Heracles/Tasker Variant Exhibits Schtasks Persistence and Backdoor Behavior


Zero‑Dwell Threat Intelligence Report

A narrative, executive‑ready view into the malware’s behavior, exposure, and reliable defenses.
Generated: 2025-11-27 12:54:20 UTC

Executive Overview — What We’re Dealing With

This specimen has persisted long enough to matter. Human experts classified it as Malware, and the telemetry confirms a capable, evasive Trojan with real impact potential.

File
x8a5h.exe
Type
Generic CIL Executable (.NET, Mono, etc.)
SHA‑1
09413e4446715c5d611b8717379c16030612ac05
MD5
a54f3219227d4e6e2df1bb37152b2f0a
First Seen
2025-11-25 08:00:58.069291
Last Analysis
2025-11-25 09:02:43.664898
Dwell Time
0 days, 7 hours, 33 minutes

Extended Dwell Time Impact

For 1+ hours, this malware remained undetected — a limited but sufficient window for the adversary to complete initial execution and establish basic system access.

Comparative Context

Industry studies report a median dwell time closer to 21–24 days. This case represents rapid detection and containment within hours rather than days.

Timeline

Time (UTC) Event Elapsed
2025-10-10 02:17:40 UTC First VirusTotal submission
2025-11-27 06:58:16 UTC Latest analysis snapshot 48 days, 4 hours, 40 minutes
2025-11-27 12:54:20 UTC Report generation time 48 days, 10 hours, 36 minutes

Why It Matters

Every additional day of dwell time is not just an abstract number — it is attacker opportunity. Each day equates to more time for lateral movement, stealth persistence, and intelligence gathering.

Global Detection Posture — Who Caught It, Who Missed It

VirusTotal engines: 73. Detected as malicious: 53. Missed: 20. Coverage: 72.6%.

Detected Vendors

  • Xcitium
  • +52 additional vendors (names not provided)

List includes Xcitium plus an additional 52 vendors per the provided summary.

Missed Vendors

  • Acronis
  • Antiy-AVL
  • Baidu
  • ClamAV
  • CMC
  • Cynet
  • google_safebrowsing
  • Gridinsoft
  • huorong
  • Jiangmin
  • NANO-Antivirus
  • Panda
  • SUPERAntiSpyware
  • TACHYON
  • Trapmine
  • TrendMicro
  • Webroot
  • Yandex
  • ZoneAlarm
  • Zoner

Why it matters: if any endpoint relies solely on a missed engine, this malware can operate with zero alerts. Prevention‑first controls close that gap regardless of signature lag.

Behavioral Storyline — How the Malware Operates

Dominant system-level operations (62.68% of behavior) suggest this malware performs deep system reconnaissance, privilege escalation, or core OS manipulation. It’s actively probing system defenses and attempting to gain administrative control.

Behavior Categories (weighted)

Weight values represent the frequency and intensity of malware interactions with specific system components. Higher weights indicate more aggressive targeting of that category. Each operation (registry access, file modification, network connection, etc.) contributes to the category’s total weight, providing a quantitative measure of the malware’s behavioral focus.

Category Weight Percentage
System 7095 62.68%
Misc 1303 11.51%
Registry 962 8.50%
File System 824 7.28%
Process 731 6.46%
Device 131 1.16%
Com 87 0.77%
Threading 76 0.67%
Crypto 53 0.47%
Synchronization 24 0.21%
Network 16 0.14%
Windows 12 0.11%
Services 4 0.04%
Hooking 2 0.02%

MITRE ATT&CK Mapping

  • T1027 – encode data using Base64
  • T1620 – invoke .NET assembly method
  • T1129 – link function at runtime on Windows
  • T1140 – decode data using Base64 in .NET
  • T1560.002 – compress data using GZip in .NET
  • T1115 – monitor clipboard content
  • T1027 – encrypt data using AES via .NET
  • T1083 – get common file path
  • T1083 – check if file exists
  • T1082 – Checks available memory
  • T1071 – Reads from the memory of another process
  • T1106 – Guard pages use detected – possible anti-debugging.

Following the Trail — Network & DNS Activity

Outbound activity leans on reputable infrastructure (e.g., CDNs, cloud endpoints) to blend in. TLS sessions and
HTTP calls show routine beaconing and IP‑lookup behavior that can masquerade as normal browsing.

Contacted Domains

Domain IP Country ASN/Org
www.aieov.com 76.223.54.146 United States Amazon.com, Inc.
kilimanjaro.run.place 185.91.127.92 United Kingdom Not known

Observed IPs

IP Country ASN/Org
224.0.0.252
8.8.4.4 United States Google LLC
8.8.8.8 United States Google LLC

DNS Queries

Request Type
5isohu.com A
www.aieov.com A
kilimanjaro.run.place A

Contacted IPs

IP Country ASN/Org
224.0.0.252
8.8.4.4 United States Google LLC
8.8.8.8 United States Google LLC

Port Distribution

Port Count Protocols
137 1 udp
5355 4 udp
53 50 udp

UDP Packets

Source IP Dest IP Sport Dport Time Proto
192.168.56.14 192.168.56.255 137 137 3.0811350345611572 udp
192.168.56.14 224.0.0.252 51209 5355 3.0364389419555664 udp
192.168.56.14 224.0.0.252 53401 5355 4.065615892410278 udp
192.168.56.14 224.0.0.252 55094 5355 5.611249923706055 udp
192.168.56.14 224.0.0.252 55848 5355 3.052643060684204 udp
192.168.56.14 8.8.4.4 49916 53 80.78178906440735 udp
192.168.56.14 8.8.4.4 50180 53 127.93765687942505 udp
192.168.56.14 8.8.4.4 50710 53 51.87483096122742 udp
192.168.56.14 8.8.4.4 50870 53 302.06308007240295 udp
192.168.56.14 8.8.4.4 50914 53 222.2030770778656 udp
192.168.56.14 8.8.4.4 51262 53 287.6724100112915 udp
192.168.56.14 8.8.4.4 52556 53 359.67266297340393 udp
192.168.56.14 8.8.4.4 52815 53 6.638140916824341 udp
192.168.56.14 8.8.4.4 53449 53 330.8441388607025 udp
192.168.56.14 8.8.4.4 54579 53 37.20350909233093 udp
192.168.56.14 8.8.4.4 54683 53 175.0625479221344 udp
192.168.56.14 8.8.4.4 55827 53 240.51555800437927 udp
192.168.56.14 8.8.4.4 55914 53 113.51550507545471 udp
192.168.56.14 8.8.4.4 56399 53 160.60927987098694 udp
192.168.56.14 8.8.4.4 57742 53 345.2812879085541 udp
192.168.56.14 8.8.4.4 59068 53 316.5155119895935 udp
192.168.56.14 8.8.4.4 60117 53 66.3751380443573 udp
192.168.56.14 8.8.4.4 60713 53 254.922287940979 udp
192.168.56.14 8.8.4.4 62022 53 146.23458290100098 udp
192.168.56.14 8.8.4.4 62112 53 26.719053030014038 udp
192.168.56.14 8.8.4.4 62548 53 207.78134608268738 udp
192.168.56.14 8.8.4.4 62800 53 269.328351020813 udp
192.168.56.14 8.8.4.4 63205 53 193.39050388336182 udp
192.168.56.14 8.8.4.4 64753 53 99.12523698806763 udp
192.168.56.14 8.8.4.4 65148 53 22.70339608192444 udp
192.168.56.14 8.8.8.8 49916 53 79.78207206726074 udp
192.168.56.14 8.8.8.8 50180 53 126.93846201896667 udp
192.168.56.14 8.8.8.8 50710 53 50.87545108795166 udp
192.168.56.14 8.8.8.8 50870 53 301.0629608631134 udp
192.168.56.14 8.8.8.8 50914 53 221.20387601852417 udp
192.168.56.14 8.8.8.8 51262 53 286.6724259853363 udp
192.168.56.14 8.8.8.8 52556 53 358.67299699783325 udp
192.168.56.14 8.8.8.8 52815 53 7.625335931777954 udp
192.168.56.14 8.8.8.8 53449 53 329.8438460826874 udp
192.168.56.14 8.8.8.8 54579 53 36.20356488227844 udp
192.168.56.14 8.8.8.8 54683 53 174.062833070755 udp
192.168.56.14 8.8.8.8 55827 53 239.5159010887146 udp
192.168.56.14 8.8.8.8 55914 53 112.51597499847412 udp
192.168.56.14 8.8.8.8 56399 53 159.60971808433533 udp
192.168.56.14 8.8.8.8 57742 53 344.28144693374634 udp
192.168.56.14 8.8.8.8 59068 53 315.5158109664917 udp
192.168.56.14 8.8.8.8 60117 53 65.37546491622925 udp
192.168.56.14 8.8.8.8 60713 53 253.9224169254303 udp
192.168.56.14 8.8.8.8 62022 53 145.238098859787 udp
192.168.56.14 8.8.8.8 62112 53 25.719348907470703 udp
192.168.56.14 8.8.8.8 62548 53 206.7815020084381 udp
192.168.56.14 8.8.8.8 62800 53 268.3290400505066 udp
192.168.56.14 8.8.8.8 63205 53 192.39082789421082 udp
192.168.56.14 8.8.8.8 64753 53 98.12540006637573 udp
192.168.56.14 8.8.8.8 65148 53 21.705272912979126 udp

Hunting tip: alert on unknown binaries initiating TLS to IP‑lookup services or unusual CDN endpoints — especially early in execution.

Persistence & Policy — Registry and Services

Registry and service telemetry points to policy awareness and environment reconnaissance rather than noisy persistence. Below is a compact view of the most relevant keys and handles; expand to see the full lists where available.

Registry Opened

169

Registry Set

300

Services Started

0

Services Opened

1

Registry Opened (Top 25)

Key
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\program.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32\0x0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\VFW
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\index9
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\System\Setup
HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected – It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
Show all (169 total)
Key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\EnablePrivateObjectHeap
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\LogFailures
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\ForceLog
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time\MUI_Dlt
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DisableConfigCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\System\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected – It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\FirstRunComplete
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\ContextLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\v4.0
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\HillClimbing_TargetSignalToNoiseRatio
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\LoggingLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\0x0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32\0x0
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4270068108-2931534202-3907561125-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time\TZI
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\WMIDisableCOMSecurity
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\0x0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\ObjectLimit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\payload.exe

Registry Set (Top 25)

Key Value
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\acpi/genuineintel_-_intel64_family_6_model_79_-____________intel(r)_xeon(r)_cpu_@_2.20ghz/_0\DriverVerVersion 6.1.7601.24520
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\acpi/genuineintel_-_intel64_family_6_model_79_-____________intel(r)_xeon(r)_cpu_@_2.20ghz/_1\DriverVerVersion 6.1.7601.24520
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\acpi/pnp0303/4&2c352a27&0\DriverVerVersion 6.1.7601.17514
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\acpi/pnp0700/4&2c352a27&0\DriverVerVersion 6.1.7600.16385
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\acpi/pnp0a03/0\DriverVerVersion 6.1.7601.24441
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\acpi/pnp0a06/pci_hotplug_resources\DriverVerVersion 6.1.7601.24441
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\acpi/pnp0b00/4&2c352a27&0\DriverVerVersion 6.1.7601.24441
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\acpi/pnp0f13/4&2c352a27&0\DriverVerVersion 6.1.7600.16385
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\acpi/qemu0002/3&267a616a&0\DriverVerVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\hdaudio/func_01&ven_1af4&dev_0022&subsys_1af40022&rev_1001/4&82fd0c&0&0001\DriverVerVersion 6.1.7601.24519
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_1af4&dev_1001&subsys_00021af4&rev_00/3&267a616a&0&38\DriverVerVersion 61.77.104.17100
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_1af4&dev_1002&subsys_00051af4&rev_00/3&267a616a&0&40\DriverVerVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_1af4&dev_1003&subsys_00031af4&rev_00/3&267a616a&0&30\DriverVerVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplication\0000c34c48b48a14753d8877e705591744db00000000\Publisher Microsoft Corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_1b36&dev_0100&subsys_11001af4&rev_05/3&267a616a&0&10\DriverVerVersion 6.1.7600.16385
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_8086&dev_100e&subsys_11001af4&rev_03/3&267a616a&0&18\DriverVerVersion 8.4.1.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_8086&dev_1237&subsys_11001af4&rev_02/3&267a616a&0&00\DriverVerVersion 6.1.7601.24441
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_8086&dev_2668&subsys_11001af4&rev_01/3&267a616a&0&20\DriverVerVersion 6.1.7601.17514
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplication\0000021f1df94e2c7570a94e39009b97cde300000000\Publisher Microsoft Corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_8086&dev_2934&subsys_11001af4&rev_03/3&267a616a&0&28\DriverVerVersion 6.1.7601.24138
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_8086&dev_2935&subsys_11001af4&rev_03/3&267a616a&0&29\DriverVerVersion 6.1.7601.24138
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_8086&dev_2936&subsys_11001af4&rev_03/3&267a616a&0&2a\DriverVerVersion 6.1.7601.24138
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_8086&dev_293a&subsys_11001af4&rev_03/3&267a616a&0&2f\DriverVerVersion 6.1.7601.24138
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_8086&dev_7000&subsys_11001af4&rev_00/3&267a616a&0&08\DriverVerVersion 6.1.7601.24441
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pci/ven_8086&dev_7010&subsys_11001af4&rev_00/3&267a616a&0&09\DriverVerVersion 6.1.7601.18231
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pciide/idechannel/4&403bef5&0&0\DriverVerVersion 6.1.7601.18231
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\pciide/idechannel/4&403bef5&0&1\DriverVerVersion 6.1.7601.18231
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\scsi/disk&ven_red_hat&prod_virtio/4&3595d273&0&000000\DriverVerVersion 6.1.7601.19133
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\usb/root_hub20/4&1df0ebf0&0\DriverVerVersion 6.1.7601.24138
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\usb/root_hub/4&1327ac63&0\DriverVerVersion 6.1.7601.24138
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\usb/root_hub/4&2498ad15&0\DriverVerVersion 6.1.7601.24138
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\usb/root_hub/4&3227fcd4&0\DriverVerVersion 6.1.7601.24138
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDeviceContainer\{27db0821-3bf9-f71a-f96f-a53403857690}\FriendlyName AZURE-PC
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\{3e395e2e-0a77-5e77-8cea-5633ca5b5831}\DriverVerVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDeviceContainer\{8b19d947-35da-14cb-2134-6586f47f8530}\FriendlyName (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDeviceContainer\{3d362e77-8e1a-b332-2008-5fe18b068f95}\FriendlyName (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDeviceContainer\{fc25e1b0-d28e-45aa-2fe2-6c6dd6ed05fc}\FriendlyName Red Hat VirtIO SCSI Disk Device
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDeviceContainer\{7431a2df-217c-3945-9910-7f734f1c0b9d}\FriendlyName (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDeviceContainer\{b2214ffb-cfbd-3695-6be4-7b60be5ee496}\FriendlyName (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\hid/vid_0627&pid_0001/6&e74c61b&0&0000\DriverVerVersion 6.1.7600.16385
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\usb/vid_0627&pid_0001/28754-0000:00:05.7-1\DriverVerVersion 6.1.7601.24386
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDeviceContainer\{615acc7d-ec3e-3892-ebb4-91e57cb137e4}\FriendlyName (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDeviceContainer\{b36f9a3e-2c32-448c-8bb5-18f65536904a}\FriendlyName (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDevicePnp\display/default_monitor/4&17f3f539&0&12345678&00&02\DriverVerVersion 6.1.7600.16385
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDeviceContainer\{291dd95b-9698-941d-b48b-db3d7cd2eaa0}\FriendlyName (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\LowerCaseLongPath c:\program files\mozilla firefox\updated\crashreporter.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\LinkDate 01/04/2023 18:08:34
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\BinProductVersion 108.0.2.8404
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\LowerCaseLongPath c:\program files\mozilla firefox\updated\default-browser-agent.exe
Show all (300 total)
Key Value
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\LinkDate 01/04/2023 18:14:01
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\BinProductVersion 108.0.2.8404
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\LowerCaseLongPath c:\program files\mozilla firefox\updated\firefox.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\Publisher mozilla corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\LinkDate 01/04/2023 18:07:51
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\BinProductVersion 108.0.2.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\LowerCaseLongPath c:\program files\mozilla firefox\updated\maintenanceservice.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\LinkDate 01/04/2023 18:08:08
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\BinProductVersion 108.0.2.8404
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\LowerCaseLongPath c:\program files\mozilla firefox\updated\maintenanceservice_installer.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\Publisher mozilla corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\LinkDate 07/24/2021 22:21:04
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\BinProductVersion 1.0.0.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\LowerCaseLongPath c:\program files\mozilla firefox\updated\minidump-analyzer.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\LinkDate 01/04/2023 18:08:09
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\BinProductVersion 108.0.2.8404
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\LowerCaseLongPath c:\program files\mozilla firefox\updated\pingsender.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\LinkDate 01/04/2023 18:08:08
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\BinProductVersion 108.0.2.8404
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\LowerCaseLongPath c:\program files\mozilla firefox\updated\plugin-container.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\Publisher mozilla corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\LinkDate 01/04/2023 18:25:28
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\BinProductVersion 108.0.2.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\LowerCaseLongPath c:\program files\mozilla firefox\updated\private_browsing.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\Publisher mozilla corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\LinkDate 01/04/2023 18:07:20
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\BinProductVersion 108.0.2.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\LowerCaseLongPath c:\program files\mozilla firefox\updated\uninstall\helper.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\Publisher mozilla corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\LinkDate 07/24/2021 22:21:04
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\BinProductVersion 1.0.0.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\LowerCaseLongPath c:\program files\mozilla firefox\updated\updater.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\LinkDate 01/04/2023 18:07:32
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\BinProductVersion 108.0.2.8404
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LowerCaseLongPath c:\program files\mozilla firefox\crashreporter.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LinkDate (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\BinProductVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplication\0000ca0169d7b9bbcfa4e65eb68a13f930210000ffff\Publisher Mozilla
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LowerCaseLongPath c:\program files\mozilla firefox\default-browser-agent.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LinkDate (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\BinProductVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LowerCaseLongPath c:\program files\mozilla firefox\firefox.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\Publisher mozilla corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LinkDate (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\BinProductVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LowerCaseLongPath c:\program files\mozilla firefox\maintenanceservice.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LinkDate (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\BinProductVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LowerCaseLongPath c:\program files\mozilla firefox\maintenanceservice_installer.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\Publisher mozilla corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LinkDate (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\BinProductVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LowerCaseLongPath c:\program files\mozilla firefox\minidump-analyzer.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LinkDate (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\BinProductVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LowerCaseLongPath c:\program files\mozilla firefox\pingsender.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LinkDate (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\BinProductVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LowerCaseLongPath c:\program files\mozilla firefox\plugin-container.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\Publisher mozilla corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LinkDate (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\BinProductVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LowerCaseLongPath c:\program files\mozilla firefox\updater.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\Publisher mozilla foundation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LinkDate (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\BinProductVersion (Empty)
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\addinprocess.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\LinkDate 03/28/2019 06:56:01
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\addinprocess.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\LinkDate 03/28/2019 06:56:01
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\addinprocess32.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\LinkDate 03/28/2019 06:56:57
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\addinprocess32.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\LinkDate 03/28/2019 06:56:57
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\addinutil.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\LinkDate 03/28/2019 06:56:58
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\addinutil.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\LinkDate 03/28/2019 06:56:58
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\applaunch.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\LinkDate 03/28/2019 06:36:04
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\applaunch.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\LinkDate 03/28/2019 06:49:21
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_compiler.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\LinkDate 03/28/2019 06:48:46
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\LinkDate 03/28/2019 06:56:53
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_regbrowsers.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\LinkDate 03/28/2019 06:48:49
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\aspnet_regbrowsers.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\LinkDate 03/28/2019 06:56:53
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_regiis.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\LinkDate 03/28/2019 06:48:55
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\aspnet_regiis.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\LinkDate 03/28/2019 06:56:58
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\aspnet_regsql.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\LinkDate 03/28/2019 06:56:56
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_regsql.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\LinkDate 03/28/2019 06:48:55
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\LinkDate 03/28/2019 06:57:06
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\LinkDate 03/28/2019 06:48:55
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\aspnet_wp.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\LinkDate 12/03/2019 22:00:00
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_wp.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\LinkDate 12/03/2019 22:08:22
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\caspol.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\LinkDate 03/28/2019 06:49:14
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\caspol.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\LinkDate 03/28/2019 06:35:27
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\comsvcconfig.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\LinkDate 03/28/2019 07:24:03
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\comsvcconfig.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\LinkDate 03/28/2019 07:24:03
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\csc.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\LinkDate 03/28/2019 07:23:26
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryDriverBinary\c:/windows/system32/drivers/e1g6032e.sys\DriverVersion 8.4.1.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\csc.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\LinkDate 03/28/2019 07:20:59
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\cvtres.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\LinkDate 09/26/2018 23:48:24
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\BinProductVersion 14.10.25028.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\LinkDate 09/26/2018 23:45:05
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\BinProductVersion 14.10.25028.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\datasvcutil.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\LinkDate 03/28/2019 06:57:10
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\BinProductVersion 4.8.3761.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\datasvcutil.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\LinkDate 03/28/2019 06:57:10
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\BinProductVersion 4.8.3761.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\dfsvc.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\LinkDate 03/28/2019 06:56:35
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\dfsvc.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\LinkDate 03/28/2019 06:56:35
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\edmgen.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\LinkDate 03/28/2019 06:57:51
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\BinProductVersion 4.8.3761.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\edmgen.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\LinkDate 03/28/2019 06:57:51
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\BinProductVersion 4.8.3761.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\ilasm.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\LinkDate 03/28/2019 06:38:02
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\ilasm.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\LinkDate 03/28/2019 06:48:55
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\installutil.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\LinkDate 03/28/2019 06:56:27
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\installutil.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\LinkDate 03/28/2019 06:47:19
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\jsc.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\LinkDate 03/28/2019 07:26:30
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\BinProductVersion 14.8.3761.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\jsc.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\LinkDate 03/28/2019 07:26:30
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\BinProductVersion 14.8.3761.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\LowerCaseLongPath c:\windows\microsoft.net\framework64\v4.0.30319\microsoft.workflow.compiler.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\LinkDate 03/28/2019 07:23:52
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\LowerCaseLongPath c:\windows\microsoft.net\assembly\gac_msil\microsoft.workflow.compiler\v4.0_4.0.0.0__31bf3856ad364e35\microsoft.workflow.compiler.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\LinkDate 03/28/2019 07:23:52
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\microsoft.workflow.compiler.exe
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\Publisher microsoft corporation
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\LinkDate 03/28/2019 07:23:52
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\BinProductVersion 4.0.30319.0
\REGISTRY\A\{2958AB99-9A49-C1B2-3EF8-2955EBADF042}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff\LowerCaseLongPath c:\windows\microsoft.net\framework\v4.0.30319\msbuild.exe

Services Started (Top 15)

Services Opened (Top 15)

Service
dnsCache

What To Do Now — Practical Defense Playbook

  • Contain unknowns: block first‑run binaries by default — signatures catch up, containment works now.
  • EDR controls: alert on keyboard hooks, screen capture APIs, VM/sandbox checks, and command‑shell launches.
  • Registry watch: flag queries/sets under policy paths (e.g., …\FipsAlgorithmPolicy\*).
  • Network rules: inspect outbound TLS to IP‑lookup services and unexpected CDN endpoints.
  • Hunt broadly: sweep endpoints for the indicators above and quarantine positives immediately.

Dwell time equals attacker opportunity. Reducing execution privileges and egress shrinks that window even when vendors disagree.

Scroll to Top