Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Windows\System32\dllhost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\System32\backgroundTaskHost.exe

"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Windows\System32\dllhost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\System32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

C:\Windows\System32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

C:\Windows\System32\backgroundTaskHost.exe

"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

There are 27 hidden processes, click here to show them.

URLs

Name

Malicious

http://nsis.sf.net/NSIS_ErrorError

unknown

Details

Name:	http://nsis.sf.net/NSIS_ErrorError
TargetID:	2
From Memory:	true
Current Path:	C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe
Source:	CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bestyrelsesformanden

Knsdiskriminering

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Unengrossed\assistance\Irrer36\Trasker

Gloomings

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Investigational\Phenomenally\Abortive

nettoprisens

HKEY_CURRENT_USER\SOFTWARE\Retssags\Minigolfens\Cerutterne\Pisset

Dactylopius

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common\TaskWatchdog

FlushPlacementsEventCacheTask

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common\TaskWatchdog

ContentDeliveryManager.Background.RefreshCacheTask

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common\TaskWatchdog

ContentDeliveryManager.Background.SubscribedContent-338389.UpdatePlacementTask

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common\TaskWatchdog

ContentDeliveryManager.Background.SubscribedContent-310091.UpdatePlacementTask

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common\TaskWatchdog

ContentDeliveryManager.Background.SubscribedContent-280815.UpdatePlacementTask

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common\TaskWatchdog

ContentDeliveryManager.Background.SubscribedContent-338388.UpdatePlacementTask

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\280815\Batches\1667478696\ImpressionRecords

128000000001627409

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338389\Batches\1667478696\ImpressionRecords

128000000001627409

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\280815\Batches\1667478696

LastSelectionEmpty

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338389\Batches\1667478696

LastSelectionEmpty

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338388\Batches\1667478697\ImpressionRecords

128000000000402926

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338388\Batches\1667478697

LastSelectionEmpty

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\338388\1667478697`128000000000402926`0

Availability

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\338388\1667478697`128000000000402926`0

TimeStamp

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\280815\1667478696`128000000001627409`0

Availability

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\280815\1667478696`128000000001627409`0

TimeStamp

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\338389\1667478696`128000000001627409`0

Availability

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\338389\1667478696`128000000001627409`0

TimeStamp

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\338388\1667478697`128000000000402926`0\Actions

//item[0]/property[onRender]

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338388\Batches\1667478697

ImpressionTimeForSelectedIndex

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\280815\1667478696`128000000001627409`0\Actions

//item[0]/property[noOp]

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\338389\1667478696`128000000001627409`0\Actions

//item[0]/property[noOp]

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\CacheState

OfflineImpressionCountDatapoints

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\CacheState

OfflineTimeDatapoints

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\CacheState

OfflineImpressionCountDatapoints

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\CacheState

OfflineTimeDatapoints

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\Batches\1667478730

DataSignature

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\Batches\1667478730

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\Batches\1667478730

DataSignature

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

2158c55723c14af0c30c7aafe4020aec95cb2eda148e7ca6a75034a8d5c5ae85

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

178764b5981a2aee4c1fc7d893b8a2d95269220d41eede955e9c867ff12350d5

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

32d6c3b77f79c994287f18a9e394a4c647daf89026c18d1d25ddcadc8a70b531

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

6be1c3a3d724301812ee103a5aec7433c46a3c9115c97fb13883704815c24367

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

86ff803d03a9f7dd72f32ca9f45f900b7e9007aa4de113108c9834e5cde15bba

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

d3eedb83164482c35b9bf5057a67514a6d30ccc1c43cadacc08c0526ac994779

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\Batches\1667478730

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common\TaskWatchdog

ContentDeliveryManager.Background.SubscribedContent-338387.HandleNewCreativesTask_ManualCleanup

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338387\CurrentDownloadIds

{8086b025-ce16-4435-9cc3-d2a0f33fe026}

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338387\CurrentDownloadIds

{4aa5b1fb-1301-4194-8203-1cbb67304ae7}

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338387\CurrentDownloadIds

{f9e08879-735a-4e9f-beea-148234195053}

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338387\CurrentDownloadIds

{3843bffb-4eef-4da1-af04-618c0facc656}

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338387\CurrentDownloadIds

{aa790838-db48-4eec-9b8a-be8242eb173a}

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338387\CurrentDownloadIds

{fce64348-a319-4f43-89cb-85a2ff3766b6}

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common\TaskWatchdog

ContentDeliveryManager.Background.SubscribedContent-338387.HandleNewCreativesTask

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common

TaskExecutionCountSinceLastReset

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338389

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338389

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-310091

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-310091

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-280815

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-280815

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338388

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338388

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

SelectedPlacementIds

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\310091

PreviousContentRotationTime

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-310091

SupportedRenderTriggers

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-310091

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

RenderedCreativeIds

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\280815\Batches\1667478696

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338389\Batches\1667478696

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338388\Batches\1667478697

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338388\Batches\1632305937\ImpressionRecords

WW_128000000002831129_EN-US

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338388\Batches\1632305937

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\338388

PreviousContentRotationTime

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\338388

ContentId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\338388

ShortContentId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\338388

Availability

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\338388

HasContent

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\338388

LastUpdated

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-310091

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-310091

ConsecutiveRenderFailureCount

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\280815\Batches\1632305936\ImpressionRecords

128000000001627409

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\280815\Batches\1632305936

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\280815

PreviousContentRotationTime

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\280815

ContentId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\280815

ShortContentId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\280815

LastUpdated

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338389\Batches\1632305936\ImpressionRecords

128000000001627409

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338389\Batches\1632305936

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\SubscribedContent\338389

PreviousContentRotationTime

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\338389

ContentId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\338389

ShortContentId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Subscriptions\338389

LastUpdated

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common

UserIdentity

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common

HashedUserIdentity

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338388\Batches\1667478697\ImpressionRecords

128000000000402926

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

SelectedPlacementIds

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\DeviceTokens\MSA

Value

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\DeviceTokens\MSA

TimeStamp

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\DeviceTokens\MSA

Value

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\DeviceTokens\MSA

TimeStamp

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-280815

SupportedRenderTriggers

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-280815

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

RenderedCreativeIds

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\280815\Batches\1667478696\ImpressionRecords

128000000001627409

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338388\Batches\1667478697\ImpressionRecords

128000000000402926

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-280815

SupportedRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

LastRenderedTimes

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338389

SupportedRenderTriggers

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338389

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

RenderedCreativeIds

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338389\Batches\1667478696\ImpressionRecords

128000000001627409

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

NextRotationTimes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-280815

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

LastRenderedTimes

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-280815

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-280815

ConsecutiveRenderFailureCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-280815

HealthEvaluation

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

NextRotationTimes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338389

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338388\Batches\1667478697\ImpressionRecords

128000000000402926

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338389

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338389

ConsecutiveRenderFailureCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338389

HealthEvaluation

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

SelectedPlacementIds

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

LastImpressionTimes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338388

NULL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338388

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ScheduledWorkItems\ContentDeliveryManager.Background.RefreshCacheTask\SubscribedContent-338388

DueDateTime

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

NextRefreshTimes

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

NextRotationTimes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338388

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338388

SupportedRenderTriggers

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338388

NULL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338388

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

RenderedCreativeIds

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338388\Batches\1667478697\ImpressionRecords

128000000000402926

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\CacheState

FilledOpportunities

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\CacheState

MissedOpportunities

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\CacheState

OfflineImpressionCount

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\CacheState

LastSuccessfulAdRequestTime

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045

ExcludedEntities

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045

FeedbackProvidedEntities

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045

DeprecatedCreatives

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045

WithdrawnCreatives

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045

EventEntities

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

SelectedPlacementIds

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338388

SupportedRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

LastRenderedTimes

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

NextRotationTimes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338388

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338388

RetryUpdateRenderTriggers

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-338388

ConsecutiveRenderFailureCount

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338388

HealthEvaluation

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\CacheState

FilledOpportunities

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\CacheState

MissedOpportunities

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\CacheState

OfflineImpressionCount

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\CacheState

LastSuccessfulAdRequestTime

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387

ExcludedEntities

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387

FeedbackProvidedEntities

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387

DeprecatedCreatives

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387

WithdrawnCreatives

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387

EventEntities

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\Batches\1632305954

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

LastRefreshTimes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-88000045

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\Batches\1631232806

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\Batches\1631232806\ImpressionRecords

128000000001627409

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\88000045\Batches\1631232806

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Common

TaskExecutionCountSinceLastReset

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\Batches\1632305955

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

LastRefreshTimes

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

NextRotationTimes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-88000045

NULL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-88000045

HealthEvaluation

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-338387

NULL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\Health\Placement-SubscribedContent-88000045

NULL

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ScheduledWorkItems\ContentDeliveryManager.Background.RefreshCacheTask\SubscribedContent-88000045

DueDateTime

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements

NextRefreshTimes

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

e4b6cf7835c0c61248be30e9e9baacb20c910d31f24fa2476cc35ab2c9acbf4c

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

b676c9116b9d2b1bc57089f522ce3b52b9a6c056406b202e6787b5016e9c1ee7

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

a05ddd36a35d41d8407134ded41b831916b63e04ccbdc3de114173546de66693

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

add4030fae0a96ceed0ed5039e46b6296e894fb2f988c98e4e9808b37b6bc5e2

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

feaf479fee2db539bb09977f9fa4c4d24d0fde25baeabb179e9c56c329739841

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Assets

66b709cc80355e2d89ab31396d3ba991c013e5bb352f80dbf3b8537f5cd01192

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\Batches\1631232806

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\Batches\1631232806\ImpressionRecords

WW_128000000002396809_EN-US

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\Batches\1631232806\ImpressionRecords

WW_128000000002364389_EN-US

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\Batches\1631232806\ImpressionRecords

WW_128000000001729149_EN-US

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\ContentManagementSDK\Creatives\338387\Batches\1631232806

BatchState

\REGISTRY\A\{636c0231-0539-21c6-b16a-a85938a8f88e}\LocalState\Placements\SubscribedContent-88000045

ConsecutiveRefreshCacheFailureCount