Analysis Overview
SHA256
6062125c6db4cc69fb9d78b3307338d1ee1887325a6f6826694fd2507bc343d1
Threat Level: Known bad
The file NEAS.58fedc8422ca6adf2b137d0679c375c0.exe was found to be: Known bad.
Malicious Activity Summary
Tinba / TinyBanker
Adds Run key to start application
Suspicious use of SetThreadContext
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-01 14:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-01 14:09
Reported
2023-11-01 17:10
Platform
win7-20231020-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Tinba / TinyBanker
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1154728922-3261336865-3456416385-1000\Software\Microsoft\Windows\CurrentVersion\Run\901FC304 = "C:\\Users\\Admin\\AppData\\Roaming\\901FC304\\bin.exe" | C:\Windows\SysWOW64\winver.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 372 set thread context of 2184 | N/A | C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe | C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\winver.exe | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\SysWOW64\winver.exe
winver
C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe"
C:\Windows\system32\taskhost.exe
"taskhost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | recdataoneveter.cc | udp |
| US | 216.218.185.162:80 | recdataoneveter.cc | tcp |
| US | 8.8.8.8:53 | diiqngijkpop.com | udp |
| US | 216.218.185.162:80 | diiqngijkpop.com | tcp |
Files
memory/2184-2-0x0000000000400000-0x0000000000405000-memory.dmp
memory/2184-4-0x0000000000510000-0x0000000000F10000-memory.dmp
memory/2348-6-0x0000000000180000-0x0000000000186000-memory.dmp
memory/1272-5-0x0000000002970000-0x0000000002976000-memory.dmp
memory/2348-15-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/2348-14-0x00000000003E0000-0x00000000003F6000-memory.dmp
memory/1272-13-0x0000000077BD1000-0x0000000077BD2000-memory.dmp
memory/2348-12-0x0000000077D80000-0x0000000077D81000-memory.dmp
memory/1272-9-0x0000000002970000-0x0000000002976000-memory.dmp
memory/2348-8-0x0000000077D7F000-0x0000000077D80000-memory.dmp
memory/2348-7-0x0000000000180000-0x0000000000186000-memory.dmp
memory/2348-11-0x0000000000180000-0x0000000000186000-memory.dmp
memory/2348-10-0x0000000077D7F000-0x0000000077D81000-memory.dmp
memory/1272-3-0x0000000002970000-0x0000000002976000-memory.dmp
memory/2184-18-0x0000000000510000-0x0000000000F10000-memory.dmp
memory/1724-27-0x0000000000400000-0x0000000000406000-memory.dmp
memory/1724-33-0x0000000000400000-0x0000000000406000-memory.dmp
memory/1724-32-0x0000000077BD1000-0x0000000077BD2000-memory.dmp
memory/1272-31-0x0000000002980000-0x0000000002986000-memory.dmp
memory/1192-30-0x0000000001AA0000-0x0000000001AA6000-memory.dmp
memory/1136-29-0x0000000077BD1000-0x0000000077BD2000-memory.dmp
memory/1136-28-0x0000000000410000-0x0000000000416000-memory.dmp
memory/1272-25-0x0000000002980000-0x0000000002986000-memory.dmp
memory/1192-22-0x0000000001AA0000-0x0000000001AA6000-memory.dmp
memory/1136-20-0x0000000000410000-0x0000000000416000-memory.dmp
memory/2348-39-0x0000000000180000-0x0000000000186000-memory.dmp
memory/1272-40-0x0000000077D60000-0x0000000077D61000-memory.dmp
memory/2348-41-0x00000000001D0000-0x00000000001D1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-11-01 14:09
Reported
2023-11-01 17:09
Platform
win10v2004-20231023-en
Max time kernel
119s
Max time network
175s
Command Line
Signatures
Tinba / TinyBanker
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\F9EF627E = "C:\\Users\\Admin\\AppData\\Roaming\\F9EF627E\\bin.exe" | C:\Windows\SysWOW64\winver.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3540 set thread context of 4524 | N/A | C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe | C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\WerFault.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\WerFault.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\WerFault.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\WerFault.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\0f600d4b-f369-4b65- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\d3df10a1-4ab1-44ed- = "\\\\?\\Volume{C2D04A06-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\f19a4b7b4ded9da56d435c1cd7e35f8b799280edea93ce8b48f7fabee2384b71" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\63ba3905-79ba-44a2- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\63ba3905-79ba-44a2- = "\\\\?\\Volume{C2D04A06-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\f27eb34d-081d-40f9- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\51b0e21b-0a31-4fb6- = 6ab155ffe50cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\950d2fb4-4bc1-40c8- = 0114020000000000c0000000000000464c0000000114020000000000c000000000000046830000002000000062701300e60cda01af40c902e60cda01501b6502e60cda01aab902000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad01320000000000615707892000353235636439336262333933643762306531303633363266363939396437636437393834323065353964393764616231363762613430623836323836373132340000b20009000400efbe61570789615707892e0000000000000000000000000000000000000000000000000043288900350032003500630064003900330062006200330039003300640037006200300065003100300036003300360032006600360039003900390064003700630064003700390038003400320030006500350039006400390037006400610062003100360037006200610034003000620038003600320038003600370031003200340000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000001755a79b1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c35323563643933626233393364376230653130363336326636393939643763643739383432306535396439376461623136376261343062383632383637313234000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a05800000000000000666575747a6369690000000000000000aa66e0c271c14945b47c5aad1972038d9304dab8a271ee1192aae6ddb52da3e4aa66e0c271c14945b47c5aad1972038d9304dab8a271ee1192aae6ddb52da3e4ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d0033003100320035003600300031003200340032002d003300330031003400340037003500390033002d0031003500310032003800320038003400360035002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000064ad0c2000000000000d01200000000000000000000000000000000 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\d99c14d3-25aa-4afd- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\cd791fb1-59ba-446f- = "8324" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\ac17408b-0840-4c3d- = "\\\\?\\Volume{C2D04A06-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\f19a4b7b4ded9da56d435c1cd7e35f8b799280edea93ce8b48f7fabee2384b71" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\1772a8e6-69f8-41f5- = 0114020000000000c0000000000000464c0000000114020000000000c0000000000000468300000020000000dec52c01e60cda01aa5ee409e60cda017a6f8f08e60cda01eae905000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad01320000000000615707892000393633646561643466313665333831656135383666386335656465323939396135313861376265636565373561663633656164653439363965356639383263340000b20009000400efbe61570789615707892e0000000000000000000000000000000000000000000000000082642700390036003300640065006100640034006600310036006500330038003100650061003500380036006600380063003500650064006500320039003900390061003500310038006100370062006500630065006500370035006100660036003300650061006400650034003900360039006500350066003900380032006300340000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000001755a79b1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c39363364656164346631366533383165613538366638633565646532393939613531386137626563656537356166363365616465343936396535663938326334000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a05800000000000000666575747a6369690000000000000000aa66e0c271c14945b47c5aad1972038da804dab8a271ee1192aae6ddb52da3e4aa66e0c271c14945b47c5aad1972038da804dab8a271ee1192aae6ddb52da3e4ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d0033003100320035003600300031003200340032002d003300330031003400340037003500390033002d0031003500310032003800320038003400360035002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000064ad0c2000000000000d01200000000000000000000000000000000 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\d3df10a1-4ab1-44ed- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\ac17408b-0840-4c3d- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\f27eb34d-081d-40f9- = dddac110e60cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\950d2fb4-4bc1-40c8- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\a21ca050-90dd-4899- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\713fc7c4-79e7-496b- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\950d2fb4-4bc1-40c8- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\67933f3c-b8a1-4612- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\0f600d4b-f369-4b65- = 0114020000000000c0000000000000464c0000000114020000000000c00000000000004683000000200000009c1776ffe50cda019c1776ffe50cda019c1776ffe50cda01000000000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad01320000000000615707892000376539383135623532663462633634306463613835663462663636653334633361646666346438653439326639346633646537643536613462643339316434340000b20009000400efbe61570789615707892e00000000000000000000000000000000000000000000000000643b5e00370065003900380031003500620035003200660034006200630036003400300064006300610038003500660034006200660036003600650033003400630033006100640066006600340064003800650034003900320066003900340066003300640065003700640035003600610034006200640033003900310064003400340000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000001755a79b1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c37653938313562353266346263363430646361383566346266363665333463336164666634643865343932663934663364653764353661346264333931643434000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a05800000000000000666575747a6369690000000000000000aa66e0c271c14945b47c5aad1972038d8204dab8a271ee1192aae6ddb52da3e4aa66e0c271c14945b47c5aad1972038d8204dab8a271ee1192aae6ddb52da3e4ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d0033003100320035003600300031003200340032002d003300330031003400340037003500390033002d0031003500310032003800320038003400360035002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000064ad0c2000000000000d01200000000000000000000000000000000 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\34f0c418-8b8d-438d- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\7c5f0aea-cf74-4f24- = "0" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\0f600d4b-f369-4b65- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\7c5f0aea-cf74-4f24- = 0114020000000000c0000000000000464c0000000114020000000000c00000000000004683000000200000007eeeacffe50cda017eeeacffe50cda017eeeacffe50cda01000000000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad01320000000000615707892000393633646561643466313665333831656135383666386335656465323939396135313861376265636565373561663633656164653439363965356639383263340000b20009000400efbe61570789615707892e0000000000000000000000000000000000000000000000000082642700390036003300640065006100640034006600310036006500330038003100650061003500380036006600380063003500650064006500320039003900390061003500310038006100370062006500630065006500370035006100660036003300650061006400650034003900360039006500350066003900380032006300340000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000001755a79b1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c39363364656164346631366533383165613538366638633565646532393939613531386137626563656537356166363365616465343936396535663938326334000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a05800000000000000666575747a6369690000000000000000aa66e0c271c14945b47c5aad1972038d8604dab8a271ee1192aae6ddb52da3e4aa66e0c271c14945b47c5aad1972038d8604dab8a271ee1192aae6ddb52da3e4ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d0033003100320035003600300031003200340032002d003300330031003400340037003500390033002d0031003500310032003800320038003400360035002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000064ad0c2000000000000d01200000000000000000000000000000000 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\de037b1b-f299-42dd- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\719c7c2b-647c-4621- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\43213990-474b-448a- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\56038947-8822-43e8- = 0114020000000000c0000000000000464c0000000114020000000000c0000000000000468300000020000000feb18404e60cda0173598d0de60cda012cac3e0de60cda01de5d02000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad01320000000000615707892000376539383135623532663462633634306463613835663462663636653334633361646666346438653439326639346633646537643536613462643339316434340000b20009000400efbe61570789615707892e00000000000000000000000000000000000000000000000000643b5e00370065003900380031003500620035003200660034006200630036003400300064006300610038003500660034006200660036003600650033003400630033006100640066006600340064003800650034003900320066003900340066003300640065003700640035003600610034006200640033003900310064003400340000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000001755a79b1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c37653938313562353266346263363430646361383566346266363665333463336164666634643865343932663934663364653764353661346264333931643434000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a05800000000000000666575747a6369690000000000000000aa66e0c271c14945b47c5aad1972038dbf04dab8a271ee1192aae6ddb52da3e4aa66e0c271c14945b47c5aad1972038dbf04dab8a271ee1192aae6ddb52da3e4ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d0033003100320035003600300031003200340032002d003300330031003400340037003500390033002d0031003500310032003800320038003400360035002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000064ad0c2000000000000d01200000000000000000000000000000000 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\233fb560-699d-43b5- = 21988cffe50cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\cd791fb1-59ba-446f- = 0114020000000000c0000000000000464c0000000114020000000000c0000000000000468300000020000000c5e24700e60cda01d8daa702e60cda011e1c4602e60cda0181c106000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad01320000000000615707892000386536633936613064383638323461656631643164346233336434633261366361353935376133656331353937666533386266366333303131616665396330350000b20009000400efbe61570789615707892e00000000000000000000000000000000000000000000000000dd173800380065003600630039003600610030006400380036003800320034006100650066003100640031006400340062003300330064003400630032006100360063006100350039003500370061003300650063003100350039003700660065003300380062006600360063003300300031003100610066006500390063003000350000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000001755a79b1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c38653663393661306438363832346165663164316434623333643463326136636135393537613365633135393766653338626636633330313161666539633035000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a05800000000000000666575747a6369690000000000000000aa66e0c271c14945b47c5aad1972038d9404dab8a271ee1192aae6ddb52da3e4aa66e0c271c14945b47c5aad1972038d9404dab8a271ee1192aae6ddb52da3e4ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d0033003100320035003600300031003200340032002d003300330031003400340037003500390033002d0031003500310032003800320038003400360035002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000064ad0c2000000000000d01200000000000000000000000000000000 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\a21ca050-90dd-4899- = "0" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\34f0c418-8b8d-438d- = "\\\\?\\Volume{C2D04A06-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\8e6c96a0d86824aef1d1d4b33d4c2a6ca5957a3ec1597fe38bf6c3011afe9c05" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\cd791fb1-59ba-446f- = a1732905e60cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\cd791fb1-59ba-446f- = "0" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\ac84dcae-6c58-48df- = "\\\\?\\Volume{C2D04A06-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\ac84dcae-6c58-48df- = "0" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\6aa8a939-df61-4b82- = 6ffa911be60cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\233fb560-699d-43b5- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\34f0c418-8b8d-438d- = a4f6a8ffe50cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\719c7c2b-647c-4621- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\f27eb34d-081d-40f9- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\6aa8a939-df61-4b82- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\a21ca050-90dd-4899- = "8324" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\719c7c2b-647c-4621- = "\\\\?\\Volume{C2D04A06-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\963dead4f16e381ea586f8c5ede2999a518a7becee75af63eade4969e5f982c4" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\ce76d586-5385-4a3a- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\92a3eea9-97d7-4554- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\78e12d1a-acfc-40f6- = "\\\\?\\Volume{C2D04A06-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\51b0e21b-0a31-4fb6- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\34f0c418-8b8d-438d- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\1772a8e6-69f8-41f5- = "8324" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\51b0e21b-0a31-4fb6- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\d3df10a1-4ab1-44ed- = 649f99ffe50cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\f27eb34d-081d-40f9- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\7c5f0aea-cf74-4f24- = "\\\\?\\Volume{C2D04A06-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\StagedAssets\\963dead4f16e381ea586f8c5ede2999a518a7becee75af63eade4969e5f982c4" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\0f600d4b-f369-4b65- = 3caf80ffe50cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\d3df10a1-4ab1-44ed- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\ac17408b-0840-4c3d- = "Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy" | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\56038947-8822-43e8- = 71a63910e60cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\d3df10a1-4ab1-44ed- = 0114020000000000c0000000000000464c0000000114020000000000c0000000000000468300000020000000a7ed8dffe50cda01a7ed8dffe50cda01a7ed8dffe50cda01000000000000000001000000000000000000000000000000260514001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800e4003100000000000000000010004d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e31683274787965777900009e0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e003100680032007400780079006500770079000000460060003100000000000000000010004c6f63616c53746174650000460009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c005300740061007400650000001a00660031000000000000000000100053746167656441737365747300004a0009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000053007400610067006500640041007300730065007400730000001c00ad01320000000000615707892000663139613462376234646564396461353664343335633163643765333566386237393932383065646561393363653862343866376661626565323338346237310000b20009000400efbe61570789615707892e0000000000000000000000000000000000000000000000000059654600660031003900610034006200370062003400640065006400390064006100350036006400340033003500630031006300640037006500330035006600380062003700390039003200380030006500640065006100390033006300650038006200340038006600370066006100620065006500320033003800340062003700310000005000ab0000002700efbe9d00000031535053b79daeff8d1cff43818c84403aa3732d8100000064000000001f000000370000004d006900630072006f0073006f00660074002e00570069006e0064006f00770073002e0043006f006e00740065006e007400440065006c00690076006500720079004d0061006e0061006700650072005f006300770035006e0031006800320074007800790065007700790000000000000000000000000050000000eb0000001c000000010000001c0000003400000000000000ea00000018000000030000001755a79b1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e57696e646f77732e436f6e74656e7444656c69766572794d616e616765725f6377356e3168327478796577795c4c6f63616c53746174655c5374616765644173736574735c66313961346237623464656439646135366434333563316364376533356638623739393238306564656139336365386234386637666162656532333834623731000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a05800000000000000666575747a6369690000000000000000aa66e0c271c14945b47c5aad1972038d8404dab8a271ee1192aae6ddb52da3e4aa66e0c271c14945b47c5aad1972038d8404dab8a271ee1192aae6ddb52da3e4ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d0033003100320035003600300031003200340032002d003300330031003400340037003500390033002d0031003500310032003800320038003400360035002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000064ad0c2000000000000d01200000000000000000000000000000000 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\f75c3424-d839-473d- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\63ba3905-79ba-44a2- | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\950d2fb4-4bc1-40c8- = 47eabd04e60cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\PersistedStorageItemTable\System\de037b1b-f299-42dd- = 287de704e60cda01 | C:\Windows\System32\RuntimeBroker.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\RuntimeBroker.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\backgroundTaskHost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\winver.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX53ypgrj20bgndg05hj3tc7z654myszwp.mca
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\sihost.exe
sihost.exe
C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe"
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.58fedc8422ca6adf2b137d0679c375c0.exe"
C:\Windows\SysWOW64\winver.exe
winver
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3688 -s 928
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 184 -s 968
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recdataoneveter.cc | udp |
| US | 216.218.185.162:80 | recdataoneveter.cc | tcp |
| US | 8.8.8.8:53 | diiqngijkpop.com | udp |
| US | 216.218.185.162:80 | diiqngijkpop.com | tcp |
| US | 8.8.8.8:53 | 162.185.218.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hiwxuvuponqw.com | udp |
| US | 216.218.185.162:80 | hiwxuvuponqw.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.162.46.104.in-addr.arpa | udp |
Files
memory/4524-2-0x0000000000400000-0x0000000000405000-memory.dmp
memory/4524-3-0x0000000000600000-0x0000000001000000-memory.dmp
memory/3056-9-0x0000000002760000-0x0000000002766000-memory.dmp
memory/3056-6-0x0000000002760000-0x0000000002766000-memory.dmp
memory/3288-4-0x0000000000E60000-0x0000000000E66000-memory.dmp
memory/3288-8-0x0000000000E60000-0x0000000000E66000-memory.dmp
memory/3056-7-0x0000000077DA2000-0x0000000077DA3000-memory.dmp
memory/3056-5-0x0000000002760000-0x0000000002766000-memory.dmp
memory/3288-10-0x00007FF96DD8D000-0x00007FF96DD8E000-memory.dmp
memory/4524-13-0x0000000000600000-0x0000000001000000-memory.dmp
memory/2692-14-0x0000000000850000-0x0000000000856000-memory.dmp
memory/2808-15-0x0000000000390000-0x0000000000396000-memory.dmp
memory/2692-16-0x0000000000850000-0x0000000000856000-memory.dmp
memory/2848-17-0x0000000000150000-0x0000000000156000-memory.dmp
memory/3436-20-0x00000000009A0000-0x00000000009A6000-memory.dmp
memory/3288-21-0x0000000000E30000-0x0000000000E36000-memory.dmp
memory/2848-23-0x0000000000150000-0x0000000000156000-memory.dmp
memory/3688-22-0x00000000001D0000-0x00000000001D6000-memory.dmp
memory/3840-26-0x0000000000580000-0x0000000000586000-memory.dmp
memory/3436-25-0x00000000009A0000-0x00000000009A6000-memory.dmp
memory/3780-24-0x0000000000ED0000-0x0000000000ED6000-memory.dmp
memory/2808-19-0x0000000000390000-0x0000000000396000-memory.dmp
memory/3288-18-0x0000000000E30000-0x0000000000E36000-memory.dmp
memory/3780-27-0x0000000000ED0000-0x0000000000ED6000-memory.dmp
memory/3840-28-0x0000000000580000-0x0000000000586000-memory.dmp
memory/3936-29-0x0000000000D00000-0x0000000000D06000-memory.dmp
memory/3468-30-0x0000000000A50000-0x0000000000A56000-memory.dmp
memory/4428-31-0x0000000000AF0000-0x0000000000AF6000-memory.dmp
memory/2876-32-0x0000000000B60000-0x0000000000B66000-memory.dmp
memory/3468-33-0x0000000000A50000-0x0000000000A56000-memory.dmp
memory/4428-34-0x0000000000AF0000-0x0000000000AF6000-memory.dmp
memory/2876-35-0x0000000000B60000-0x0000000000B66000-memory.dmp
memory/3340-36-0x0000000000AC0000-0x0000000000AC6000-memory.dmp
memory/2092-37-0x00000000000E0000-0x00000000000E6000-memory.dmp
memory/1824-38-0x00000000000D0000-0x00000000000D6000-memory.dmp
memory/2492-39-0x0000000000C10000-0x0000000000C16000-memory.dmp
memory/1824-40-0x00000000000D0000-0x00000000000D6000-memory.dmp
memory/2492-41-0x0000000000C10000-0x0000000000C16000-memory.dmp
memory/932-45-0x0000000000150000-0x0000000000156000-memory.dmp
memory/932-46-0x0000000000150000-0x0000000000156000-memory.dmp
memory/932-57-0x00007FF96DF00000-0x00007FF96DF01000-memory.dmp
memory/932-60-0x00007FF96DF10000-0x00007FF96DF11000-memory.dmp
memory/3108-67-0x0000000000990000-0x0000000000996000-memory.dmp
memory/3108-68-0x00007FF96DD8D000-0x00007FF96DD8E000-memory.dmp
memory/3108-69-0x00007FF96DD8D000-0x00007FF96DD8E000-memory.dmp
memory/3108-70-0x00007FF96DF10000-0x00007FF96DF11000-memory.dmp
memory/3108-71-0x00007FF96DF20000-0x00007FF96DF21000-memory.dmp
memory/3288-72-0x00007FF96DF20000-0x00007FF96DF21000-memory.dmp
memory/3780-73-0x00007FF96DF00000-0x00007FF96DF01000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\310091\ea087b19cf7a4c30980d13fde95b5421_1
| MD5 | 664f99e3fe15178ffb242a6e5bff5e60 |
| SHA1 | a95099e7ae7402b3d5d175625bc073b588c3957f |
| SHA256 | 550e564a6c493f582eba1ba795498ed44678ca1f7a8520200b3781f89f6221e6 |
| SHA512 | ad7d96763b8325e88883274fc55dcaa228716e4e92db6c492541d169f2dfe980cfa9ff5b587a9ca7444e8c7cfcbc56db51264740c306ed00119dc64d459c673c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338388\9c5925f597f540ae99ecea64fa925c44_1
| MD5 | b6f48a7ec498dd01b0685a4aad3537b6 |
| SHA1 | 2ab6a9c0bc4a6c2131c7e85f0974e9c6f064169a |
| SHA256 | 00f58087fbb7a3d0fd9fbc7d4339725a4b0fbfd0673c48c00986518c8a969e2f |
| SHA512 | 975f9c5e7cc0e04ce40e7e8dfd9abc13cd0d56bebd34c04f80f724ec6f53bb32d0b5d87dc6fce15db91ca8b510859651a71002dee339303b60051cb0ccc6b463 |
memory/2252-84-0x0000000000070000-0x0000000000076000-memory.dmp
memory/2252-85-0x0000000000070000-0x0000000000076000-memory.dmp
memory/2252-86-0x00007FF96DF20000-0x00007FF96DF21000-memory.dmp
memory/3108-87-0x0000000000990000-0x0000000000996000-memory.dmp
memory/2252-88-0x00007FF96DF10000-0x00007FF96DF11000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\eventbeacons.dat
| MD5 | 02eb0b597efe8fa7279227d9a10cc87e |
| SHA1 | 092095f8fd04bfe0833b35b2b26a4a4dc63f7b99 |
| SHA256 | 0aee74d74847e228dd9d2f39e9ee5c298c5cbf25f7fa50e8a71e3b4aed2f26b7 |
| SHA512 | 3ec46ed9b50e17da465ef0cd809bfadefe22ec4842c473e572317852bc8455faa13b39a21d590ed5f1035d8d7b9f4660378038b8afbd85e5688fcb2ba68b212c |
memory/1652-98-0x0000000000A70000-0x0000000000A76000-memory.dmp
memory/4584-99-0x0000000000570000-0x0000000000576000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000045\1698858485
| MD5 | 65ad5a681fb06f288e81a8105bcf3df6 |
| SHA1 | 0e6417a100e43e4d6abc07e21dbafdf31151b970 |
| SHA256 | ce8c8851b168c7b057fc72dda6297422730a9999c174ec7cd442cd11f330ea53 |
| SHA512 | 0bb309c73e1e98ebea08fc47c6e21cd60600847af88db6176da6250998c6659c76f9a63f158477662b6c9bc1084f79d96049b2f251a9af38318beff2574e229b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\eventbeacons.dat
| MD5 | 88cc1807ec4cc644ed78361792d61027 |
| SHA1 | 63bf0960c0a8bbbc521f2d22cb3bca4daa72ea95 |
| SHA256 | f31373a556bdc1e6ef80b21e014de8fdecdabb8bea103cde4ca371ddfce69fd6 |
| SHA512 | 6c93f2cdc22717766eef1b83bdcf069a13560deaf4ab8ce56edfd82c4765573f9d4362e4add99289b9b2f84f86a071bd959430a7fba2fb7ec1edc20924e79625 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338389\cbbbc4599f754e659cdae88c1bee2223_1
| MD5 | bcc5971432ea00c2b3d6f781a64da033 |
| SHA1 | f730dc1bab2660025550f2025a40992de2581b0e |
| SHA256 | 7c769724f90fcc6473cf08c6161bb0651ba8866ba1d74c77f718c2762b4c0223 |
| SHA512 | 6029e7ea86ddbfa0caa6038187136dfe0ed8c7ff502fe26d3f1d86091a101acb272a2618a3e2a0b700665ee02a14e5cbaa27712fc7a0f845bc29c219f312f7c1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\1698858485
| MD5 | 09f0216e185a58e05b508755454c25f5 |
| SHA1 | 7000aaace7a06c88082a3f6b39054fa5950c5f5d |
| SHA256 | f04d06a1b494bb10194f2f2fd60bc7ff09ad1b385c284ea4f26f35fcc27441f9 |
| SHA512 | 5c14fef750b953ac08c72fe38ac1d3515b5f4f2cb3e943bd092d994903ef4627db474b83d7b1a0dd837b536ebc729ed689571582b322bc257d533c6f7de5b701 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280815\1698858485
| MD5 | 7fb3ad70d7f5b49c48226ee3637ba3b5 |
| SHA1 | 5bd531efc014ef00a88b2f47bde31cfb48041582 |
| SHA256 | 880e1f6374b53197e4d7d9ad65e45559c5a2bd2a492564adb550f1323a611fec |
| SHA512 | 72e2024148c5aa09e643cf2ef026c4a444a20fddd2c82f5757526926339055a5212f05a6f925a9cd2af7909d92cbc33d5368eaf9d1b67e6dde6e8444f9d3dd9c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\eventbeacons.dat
| MD5 | e039780ed07ac69692a8c773a7321124 |
| SHA1 | 17f34b39cf0bc94b58144c8f62ab5b216122ca54 |
| SHA256 | 11aff484ecf56f50dba5bb8a1bccb564326a5d82bc3b19d346b086047f48b170 |
| SHA512 | 7e1e9a2fc5776552acf488cc81006eafdf658e9118a7e75ba73354ec251ade59c422d7557d045a71eacbe2b8dff7ad94a509e1b3164b5f77dadf075bef804afc |
memory/2252-161-0x0000000000070000-0x0000000000076000-memory.dmp
memory/2692-164-0x00007FF96DF10000-0x00007FF96DF11000-memory.dmp
memory/3840-165-0x00007FF96DF00000-0x00007FF96DF01000-memory.dmp
memory/3840-166-0x00007FF96DF20000-0x00007FF96DF21000-memory.dmp
memory/3840-167-0x00007FF96DF10000-0x00007FF96DF11000-memory.dmp
memory/4348-168-0x00000000009F0000-0x00000000009F6000-memory.dmp
memory/400-169-0x0000000000660000-0x0000000000666000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338388\9c5925f597f540ae99ecea64fa925c44_1
| MD5 | b6f48a7ec498dd01b0685a4aad3537b6 |
| SHA1 | 2ab6a9c0bc4a6c2131c7e85f0974e9c6f064169a |
| SHA256 | 00f58087fbb7a3d0fd9fbc7d4339725a4b0fbfd0673c48c00986518c8a969e2f |
| SHA512 | 975f9c5e7cc0e04ce40e7e8dfd9abc13cd0d56bebd34c04f80f724ec6f53bb32d0b5d87dc6fce15db91ca8b510859651a71002dee339303b60051cb0ccc6b463 |
memory/3780-171-0x00007FF96DF10000-0x00007FF96DF11000-memory.dmp
memory/2204-174-0x0000000000520000-0x0000000000526000-memory.dmp
memory/3324-175-0x0000000000300000-0x0000000000306000-memory.dmp
memory/2204-176-0x0000000000520000-0x0000000000526000-memory.dmp
memory/2548-194-0x0000000000D20000-0x0000000000D26000-memory.dmp
memory/1564-196-0x00000000001F0000-0x00000000001F6000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\51b0e21b-0a31-4fb6-a12f-bc4ea05a96ec.up_meta_secure
| MD5 | a6032c7c9268437b1fd876b1a32d9174 |
| SHA1 | f805c60420b8c2aa85d864cf097bfd90d6880731 |
| SHA256 | afb221a76dca57221ff78b317e4d534960dfd04dc86371da424658da283c3069 |
| SHA512 | 90da9a334ae4ba089a7f09e6f5d6c965b8ed3d1697ec716274d79a9a0a27e9bf8fdcaf04dcfd840f8c4167dd586af6fc6772f32d2753c948415c4568d6f772bf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\34f0c418-8b8d-438d-84e0-58baf00205da.down_data
| MD5 | e5bfd664e79539a4eae9c5257679f95f |
| SHA1 | bcc8f59a4da340dcc47a73dd906381cfefd8be60 |
| SHA256 | d8eaa82f00f5cc2d450fb59c831f00e0de786cae523bca75b223e84ada0aac80 |
| SHA512 | aa24d9d33c8de759db4985d45f2c004cea5e9368abd31e11b12bc54a661afc0484b189dac4cdd1164dd7fc950ad7821dd583bde2a26baf02af3fda4b2ca0d25f |
memory/1564-205-0x00007FF96DF20000-0x00007FF96DF21000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\34f0c418-8b8d-438d-84e0-58baf00205da.up_meta_secure
| MD5 | 67f086ee5caba72ee73c7588e5dc2550 |
| SHA1 | 7dc8a339e5fb037111d98dbda889a9872398e13f |
| SHA256 | 8120eed41f8c656e70e403648bc3f1946d70dcb58aca7aa8628f6f7895d7465d |
| SHA512 | 6407926a82d4fd24769466bee9cb24dc2ecbd02b1e0954ce27569389f3cd165ec48fe2755b58762c84e3d92bde4ab08b828ef406fa4f09eebdbe8e6ffa381999 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\51b0e21b-0a31-4fb6-a12f-bc4ea05a96ec.down_data
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\233fb560-699d-43b5-ac0b-9166768db2ab.down_data
| MD5 | d389905c2e73a7f3834143929ac3b14a |
| SHA1 | 3e8f9c707ff41d10a8694e87898d3c170bacae57 |
| SHA256 | 0a2abc6aef3b2b121d466bb23d2e843e545409da5a3bf8cfdf1e67fbcdfc4799 |
| SHA512 | 76ca92b8d20f3ac41c97e373067655ae27e36c7cc3f555af08cd18ae5a82e37ec6783bc7c21f02a7bd4431bd4a7553093444ca7b3fe113a8058b7ccc636807fb |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\34f0c418-8b8d-438d-84e0-58baf00205da.down_data
| MD5 | e5bfd664e79539a4eae9c5257679f95f |
| SHA1 | bcc8f59a4da340dcc47a73dd906381cfefd8be60 |
| SHA256 | d8eaa82f00f5cc2d450fb59c831f00e0de786cae523bca75b223e84ada0aac80 |
| SHA512 | aa24d9d33c8de759db4985d45f2c004cea5e9368abd31e11b12bc54a661afc0484b189dac4cdd1164dd7fc950ad7821dd583bde2a26baf02af3fda4b2ca0d25f |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\d3df10a1-4ab1-44ed-a971-71f79c80899f.up_meta_secure
| MD5 | afadd7994cb0498f3e37578f794f95f0 |
| SHA1 | e5e5ad78b70c8f15ee2f08ab2babccd88765152c |
| SHA256 | 91488eb550a84b0fc698132c3a7b68cd9032145ef99b6cc539aa7330a5d5604a |
| SHA512 | 04eafa4ef7cdd800da8050f624ac19e41926913d0393a7e458f4c975f0cb44d298116203fe4437bbde0986fd2c6f80d2bb7b984ebbc586ce241a15741da899de |
memory/2312-233-0x0000000000200000-0x0000000000206000-memory.dmp
memory/1876-232-0x00000000006B0000-0x00000000006B6000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\0f600d4b-f369-4b65-b54e-b9a78817b7dc.up_meta_secure
| MD5 | e46caf4f8c0ae877ce5d371d8d2e0cc0 |
| SHA1 | e661f047ca183450ecb82fa5353d4c9a967234de |
| SHA256 | d2eb0ec732d9e0ff809e2a52ab545bb4ded032a6cb21991e9b157e39bce99e54 |
| SHA512 | 467eab1733a083c10999eab2286805e4a251100dacdc72635607ad7e393b6dbd211e89dfb71e27aa9da5eb065db99a933b36ee9f8e39a1b0387f26dcbf5291e4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\d3df10a1-4ab1-44ed-a971-71f79c80899f.down_data
| MD5 | 75aa2ff2c506f039fabc22e665e7a521 |
| SHA1 | ba33e7533dee32ba491a1fa58eba1dbcee7a42a0 |
| SHA256 | f6f2cd3ec833c2a9c6d0c22b4cdac76d1a51e951fa1d73b634778d401b2278a4 |
| SHA512 | 6e26895ff51f5b5228fcebfcc0eb2265a682f646aef48a9d2d9c642d3381d1cc71fdd2ce4f1e22b4a32223176b20d795dc85b922966ad70105340ea8fe0506f3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\d3df10a1-4ab1-44ed-a971-71f79c80899f.down_data
| MD5 | 75aa2ff2c506f039fabc22e665e7a521 |
| SHA1 | ba33e7533dee32ba491a1fa58eba1dbcee7a42a0 |
| SHA256 | f6f2cd3ec833c2a9c6d0c22b4cdac76d1a51e951fa1d73b634778d401b2278a4 |
| SHA512 | 6e26895ff51f5b5228fcebfcc0eb2265a682f646aef48a9d2d9c642d3381d1cc71fdd2ce4f1e22b4a32223176b20d795dc85b922966ad70105340ea8fe0506f3 |
memory/1564-250-0x00000000001F0000-0x00000000001F6000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\233fb560-699d-43b5-ac0b-9166768db2ab.up_meta_secure
| MD5 | 51f587ca8e06313c2ad7ecfd39017b30 |
| SHA1 | 49e274d46788b0ef51e04c12d30c389e331ddaf4 |
| SHA256 | 1fe7a307c63d622248f563f73538943de60bc1a35b209ddfb02e56bce51fe092 |
| SHA512 | 6ceb307648e1cf4091f48c5abaab5de8fbaf8d27a715994daa1c407b807acf753880f9e87a1489f4025fd0c0be59ac952235dfc628637114436fec938f8f2dd2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\233fb560-699d-43b5-ac0b-9166768db2ab.down_data
| MD5 | d389905c2e73a7f3834143929ac3b14a |
| SHA1 | 3e8f9c707ff41d10a8694e87898d3c170bacae57 |
| SHA256 | 0a2abc6aef3b2b121d466bb23d2e843e545409da5a3bf8cfdf1e67fbcdfc4799 |
| SHA512 | 76ca92b8d20f3ac41c97e373067655ae27e36c7cc3f555af08cd18ae5a82e37ec6783bc7c21f02a7bd4431bd4a7553093444ca7b3fe113a8058b7ccc636807fb |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\0f600d4b-f369-4b65-b54e-b9a78817b7dc.down_data
| MD5 | 4000302699baa335548c20843dc38d00 |
| SHA1 | 8f0c399518f4da1a85094c6b4ed6de1c23b6741a |
| SHA256 | bad6c7554c665752c27e953c3af4d92f578df22510299f33710946ba78f26d71 |
| SHA512 | 8c540a8e9b70b6cee8d83021f32f636288c35a0e3984c3272f3cff442a64eb127432d69494d4e43db44100806214987e3fe615e62fd6cdb719d4058ff0676ed9 |
memory/4572-265-0x00000000007F0000-0x00000000007F6000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\7c5f0aea-cf74-4f24-b361-2ed5e6bfdeed.up_meta_secure
| MD5 | d3e099c34569ba9f2b53943abab8b104 |
| SHA1 | 09fe888073308eed27ba2b02f22052939eed0fee |
| SHA256 | 7a5e483e1e3b4ecce72c4273d5ef19691341051334a9ff0f09f9bb3af037e7b4 |
| SHA512 | 6115c04d0ad9d40b71c7021b886b1091eb144229ab98502d228ea6be4c7652406eb33762df1d73dc554e7c9e47bd5b0fb0555490d37eb6140c374fef8f0bcab0 |
memory/3288-279-0x00007FF96DF10000-0x00007FF96DF11000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\7c5f0aea-cf74-4f24-b361-2ed5e6bfdeed.down_data
| MD5 | 59781bc17733ecaa80a6c8e1782edb85 |
| SHA1 | 78e0bf70b62f90ff6e4f1ae007132aec0e0f9e4b |
| SHA256 | 0257443183ab9627d367b589e13771b4aba038b445920e7f2ae4cff643f177d5 |
| SHA512 | cd6aae647dd0ed676cf03a3827789ceb4cc0b747538fb719ac5d7bedf641f511982ad7d0bb761ddabdd4114144a67ce15be045617d81e678aeced8c7768fa8b4 |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\51b0e21b-0a31-4fb6-a12f-bc4ea05a96ec.down_data
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
memory/3356-342-0x0000000000DE0000-0x0000000000DE6000-memory.dmp
memory/3356-343-0x00007FF96DF10000-0x00007FF96DF11000-memory.dmp
memory/3356-344-0x00007FF96DF00000-0x00007FF96DF01000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\0f600d4b-f369-4b65-b54e-b9a78817b7dc.down_data
| MD5 | 4000302699baa335548c20843dc38d00 |
| SHA1 | 8f0c399518f4da1a85094c6b4ed6de1c23b6741a |
| SHA256 | bad6c7554c665752c27e953c3af4d92f578df22510299f33710946ba78f26d71 |
| SHA512 | 8c540a8e9b70b6cee8d83021f32f636288c35a0e3984c3272f3cff442a64eb127432d69494d4e43db44100806214987e3fe615e62fd6cdb719d4058ff0676ed9 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\f73e9e000062f9fb266761487c602a07c514e24f01f4723bc5576fa15c09244d
| MD5 | d389905c2e73a7f3834143929ac3b14a |
| SHA1 | 3e8f9c707ff41d10a8694e87898d3c170bacae57 |
| SHA256 | 0a2abc6aef3b2b121d466bb23d2e843e545409da5a3bf8cfdf1e67fbcdfc4799 |
| SHA512 | 76ca92b8d20f3ac41c97e373067655ae27e36c7cc3f555af08cd18ae5a82e37ec6783bc7c21f02a7bd4431bd4a7553093444ca7b3fe113a8058b7ccc636807fb |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\0f600d4b-f369-4b65-b54e-b9a78817b7dc.down_data
| MD5 | 4000302699baa335548c20843dc38d00 |
| SHA1 | 8f0c399518f4da1a85094c6b4ed6de1c23b6741a |
| SHA256 | bad6c7554c665752c27e953c3af4d92f578df22510299f33710946ba78f26d71 |
| SHA512 | 8c540a8e9b70b6cee8d83021f32f636288c35a0e3984c3272f3cff442a64eb127432d69494d4e43db44100806214987e3fe615e62fd6cdb719d4058ff0676ed9 |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\d3df10a1-4ab1-44ed-a971-71f79c80899f.down_data
| MD5 | 75aa2ff2c506f039fabc22e665e7a521 |
| SHA1 | ba33e7533dee32ba491a1fa58eba1dbcee7a42a0 |
| SHA256 | f6f2cd3ec833c2a9c6d0c22b4cdac76d1a51e951fa1d73b634778d401b2278a4 |
| SHA512 | 6e26895ff51f5b5228fcebfcc0eb2265a682f646aef48a9d2d9c642d3381d1cc71fdd2ce4f1e22b4a32223176b20d795dc85b922966ad70105340ea8fe0506f3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\51b0e21b-0a31-4fb6-a12f-bc4ea05a96ec.down_data
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\1467959b-a44a-4c77-a889-da4215bf090d.up_meta_secure
| MD5 | 67f086ee5caba72ee73c7588e5dc2550 |
| SHA1 | 7dc8a339e5fb037111d98dbda889a9872398e13f |
| SHA256 | 8120eed41f8c656e70e403648bc3f1946d70dcb58aca7aa8628f6f7895d7465d |
| SHA512 | 6407926a82d4fd24769466bee9cb24dc2ecbd02b1e0954ce27569389f3cd165ec48fe2755b58762c84e3d92bde4ab08b828ef406fa4f09eebdbe8e6ffa381999 |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\51b0e21b-0a31-4fb6-a12f-bc4ea05a96ec.8db17e5e-b03c-48a3-8fc7-7ea7bb171a2a.down_meta
| MD5 | 588942ef5d49811ccb5ba4ca40de08b6 |
| SHA1 | 038555c221fffe41fec13b38397245860437fd78 |
| SHA256 | fbcc502937b39e18226063db75bd84b264708b3e4d72d4011e98b483c0c4b8f3 |
| SHA512 | 8c4cefa50e51de6f2188908e834db8b8a69d82fe1cf7145e8a678d2ecda9ee2bdcb3e51f003e4b80974b1f39c5e9395f560009fc47085dd4a34fda88c8ff7180 |
memory/3356-410-0x0000000000DE0000-0x0000000000DE6000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\0f600d4b-f369-4b65-b54e-b9a78817b7dc.3075a43c-c65d-4afb-8bc8-f925539dbfe6.down_meta
| MD5 | 21169cce00833df9ff0fde7998581cd1 |
| SHA1 | b5ac17591e2a90ef76406f42ef14f815570e0a51 |
| SHA256 | 73f294220bb92cf6bacdf45552ebbd49cd44d4c49a53fec96c66d2ecb6a8d167 |
| SHA512 | d7859990b5b10fe1ce8888fa03ad01e52b1f143f00ad9940e257308e45afaaf94addc9dba61abdc32ccd22c7ee28696e9f89fc352b6a8b18758d4aae6a60a508 |
memory/3356-416-0x00007FF96DF20000-0x00007FF96DF21000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\0f600d4b-f369-4b65-b54e-b9a78817b7dc.bd94fb58-f202-4963-aafe-d31abdd6f244.down_meta
| MD5 | 0868edc0ae4a9503f75da5bf79a33a2d |
| SHA1 | 4ffe83377c742cd513393062761b58013fd4f737 |
| SHA256 | 72d43abd900a80a5dbf2d1bf19211a1b328eb87aac13b091396c4f76b488c80c |
| SHA512 | 5823b0e46592d411e08ccac556587224c828bc8a9db983b5a0d06513c5c63838c3e3afe7a3593e44f8cd6b677300af31c2d3d745670fbd794447cd9112b13587 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\31f93f0a-10cd-4fce-b309-3f5e11964ae5.up_meta_secure
| MD5 | a6032c7c9268437b1fd876b1a32d9174 |
| SHA1 | f805c60420b8c2aa85d864cf097bfd90d6880731 |
| SHA256 | afb221a76dca57221ff78b317e4d534960dfd04dc86371da424658da283c3069 |
| SHA512 | 90da9a334ae4ba089a7f09e6f5d6c965b8ed3d1697ec716274d79a9a0a27e9bf8fdcaf04dcfd840f8c4167dd586af6fc6772f32d2753c948415c4568d6f772bf |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\d3df10a1-4ab1-44ed-a971-71f79c80899f.e392a317-3df1-4581-89bf-30e3471c6033.down_meta
| MD5 | 5b1b72d1562c20b551fca3f33bcd8ad4 |
| SHA1 | 905f4d1a0997e6e405cc69191a909ce137d9ba08 |
| SHA256 | 9ae2a9251bba05d0e95069fda68334d6e3f1b46fbe739579233adcdafb881aaf |
| SHA512 | e9c80fe6b60bc9393d71d9e7085c04e44e812f17c72d6be6fe64744a5df58d5ed510e90f09b59f9d2055b9b241aba04b3dec2ad08c0448e90bc83330234452a2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\d3df10a1-4ab1-44ed-a971-71f79c80899f.af2a35eb-58fc-463c-ae30-6918712b243d.down_meta
| MD5 | 9c586766ce5be0d5c623b7b1ddf6f5de |
| SHA1 | cee3f2194f5fff29dbd08600f0fb98d7fb21f54c |
| SHA256 | 43b5a978838962695703af088cc97413acb3eb9f3439db801e0c92a52e562a44 |
| SHA512 | e33b8caec03f1b571bbe1c22cd78098bc3e8f403af6c5a190677008ff2f76ab15be17b95eaa44ea37dfbc01bf1ebe5702cd1643f2f91d22c6b0437ca50b88440 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\8e6c96a0d86824aef1d1d4b33d4c2a6ca5957a3ec1597fe38bf6c3011afe9c05
| MD5 | e5bfd664e79539a4eae9c5257679f95f |
| SHA1 | bcc8f59a4da340dcc47a73dd906381cfefd8be60 |
| SHA256 | d8eaa82f00f5cc2d450fb59c831f00e0de786cae523bca75b223e84ada0aac80 |
| SHA512 | aa24d9d33c8de759db4985d45f2c004cea5e9368abd31e11b12bc54a661afc0484b189dac4cdd1164dd7fc950ad7821dd583bde2a26baf02af3fda4b2ca0d25f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\963dead4f16e381ea586f8c5ede2999a518a7becee75af63eade4969e5f982c4
| MD5 | 59781bc17733ecaa80a6c8e1782edb85 |
| SHA1 | 78e0bf70b62f90ff6e4f1ae007132aec0e0f9e4b |
| SHA256 | 0257443183ab9627d367b589e13771b4aba038b445920e7f2ae4cff643f177d5 |
| SHA512 | cd6aae647dd0ed676cf03a3827789ceb4cc0b747538fb719ac5d7bedf641f511982ad7d0bb761ddabdd4114144a67ce15be045617d81e678aeced8c7768fa8b4 |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\AC\BackgroundTransferApi\7c5f0aea-cf74-4f24-b361-2ed5e6bfdeed.down_data
| MD5 | 59781bc17733ecaa80a6c8e1782edb85 |
| SHA1 | 78e0bf70b62f90ff6e4f1ae007132aec0e0f9e4b |
| SHA256 | 0257443183ab9627d367b589e13771b4aba038b445920e7f2ae4cff643f177d5 |
| SHA512 | cd6aae647dd0ed676cf03a3827789ceb4cc0b747538fb719ac5d7bedf641f511982ad7d0bb761ddabdd4114144a67ce15be045617d81e678aeced8c7768fa8b4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280815\1698858485
| MD5 | 7fb3ad70d7f5b49c48226ee3637ba3b5 |
| SHA1 | 5bd531efc014ef00a88b2f47bde31cfb48041582 |
| SHA256 | 880e1f6374b53197e4d7d9ad65e45559c5a2bd2a492564adb550f1323a611fec |
| SHA512 | 72e2024148c5aa09e643cf2ef026c4a444a20fddd2c82f5757526926339055a5212f05a6f925a9cd2af7909d92cbc33d5368eaf9d1b67e6dde6e8444f9d3dd9c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000045\1698858485
| MD5 | 65ad5a681fb06f288e81a8105bcf3df6 |
| SHA1 | 0e6417a100e43e4d6abc07e21dbafdf31151b970 |
| SHA256 | ce8c8851b168c7b057fc72dda6297422730a9999c174ec7cd442cd11f330ea53 |
| SHA512 | 0bb309c73e1e98ebea08fc47c6e21cd60600847af88db6176da6250998c6659c76f9a63f158477662b6c9bc1084f79d96049b2f251a9af38318beff2574e229b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\280815\296bb324dfcb4fd8b43088b14cc7fccb_1
| MD5 | f8841fa25ac0a36081bdf7fa6f28e748 |
| SHA1 | 7473f63364ac026d33f7d46b9a865161dd80ed34 |
| SHA256 | 2f69d8eeb451b5d8da57579b859361f8f75ff2dde0d82c4ee6ec39af9dad0c7d |
| SHA512 | d37a116f2a0414af9cb3698b1311c79ff193d15d769ab06008dcc309df78e960d623ba9b80f7e11369cb1264390d4027b4641ea044e41da948bd5ccd6641cc08 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\88000045\b78b2edf59924efe811a750fa9eec5a6_1
| MD5 | 843a4e2d66c253043b46c6f43798ddae |
| SHA1 | 3177502faf7b3b61fa954b044213d2f748082fc1 |
| SHA256 | c07ebedc8ce092868383649999dffacb0271f9e9fb07d3a8ac62ad3f58be915b |
| SHA512 | fb8f34b62d9e8a2a97588beae263765cbcc2a68d537819cc99c3cc586ad22aa2606f89bdb164b3fdede7ab85ff3326bd4975c32b47052b23b48cadfc13ffff0c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
memory/4852-520-0x0000000000250000-0x0000000000256000-memory.dmp
memory/4852-522-0x0000000000250000-0x0000000000256000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\525cd93bb393d7b0e106362f6999d7cd798420e59d97dab167ba40b862867124
| MD5 | 47b6fc8928252d3e075426156f526644 |
| SHA1 | 38a00cd13f932f20b33325cd41d17e958f8666f7 |
| SHA256 | 436e53bc08ade2db5a8aa774deac07b5c69590d7800e46f7a90aa664c7596b09 |
| SHA512 | 4dcc6a2fcf7e60b487be881219bb1ec737be165b57b1b5418d4818ba42013542d68e68d31598547c1c5451b78e72109bfe2d2e97d40f331615033dd968dc0a9f |