab-998a-4866-9118-a7c61bfcfc8f\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_b991b748e47c6ccd77bb3bd4e167d41cff9d8_8822d4be_d3ade3dd-96d9-403f-a43e-9b457dd643d2\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Dctooux.exe_c54a861aa4c43cc515c4d65c89eab2e3bda7e7c7_8822d4be_32bce897-3518-4173-a501-b02b6e4c7368\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_e07fb967fe61390ff947874da9a18efae6cac7_8e61c4a5_95ca67f7-278d-440f-920c-862f52c2b333\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_f9165ae4ce682ce742d9caa30eddae375d89b91_8e61c4a5_199673d7-74d3-4533-ae8f-04d3f7d3cc65\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_f9165ae4ce682ce742d9caa30eddae375d89b91_8e61c4a5_652d3494-efe4-42e5-8b2f-ae9a4db2871c\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_f9165ae4ce682ce742d9caa30eddae375d89b91_8e61c4a5_854c808a-1f05-4c2a-8a6e-5c6d8200110d\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_f9165ae4ce682ce742d9caa30eddae375d89b91_8e61c4a5_a6cd726f-4d10-4b50-9683-8da9a6534adb\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_f9165ae4ce682ce742d9caa30eddae375d89b91_8e61c4a5_ba055e64-c1e7-49ca-9e7b-ec7e222810fb\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_f9165ae4ce682ce742d9caa30eddae375d89b91_8e61c4a5_c297ef79-e956-4929-b83d-9b3ee50a813b\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_f9165ae4ce682ce742d9caa30eddae375d89b91_8e61c4a5_c81e3499-a83c-4c0b-b580-9cc3628f61a5\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_f9165ae4ce682ce742d9caa30eddae375d89b91_8e61c4a5_d3da3414-c481-4c60-9be2-99f3b61e54b4\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_c92ec1cea5a09af2_f9165ae4ce682ce742d9caa30eddae375d89b91_8e61c4a5_e3631421-2015-4ba5-8b5b-3d6550037d40\Report.wer

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3CB3.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 18 04:51:54 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D6F.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D90.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F82.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 18 04:51:55 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4000.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4020.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER41B4.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 18 04:51:55 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4290.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER42B0.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4444.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 18 04:51:56 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER44D2.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4502.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER46A6.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 18 04:51:57 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4714.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4744.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER49A3.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 18 04:51:57 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B2B.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B5B.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DE9.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 18 04:51:59 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E96.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4EB6.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F4C.tmp.dmp

Mini DuMP crash report, 14 streams, Thu Apr 18 04:53:04 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FD9.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5009.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER506A.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 18 04:51:59 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER50D8.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER50F8.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5259.tmp.dmp

Mini DuMP crash report, 14 streams, Thu Apr 18 04:53:05 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5325.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5338.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 18 04:52:00 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5374.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5414.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5434.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5641.tmp.dmp

Mini DuMP crash report, 14 streams, Thu Apr 18 04:53:06 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER56CF.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER572D.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER57DC.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 18 04:52:01 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER58C7.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER58F7.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER597D.tmp.dmp

Mini DuMP crash report, 14 streams, Thu Apr 18 04:53:07 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A0B.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A4A.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D84.tmp.dmp

Mini DuMP crash report, 14 streams, Thu Apr 18 04:53:08 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E22.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E51.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FBC.tmp.dmp

Mini DuMP crash report, 14 streams, Thu Apr 18 04:52:03 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER600B.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER602B.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6082.tmp.dmp

Mini DuMP crash report, 14 streams, Thu Apr 18 04:53:09 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER611F.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER614F.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\246122658369

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3

dropped

C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe:Zone.Identifier

ASCII text, with CRLF line terminators

modified

C:\Windows\Tasks\Dctooux.job

data

dropped

C:\Windows\appcompat\Programs\Amcache.hve

MS Windows registry file, NT/2000 or above

dropped

There are 68 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe

"C:\Users\user\Desktop\c92ec1cea5a09af2f334a2e0d127f41827855c21c5e72.exe"

C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe

"C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe"

C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 732

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 780

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 848

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 908

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 908

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 1020

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 1080

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 1076

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 788

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 472

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 536

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 556

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 576

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 824

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 832

There are 10 hidden processes, click here to show them.

URLs

Name

Malicious

http://topgamecheats.dev/8bjndDcoA3/index.php?wal=1

93.123.39.96

http://topgamecheats.dev/8bjndDcoA3/Plugins/clip64.dll

93.123.39.96

http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1

93.123.39.96

http://topgamecheats.dev/8bjndDcoA3/Plugins/cred64.dll

93.123.39.96

topgamecheats.dev/8bjndDcoA3/index.php

http://topgamecheats.dev/8bjndDcoA3/index.php

93.123.39.96

http://topgamecheats.dev/8bjndDcoA3/Plugins/cred64.dlllD

unknown

http://topgamecheats.dev/8bjndDcoA3/index.php~

unknown

http://topgamecheats.dev/8bjndDcoA3/index.phpJo

unknown

http://topgamecheats.dev/8bjndDcoA3/index.php$

unknown

http://topgamecheats.dev/8bjndDcoA3/index.phpd

unknown

http://topgamecheats.dev/8bjndDcoA3/index.php(

unknown

http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1h

unknown

http://topgamecheats.dev/8bjndDcoA3/index.phpm

unknown

http://upx.sf.net

unknown

http://topgamecheats.dev/8bjndDcoA3/index.php?scr=11

unknown

http://topgamecheats.dev/8bjndDcoA3/index.phpW

unknown

http://topgamecheats.dev/8bjndDcoA3/Plugins/cred64.dll~

unknown

http://topgamecheats.dev/8bjndDcoA3/index.php?scr=1//(

unknown

http://topgamecheats.dev/8bjndDcoA3/index.phpX

unknown

There are 10 hidden URLs, click here to show them.

Domains

Name

Malicious

topgamecheats.dev

93.123.39.96

Details

Name:	topgamecheats.dev
IP:	93.123.39.96
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Sample uses string decryption to hide its real strings	AV Detection
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

93.123.39.96

topgamecheats.dev

Bulgaria

Details

IP:	93.123.39.96
TargetID:	28
Current Path:	C:\Users\user\AppData\Local\Temp\cbb1d94791\Dctooux.exe
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false
Domain:	topgamecheats.dev

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

Registry

Path

Value

Malicious

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

ProgramId

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

FileId

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

LowerCaseLongPath

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

LongPathHash

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

Name

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

OriginalFileName

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

Publisher

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

Version

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

BinFileVersion

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

BinaryType

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

ProductName

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

ProductVersion

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

LinkDate

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

BinProductVersion

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

AppxPackageFullName

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

AppxPackageRelativeId

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

Size

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

Language

\REGISTRY\A\{6d5fc484-e05c-2f6f-4549-048aa2f1c4ba}\Root\InventoryApplicationFile\c92ec1cea5a09af2|3fb7a539887dfa65

Usn

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

ClockTimeSeconds

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

TickCount