redline | 4800cf79909781a700562ceba03d2195ecc0aa2bb7b2329fc756fd3970e61f38

Analysis

max time kernel
90s
max time network
109s
platform
windows10-1703_x64
resource
win10-20231129-en
resource tags

arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
submitted
10/12/2023, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

launcher.exe
Size

289KB
MD5

fe4253dbc0ad533dac846c3f2a5aaf32
SHA1

c8d71e7ee6a1a0eabe1b2cfd5f4b9c88b53e3be9
SHA256

4800cf79909781a700562ceba03d2195ecc0aa2bb7b2329fc756fd3970e61f38
SHA512

d75525626651194e849c81440291863e869ae95ad73a319ee6fce87fad79d150cf78bedc5431b87af91a27b568912159e46d7a88fbe4f35273fb639a9ebb8b74
SSDEEP

6144:u4KPhKmuec2++5J4+XK5kGGsdN8AXAuThtK1:u4KZvu/2JzK5hGs78udThtK1

Score

10^/10

redline discovery infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

45.15.156.142:33597

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/memory/3012-1-0x0000000000520000-0x000000000055C000-memory.dmp	family_redline
behavioral1/memory/3012-0-0x0000000000400000-0x0000000000449000-memory.dmp	family_redline

Modifies system executable filetype association 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}"	OneDrive.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileCoAuthLib64.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel = "Both"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\LocalServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci /client=Personal"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32	OneDrive.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	OneDrive.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	OneDrive.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	OneDrive.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000"	OneDrive.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{B05D37A9-03A2-45CF-8850-F660DF0CBF07}\ProxyStubClsid32\ = "{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\VersionIndependentProgID	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\odopen\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\TypeLib	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\TypeLib\{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}\1.0	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\TypeLib\{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}\1.0\FLAGS	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7}\TypeLib\Version = "1.0"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\ProxyStubClsid32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\TypeLib\Version = "1.0"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy\CurVer	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\ProxyStubClsid32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\ProgID\ = "FileSyncCustomStatesProvider.FileSyncCustomStatesProvider.1"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\FLAGS	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\FLAGS\ = "0"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\TypeLib	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\TypeLib	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\TypeLib\Version = "1.0"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\FileSyncClient.FileSyncClient\ = "FileSyncClient Class"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\ProxyStubClsid32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\ = "IItemActivityCallback"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\ProxyStubClsid32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\TypeLib	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\ = "FileSyncLibrary 1.0 Type Library"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\ProxyStubClsid32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\ProxyStubClsid32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\ProxyStubClsid32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\TypeLib\{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}\1.0\FLAGS	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\ = "OOBERequestHandler Class"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy.1\CLSID	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\TypeLib\Version = "1.0"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ProxyStubClsid32\ = "{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\TypeLib	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{B05D37A9-03A2-45CF-8850-F660DF0CBF07}\ProxyStubClsid32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\ProgID\ = "FileSyncOutOfProcServices.FileSyncOutOfProcServices.1"	OneDrive.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_CLASSES\ODOPEN\DEFAULTICON	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\SyncEngineCOMServer.SyncEngineCOMServer.1\CLSID\ = "{AB807329-7324-431B-8B36-DBD581F56E0B}"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\ = "IFileSyncClient"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{0f872661-c863-47a4-863f-c065c182858a}\ = "IFileSyncClient4"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\WOW6432Node\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\TypeLib	OneDrive.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
396	OneDrive.exe

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
3012	launcher.exe
3012	launcher.exe
3012	launcher.exe
3012	launcher.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
396	OneDrive.exe
396	OneDrive.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3012	launcher.exe
Token: SeDebugPrivilege	4708	taskmgr.exe
Token: SeSystemProfilePrivilege	4708	taskmgr.exe
Token: SeCreateGlobalPrivilege	4708	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
396	OneDrive.exe
396	OneDrive.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
396	OneDrive.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
396	OneDrive.exe
396	OneDrive.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
396	OneDrive.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
396	OneDrive.exe

C:\Users\Admin\AppData\Local\Temp\launcher.exe
"C:\Users\Admin\AppData\Local\Temp\launcher.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3012

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2528

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s fdPHost
1⤵
PID:2084

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
1⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:396
- C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
  "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart
  2⤵
  PID:3148
- - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
    C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode
    3⤵
    PID:4072
  - - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
      "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      /updateInstalled /background
      4⤵
      PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncClient.dll

Filesize
219KB

MD5
26cba39a5a9736899e63c71be55bd9ac

SHA1
f3c0454554c22397b62e25ad8b10af08073a453a

SHA256
ceea2b72e79cc38a1b2508c11422ffe8bf70bc45c378650230fa7e0f83b06e5a

SHA512
e29539c060feeea35c9fc32734f4d1eb80672150606c0dd836cfd2d6f62c08f558ccf6084a77b182daff99a79a02b89aaf3659db7e7b51990504c8b972796867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

Filesize
189KB

MD5
33e5e2c5b1a3b8e0e5526aa2f5d2e9cd

SHA1
e1fdd8894e3619843a4ee2530516a7699c82af84

SHA256
6ab16a850399c4557ef0f9a84a83f87c78f6f2390191b05a11bf40970eda19e2

SHA512
f64cb140d7ee4166a5fb00c14f0363e27780ca0e4eb6e85cf6c585356252e713a6f27eeafd597ff698bd07e9eb0bf48f0887032299b2284df5bd620c92a0273c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncSessions.dll

Filesize
202KB

MD5
2fda42b49bf5f10c1daf95adc46ce71e

SHA1
66255def40032424257ccb10d7ed4f5579025863

SHA256
19edfae014bd5346e12d969e5300d663bc89976abc177559a4f2cdd591362803

SHA512
7c4789ec0c9dcf731f5252e69870f2dc877ed9f8dca532dfc2f69aebf4f8d004100a5a263e9d8971afeb4856afa90e89de739c4e4466c6b2822043d4fd4a8852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncTelemetryExtensions.dll

Filesize
58KB

MD5
51b6038293549c2858b4395ca5c0376e

SHA1
93bf452a6a750b52653812201a909c6bc1f19fa3

SHA256
a742c9e35d824b592b3d9daf15efb3d4a28b420533ddf35a1669a5b77a00bb75

SHA512
b8cfdab124ee424b1b099ff73d0a6c6f4fd0bf56c8715f7f26dbe39628a2453cd63d5e346dbf901fcbfb951dfbd726b288466ff32297498e63dea53289388c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncViews.dll

Filesize
295KB

MD5
6839c5f12b5351506d4bd75b4bee0a67

SHA1
98234d179ba704427bed07dcd525d81ce6c06217

SHA256
bca8212006e0c85e6217b45b728bdc99ce4b52d1d6d0842a609eccfb0322b463

SHA512
82294c3770ca943f01c84a24608d19f4a4a334e80e55a8ae0a2af20f21e236d727292f499c8e7015e7733595d9cd550880ad8e4a3a4d37efb21fa9a37c8dfa20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogUploader.dll

Filesize
266KB

MD5
ca4f43e69acaea8f2eb71d4a3a3eaeea

SHA1
48237115fafb867a0815a4c5a6aedf1f82cf3abc

SHA256
9319ab1aa15be3ef2a78cd3c2bedc8003f51b17ed038a73e727856b080734690

SHA512
eb12820d28b4d09477d3763e1cf1cfb243dee063cd6579625c36de55a0a1fb68b689b358739983e96b16b1358c2989e6ae4d1f715d63f3acf246b889dc02af89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.DLL

Filesize
116KB

MD5
1ae953ac32447ed59fc65cf9314acada

SHA1
e5db9b20a11d4af6a24afade57dce86ccf4fee41

SHA256
d88ddc00a8d6979c4c71ca6231c8b8343e4c88bdb6aae73c6d7d4504ccad0ac2

SHA512
46ac2172733e8debcde9bebeacfb74fbe8e232f73744b337918a22722f9e15978373710f9cbb41e2b27d82af4ccd19b8dd7df793c66e95a959d145e6fe6d6ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

Filesize
1KB

MD5
72747c27b2f2a08700ece584c576af89

SHA1
5301ca4813cd5ff2f8457635bc3c8944c1fb9f33

SHA256
6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b

SHA512
3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

Filesize
1KB

MD5
b83ac69831fd735d5f3811cc214c7c43

SHA1
5b549067fdd64dcb425b88fabe1b1ca46a9a8124

SHA256
cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185

SHA512
4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

Filesize
2KB

MD5
771bc7583fe704745a763cd3f46d75d2

SHA1
e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752

SHA256
36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d

SHA512
959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

Filesize
2KB

MD5
09773d7bb374aeec469367708fcfe442

SHA1
2bfb6905321c0c1fd35e1b1161d2a7663e5203d6

SHA256
67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2

SHA512
f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

Filesize
6KB

MD5
e01cdbbd97eebc41c63a280f65db28e9

SHA1
1c2657880dd1ea10caf86bd08312cd832a967be1

SHA256
5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f

SHA512
ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

Filesize
2KB

MD5
19876b66df75a2c358c37be528f76991

SHA1
181cab3db89f416f343bae9699bf868920240c8b

SHA256
a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425

SHA512
78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

Filesize
3KB

MD5
8347d6f79f819fcf91e0c9d3791d6861

SHA1
5591cf408f0adaa3b86a5a30b0112863ec3d6d28

SHA256
e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750

SHA512
9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

Filesize
3KB

MD5
de5ba8348a73164c66750f70f4b59663

SHA1
1d7a04b74bd36ecac2f5dae6921465fc27812fec

SHA256
a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73

SHA512
85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

Filesize
4KB

MD5
f1c75409c9a1b823e846cc746903e12c

SHA1
f0e1f0cf35369544d88d8a2785570f55f6024779

SHA256
fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6

SHA512
ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

Filesize
8KB

MD5
adbbeb01272c8d8b14977481108400d6

SHA1
1cc6868eec36764b249de193f0ce44787ba9dd45

SHA256
9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85

SHA512
c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png

Filesize
2KB

MD5
57a6876000151c4303f99e9a05ab4265

SHA1
1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794

SHA256
8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4

SHA512
c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png

Filesize
4KB

MD5
d03b7edafe4cb7889418f28af439c9c1

SHA1
16822a2ab6a15dda520f28472f6eeddb27f81178

SHA256
a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665

SHA512
59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png

Filesize
5KB

MD5
a23c55ae34e1b8d81aa34514ea792540

SHA1
3b539dfb299d00b93525144fd2afd7dd9ba4ccbf

SHA256
3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd

SHA512
1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png

Filesize
6KB

MD5
13e6baac125114e87f50c21017b9e010

SHA1
561c84f767537d71c901a23a061213cf03b27a58

SHA256
3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e

SHA512
673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png

Filesize
15KB

MD5
e593676ee86a6183082112df974a4706

SHA1
c4e91440312dea1f89777c2856cb11e45d95fe55

SHA256
deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb

SHA512
11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

Filesize
783B

MD5
f4e9f958ed6436aef6d16ee6868fa657

SHA1
b14bc7aaca388f29570825010ebc17ca577b292f

SHA256
292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b

SHA512
cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

Filesize
1018B

MD5
2c7a9e323a69409f4b13b1c3244074c4

SHA1
3c77c1b013691fa3bdff5677c3a31b355d3e2205

SHA256
8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2

SHA512
087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

Filesize
1KB

MD5
552b0304f2e25a1283709ad56c4b1a85

SHA1
92a9d0d795852ec45beae1d08f8327d02de8994e

SHA256
262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535

SHA512
9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

Filesize
1KB

MD5
22e17842b11cd1cb17b24aa743a74e67

SHA1
f230cb9e5a6cb027e6561fabf11a909aa3ba0207

SHA256
9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42

SHA512
8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

Filesize
3KB

MD5
3c29933ab3beda6803c4b704fba48c53

SHA1
056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c

SHA256
3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633

SHA512
09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png

Filesize
1KB

MD5
1f156044d43913efd88cad6aa6474d73

SHA1
1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26

SHA256
4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816

SHA512
df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png

Filesize
2KB

MD5
09f3f8485e79f57f0a34abd5a67898ca

SHA1
e68ae5685d5442c1b7acc567dc0b1939cad5f41a

SHA256
69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3

SHA512
0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png

Filesize
3KB

MD5
ed306d8b1c42995188866a80d6b761de

SHA1
eadc119bec9fad65019909e8229584cd6b7e0a2b

SHA256
7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301

SHA512
972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png

Filesize
4KB

MD5
d9d00ecb4bb933cdbb0cd1b5d511dcf5

SHA1
4e41b1eda56c4ebe5534eb49e826289ebff99dd9

SHA256
85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89

SHA512
8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png

Filesize
11KB

MD5
096d0e769212718b8de5237b3427aacc

SHA1
4b912a0f2192f44824057832d9bb08c1a2c76e72

SHA256
9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef

SHA512
99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\MSVCP140.dll

Filesize
185KB

MD5
d9b3bd235e88595c353544c7bb9576e1

SHA1
ce23ecb63f52c2e33f3c04d852ab35184d980655

SHA256
3f8c4dd8a6727da424edd2cbc801c5874c9adde200a901704dfc2131e0cf5d1d

SHA512
c7c6c6fe6ff2fd2fa6213c7dad60d63a4790eed84ee03e0cc1f521f385c39ce76d23fdddc38baf9b27564c2ed66f98a029cefb40f8882a9f73413edec11b0fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml

Filesize
344B

MD5
5ae2d05d894d1a55d9a1e4f593c68969

SHA1
a983584f58d68552e639601538af960a34fa1da7

SHA256
d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c

SHA512
152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe

Filesize
365KB

MD5
92e8fa699d0b0dc8d2ad4eb14391bb3b

SHA1
afefe76b8ff309323b07b407d4fddf4699962f68

SHA256
6cb7368f87bea014d7f73c0b8abd8ccd24a6bc181fdb65746ced6004b376ed16

SHA512
d7ae70d0f19c88e38dbd8d16e4213816bb0c75a45e282d4731ff86977b78bb7e6a15b034a5c0cbe59c86da30a18a01af6e3f060365c838ef14c20478fd21331e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe

Filesize
157KB

MD5
bd727514469a8284777899335d693222

SHA1
60905e5936ed079afb77ca387ffc5049b1544cc5

SHA256
3725e0a8214c798b8aac87f5d2bbd75b4fc9eb396b4de49923e15e85cf1cbaca

SHA512
8a48aa8a65d630ff9ea716beb2a46d4259dd0c23254c86dcbcd6fbfb6b0828fd3c2b1384b7913bfa9486262da255cd81d21ddab206251d85d0f27437917f2ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveTelemetryStable.dll

Filesize
226KB

MD5
cee7689e9cd2998ab2d34df4aa122b06

SHA1
d2a5525416251742023a8edd7882a361421539d0

SHA256
d4f79fc3d5e27b11a2a52aecc7e38162557507a4d4111726cfe2183e3f7d7995

SHA512
4da3f92eda056abc4f99c3a53d7b62a16121a50c5d633a63e93808b169e4db0040ed4df46506030f7bb4b20b571d121cdba1b25416f78be21cd69db1de8e2fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Core.dll

Filesize
28KB

MD5
7fbbb421032bcf4769cea9446213a6ae

SHA1
09a14060638b11d1e1af19e2f447118a9a73e0c8

SHA256
05fd6a14a439d38e8ffbcf60d8cbce1c5c5aa2b6c78b7e34c65a122b10daa8b6

SHA512
8aa6e1c02a3d72a4a04f17517ef9986be481112ef8e65efd1ef3b4502a8df3557cbf0c6f90c19cd3caf5bc317a34272c68a6b7c6af21de9ac705bcc6e8a30479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Gui.dll

Filesize
252KB

MD5
c45654bb8c8803b3f0a7f6966ee54662

SHA1
008d5cfe73753ecad965e7bf6c2e32805c6fd666

SHA256
c4f2e199b7107be39b6f4ac2b3a039a07ac6f29253eb25a89f6a79df66d4cc71

SHA512
9d8499f94276dda39143551d1fa7da552433a4af8e26e940ebcb7bc8fe29913c8c9054bde0d27516f9f9f31d222fcbcf8461789d118689c545e371cb63944acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Network.dll

Filesize
107KB

MD5
ab64f91c9638688c1a4ec8303e1263ae

SHA1
fef6d084a66d67139b929d765e179a8195963537

SHA256
e48d3cd78ad037195426f24bc0228cd6314e7e7bc35bf2c7de90bac6b712a986

SHA512
24ef7e7deb409da5d10f9663c8e24080fa2294d16c4bd5b5e543e07eee6e134bc3b07865368337fa5d3be4ab461e951bba58b034cd27a8196513674826fb3266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Qml.dll

Filesize
203KB

MD5
da27b6298f6f9584cd738d3cacac0aee

SHA1
83e21993dfc803bb7b0f01b684ee6fdb0bbbcd56

SHA256
e79992af8b15e8c31bf6bea418dd542190ca0099c42b79f0ae88eaf1c2c56719

SHA512
dface2268c1e60508fed4219f1b04e7e874cb7a1e2c84236f20bebc0710fc74aba258347675bb18833a3fc82c1f610bf347a18faf67c614b51697e6da27c02c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5QmlModels.dll

Filesize
14KB

MD5
ea1bce8e43f4c74061047cfd6a4eee21

SHA1
30ba4ea3effce5f003c65d8ef3c189b9578fe83c

SHA256
36384a5045e62ebe48b25303a37870513360b49a0b1cfc7f48be2c86c0abea74

SHA512
7155d82ad98d956ac3dad240571bea64dcef4285acd95ab0b3c4ce69ae85d52c1f2a701722c812766e8677251efbf4186f34967a13b06bf9ba3a8b53361f9bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Quick.dll

Filesize
253KB

MD5
4ba8fb11e53d0b36857a708d2cf39eff

SHA1
38f4da554a5012ec4ff07d6cf9df50cd4c71a8fc

SHA256
f69d454249d90ff15c71beb3408a752f90917427e5bb4e2051770fd9d08d5ccc

SHA512
f6eb541573e1ec963ed8658910048b1aaafd64f4b0e4b9c4c4954a25a48bfe2325ad64fa8dce0d6162228cf638afffbb7912c5e9e1fb93e92f6031341c41a9be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Widgets.dll

Filesize
186KB

MD5
cc2d1768d9ec08dcc6b5765c88ce5868

SHA1
a9e9ef5e2244ca15c114c561b0c17c41fed566b0

SHA256
d604f3fbc205d0cf488f8d1a2d514c13590891735884710c914e14df4b27ff14

SHA512
936afa4e2564be92aa740a299a6cd983347d41ad1a81f8d239cd28df02986197b9ffb4f627b2cfbfc66d9304fa402e253257afd2b16832577b881882a8d348ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5WinExtras.dll

Filesize
199KB

MD5
e94c89df4aab6ecc5c4be4d670245c0a

SHA1
4d6c31556dbdbee561805557c25747f012392b65

SHA256
8bc10ab2b66a07632121deb93b3b8045b5029e918babc2ee2908a29decdab333

SHA512
3f42f9eadc0cbebc8e99ee63761aadb7851572b3600197514febd638455b34ee9075d4ec36eae82b2786877f06ebfade73735e3c9d3232fcbb66bed55b96595e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri

Filesize
4KB

MD5
7473be9c7899f2a2da99d09c596b2d6d

SHA1
0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac

SHA256
e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3

SHA512
a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\SyncEngine.DLL

Filesize
170KB

MD5
27db1a537033823b32c64f2a3974e027

SHA1
6dfdc8d4e3524e4dc4c2cd5f96b73b739f201edd

SHA256
12fb95a3ca8da4d5874d387de9783d4e3191b97aa1aa832ef4e59f1bc0bcefeb

SHA512
16855d7e4b7413a86792fbd0cd745da1c5629d03b1a3aa867b3045b2864670e45e0c0aa4bbede6deb6b41af1894ae7e298f77830a62181c5fd1df890e6340bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll

Filesize
241KB

MD5
6281f5ccedce63342446be05dbbdeaa2

SHA1
6e923d4f54a179876cff32c05f0fdd8c08dfed8c

SHA256
757e709657ecb8135ed01d83d2357a2f4509455024922c43ea1b5d65a7ca0881

SHA512
1a547d29c228111fdd77b8231c2bed514539671949b1d7de6996ba9a5fd879184562d304c04fae0ba64ecd2df2a614b8e7a8faf2e1dfaeb1920a95ecad79624d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll

Filesize
251KB

MD5
a8f79351178f73ad33e44fa0bf87b1a8

SHA1
25ec64a74056f1d521aec7fea0bf76113ee62755

SHA256
017cedd2cf7025e4858c54028b6e6fd828dcfc5c15dbac5298b03c8a682796bc

SHA512
0bb0a265a64f691fd746b2ac506ecbe2db7ecad8351c75a2a59c433dab3511d6b3d0f7d4ee6f9d56acff37894a4ab2f6a9a8e77cd1a0e92d6640bc46c757de15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\WnsClientApi.dll

Filesize
217KB

MD5
57d130dc868cd54feed9a191bdd8e665

SHA1
998954ce53cc8adcd1fc82431edecd3b7591bf42

SHA256
8cd3ecd82c58defcb5c7d97a16a7b161b183356916465085575593e332bfe537

SHA512
ef55d902edd27af49e257925d31001dc4f6535bbb504450230ff5cbf873efb923906b3b76e2addf37736211376a61ab6a4ac4028607eaf5819a16061abf6e034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\adal.dll

Filesize
248KB

MD5
5d663901cada7b958237cb5a59887c49

SHA1
aa1c40af18676c0385c860b2802950f29734bd51

SHA256
25f2fa844935e7fbd724227dac2696cbf56fca9ca9576b54e8c7bbe0d5df785e

SHA512
db469863a85e51649d20c72c2551739a05e738f5558a23fea0442015d00a306230666e3dbebf18c247b9facd3d9a03e66e120f02739477067456ba314848bbe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\libcrypto-1_1.dll

Filesize
362KB

MD5
7eb8d3c98bde63843486c9cd9bb0cab3

SHA1
2a1fc8d73f52a4e8325b5b74ccf8d4d8502fbed1

SHA256
94a7026a88055b09256ccd8c550123407fe73faa19eb97655bcb64865ca33e1f

SHA512
e5501b543b1b876fa3622a6db9419ae4641bfd13a3e49f86e56855408fae875fd971aec218129657f0f3dc1bafd8a5d6e3930933453be74dc35691b4d42a18ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\libssl-1_1.dll

Filesize
14KB

MD5
14ca297dd19c7ef945890cdfb687a113

SHA1
fd5a028eb3b23a5cc46d8ce267165d3804312f9a

SHA256
af734aeb88f9c05568708e94ad19e157c68e68d4bbb30c97690eb5bb87b31b55

SHA512
7ef9d248c5b039040f9ebcf91e0f7fc1eabcaa2675dc3f4cdfae78fd28f88230e6d3da6faf9153dd4dd8942ff903939f3995532e1f5d5f41442dc06a5b5aca48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\ucrtbase.dll

Filesize
225KB

MD5
df9dddc58e9c99496e2048adb42c42e8

SHA1
f8bdee30614d6612394e96ffbad35ffdd12a8943

SHA256
b237b124258d6171f113a4202595ef2a4a15375764eaf46d93f09e8b1419637c

SHA512
7f5912d00edeb154fff47d433046ae5970dbdb7d6ebf6973b29ed36809fb450be16e5dd4b047da7498391c17b07a3475d0e877e19494d81b37b7ffa028bf5f38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

Filesize
98KB

MD5
550456c5c0d66baf2ca74e68cd675042

SHA1
4e02e30fd5bc1a9b3b99c686abcfb040c8a6c927

SHA256
db766a6fecc6e647b6915092d639341b68c75a890a472fbce45ada2c058eb6f2

SHA512
b77ff6699fb9cc729211eb21b1e8727a898157dfa9199218684fa35c228980d1b96b204817d6fcfb3c65352ead7d80641190e6b3c50456dd28c7262f33c388b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

Filesize
1.9MB

MD5
26c5a7abbfb56e6f1df160f96876c2d5

SHA1
d4d84505d42e026299399043198590c2fa002e40

SHA256
365fb4f7276f460e9ef22b614ad302043dcdbfe73502b8782db3ff805c44e393

SHA512
c2b22512a852545c657cc9eca6a0cf98d202edf7ffec7c4ab66a30d7fd3c5a56f2740fd2e6aae3749ed609e449d90c11e3bc55f6e403799e11695f3f62fb58fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

Filesize
1.6MB

MD5
cd513f59037ee89c96897b2cd3c92f9b

SHA1
100a05a23a5074c9088993ef90360a675f257081

SHA256
be9f709acc7e52ebad34c3cef584c8aa0e982770857b1a259af3c1edb7ad4585

SHA512
e408806b4aaa4f4f80159c658f1ac169a2e3b96dc86f6a76b14e3d5e9568d75f1b6c394e7dfc3bc9a553d1556a122e6fd92a695b5327668965104473418a3c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

Filesize
292KB

MD5
4cac811d10dc4b58517757f5db931384

SHA1
773e954acd000fbe85fcc9c705ef6fb58af470ac

SHA256
6aca9ecdd36ca839527d91474995e705c9ed5d67d6825aeb9a88688d953a3e62

SHA512
e281af3f9380f122e5d95cc4976204611b28295e2f6c0525cbdaf8f418fc7195ca8b8a540a4162bc69a13737525213bbf8226133b6c1347c75bcf364c0047d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

Filesize
38B

MD5
cc04d6015cd4395c9b980b280254156e

SHA1
87b176f1330dc08d4ffabe3f7e77da4121c8e749

SHA256
884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e

SHA512
d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

Filesize
108B

MD5
14c444328e28f7df12ea9139ed00d1dd

SHA1
422134114365c76a2d78a425f302922b9cc85a29

SHA256
350fec608ec2ad817b25858941481c525f37f4e0fd73aed6544f3db979182018

SHA512
addd6e740c4e3d9adc7b2e847126da070415d0d1b391fce518114f0aab4e037c3ff6fe679b190840bf9001d1993939dbb5a172ae211d5a1bf46d8ebe884d0f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json

Filesize
63KB

MD5
e516a60bc980095e8d156b1a99ab5eee

SHA1
238e243ffc12d4e012fd020c9822703109b987f6

SHA256
543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

SHA512
9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini

Filesize
77B

MD5
4af2b6584877e1f4dd0e45d227219fe3

SHA1
8a9b6c6b74a531e4bf34e5bc9f36f087a3c3b21d

SHA256
d3f1e10b61fae49f5c25eb2c0a5d113e5c69698005a3d0584093b21531334066

SHA512
d4ec326127cda933cf7eb1bba392fe150e9636ec33147bb990a4cf563cb2ded11c5c4aaa951f48755ece10a54a9f2978f7b163fc0aae6afea2c2f31ea0676cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\49P0TSSQ\update100[1].xml

Filesize
726B

MD5
53244e542ddf6d280a2b03e28f0646b7

SHA1
d9925f810a95880c92974549deead18d56f19c37

SHA256
36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d

SHA512
4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\aria-debug-396.log

Filesize
470B

MD5
788d539335211243ca79d2a5a9d8b4b7

SHA1
3e0bae2a869bacdbf82652a6234c86501f540eb8

SHA256
26d8c92b7985efcddf0cdd39e6f002e540b5c4fee09940c508f9b0a609c820bd

SHA512
36e7515622048381d0a787dfb04252aee4360f5766f1e24ccafc7b476269f9c8e4bae5b9ae18d109dbc40efcaded4d6fa449b16c046ff8624ba35f2230507045

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF19.tmp

Filesize
1009KB

MD5
f0531ed273c3ae239bc690368bb5fc6f

SHA1
0d4b3ca90ac56aedfbe9651b1cf0adb4c1d96e9d

SHA256
89be19f2dd4415d78ea1ce7ab99b7f5b021b6d975c818b73e3465741ae863380

SHA512
73c07ddcf961532ada090ab47f745abb1a21aa6cd0ae5037fecab9446382045e141cc7684b397b921ccb1a6ddc09dcc6f2fab49b7fb92a3839f4e87333d4a0bd

Download Submit
\??\c:\users\admin\appdata\local\microsoft\onedrive\update\onedrivesetup.exe

Filesize
1.9MB

MD5
638763e45fffeee494d0f645a0da2b63

SHA1
293e7930144651a3be8a6144ae355614746b645f

SHA256
d96b3bd7113c8f939efe03a71b37883c12a4d6da11dfce067c9973d9329a5d25

SHA512
9e2ab836005e8bad7b57a4d8e0c4575fdc1c04fdf0a5fd54b59b4a1164ae0867e9873184eba7ef4cc7bbbd77cd51daec0ec6746bdde398f068c31cc367595afb

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncClient.dll

Filesize
245KB

MD5
a6cd6582aa6f723c23c4adcc2f4753d1

SHA1
a3311b125b78f904806b64eda1b2fbf9b3da429c

SHA256
ebfb95fe7a075ffc8365e1ea9529a5547a8e9e4149fadcc960f39cccf7f93a0b

SHA512
58f07d76638df631769537c23816bdc66e94f61f56840f811c5ee66a12159213f278e22ef12f11782c93d50d2308820f19c6f4f56389808ff72e5d26149cd004

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncSessions.dll

Filesize
201KB

MD5
d7b19f561da91d520ca553384e72aa00

SHA1
0dba1d15abd78b4aedf95db5e94b9d2376f3c07d

SHA256
ab4cc2588c4aefd31651336e91b0e74cc11c59f3beb51e62fe2af4218f2b183d

SHA512
099b5a75e7a212a32567d58184c68dc36e65ac55e2e4f7fb108ab5f29fb4a627b35688a7b15fdc8c4073df4092f3f24d3ebcf3acecaaf4d487f21d995ae8807a

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncTelemetryExtensions.dll

Filesize
52KB

MD5
9d8c4ec85a32643de38ab932de9041b8

SHA1
1ff0dd3c3a88b1236278ac19db8d17380e15b1ea

SHA256
67942d3fcc90e73dd765b650c7ba93a7aa0cd1b80d1d6d87c8702c87ef6c562c

SHA512
d59fe1f459e0b4380348bd4b580591f43a4dc76fbae1e29618276025350b95d584687b19b13eafa3f1bf840090a8d02682a7bf551a621ceae26065608dae8101

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncViews.dll

Filesize
178KB

MD5
0cad6d2e3c172fb4c4a879a1db020abd

SHA1
6234872422f46234367878b05c1b684b1487de0d

SHA256
770a32c5284fffc6bfb70e6f514a803c29068e2c256437ad41249955084e3767

SHA512
f06dd3c05d66c9f5df8f681f3373019b35e0c5ec823fce96092475c9e213b5cda00a1ec044b23aef6271cc6f56863d86196a548994581dde9cf629f851c3f415

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogUploader.dll

Filesize
86KB

MD5
fc2b0570a5f6953dd36e38424942a66d

SHA1
7afc295409935086d706374cdbd19fe00b24c325

SHA256
e2e9c6b02695886d4c3e7735731ea75581a2727ef22b18ba9c819b7416918c0a

SHA512
6e6df8f5b3944c5b7d6af9891a6d50b8fb36e7065aea7482b1e12ef9d9138e69b10dd2ccf1868385b96eb29c0703f905b325f2a09958925abea3b38ecc2f3774

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.dll

Filesize
226KB

MD5
355c40d0de514ed3f36921bb7f217cd9

SHA1
1463a9b1b37f013bdc7cef732d28690c0219a19f

SHA256
a6c1a49d8b34ddc4cb4a33235a3dd7fbf63961ffb5529a209812e299129fe273

SHA512
c6f8c06b6a2fb09f93989c0213d378b4a1f5826f51e350e9e52a051ecb168082bbf4d367072427a71ebf4fb9365b50fae525847d6502837d55b47778f292e3b9

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.dll

Filesize
227KB

MD5
2d1e26dd44747a775cb9a33305d1c643

SHA1
f126437f4fc5e6c1a31b46e4308e1b732dd210ff

SHA256
427374e00b930361ae7a91b36d76041373e49e580f9fc9898f7fd61ccae3c37e

SHA512
4e795fc34cebf7c16ba5b4580fb862afa0639b1e1beca6534bd99b12fba31dc94d7233eb2f627f91eeeabc9b1b7f3a74dd3e95fb377946e335d470565a546654

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveTelemetryStable.dll

Filesize
241KB

MD5
e27c9c50a3ba9d89b5ced81280193bd9

SHA1
aed210dfac61f42fbdf522d722209e27075ff514

SHA256
5162ff4bb90754bc588c74e2f18fec31cd918339f6ee22e2b5649f03228dec0a

SHA512
5db63db6b52a47ba12bbe7ccad0378b7cb80f77e9be9d02934dc0fe4ddc2810ae404c0735e3ce3b155ff24a384a659798b149cb4396ac9c1c28da6fabc9bb0ac

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Core.dll

Filesize
188KB

MD5
37fdc47ed771b8f6a2fec1c9d8602423

SHA1
a2b9770fc4d3aeb65f6b654e9f7913b8d055da5e

SHA256
38ae3f91d3e26327cf19a443c6a46f09b59d82b7d97e7f19a043108098ed8b9d

SHA512
553eafdc46e430ca51da03452c063576ac155ac9410abcc98407e27bc83fa1792b54e69a37b34cf9886b64a4e19c0aeb83c562f0d0337aa7f2121f37b9e390f5

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Network.dll

Filesize
31KB

MD5
9ad3dbb4018b0bfee052ef28b957bfd8

SHA1
c2c3448c49137e51bf208e8a67d4133a8f442299

SHA256
8d432df71b427dc49c89486ff83cdf9db5fbc583a62bd0605bdc074bb5f3767b

SHA512
12dcdd18ee416a3e55c27144c38fd7bb8f01a47310f2e9dc288540a1fc8b1315daeb8a556bdcf41b9ddb3f72ca19e6690a9acf15b07b25d5c99b1817686803c4

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Qml.dll

Filesize
141KB

MD5
e151f48254ebb3062631aed39c2aa147

SHA1
e6503323f616d046be1b63aec755005bb9790a80

SHA256
ae4938be3d0dd43671c1dacebf189f71b0cbf2b11470cfa20759345f332a9936

SHA512
9a126103cee5f8872eca8b17ccefb3a06860984ba6a5a951855b763a4edb8d05dc7e72bf9e90e9a568aa8f14e731c7db4847cf50ec2170e8594b1571f9435cac

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5QmlModels.dll

Filesize
26KB

MD5
d12dda20e1bb286e9f8788d0174ff294

SHA1
6f924a4ea065da3f406c3f5b7b9c2e893763661a

SHA256
83cffd6bdec2398c8cfffe2f2cc6b9d5f00e8fd0bf54a70366532273c1b520b6

SHA512
48a588658b672add17ccfcd4b6aad18691853c27e0111378aa33fe4db18630285eb73da07aeed15a545853b1f6325e37df57c9e6ac574bff20b217fb57902458

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Quick.dll

Filesize
94KB

MD5
d104127e0a77d81457e7778709fdd903

SHA1
20d4f8573a60f1ac1a8e71ed0d5ae4243e69f6f2

SHA256
4d8c71c97247860bc014a87a565885deee465d85ba15c8c0316151a19a9de8c0

SHA512
2b957e94bec6a3dbeb49b01d4edf81d7c0be387dd746592dfb4ac6df23d974cff3dd8fff28e255d690d6fa6315e7b174cb1de9396f772e44abfbec560da08a7c

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Widgets.dll

Filesize
148KB

MD5
3df2eabde6ef6488e6d77cd0e4320b92

SHA1
38109fc2355221518b72c6f27dbee2794d13d1f9

SHA256
86293ee7598f55ecfe98eace81b2dfea157143afc2bdfecc76f780e062ddc105

SHA512
2a1c1ee92fdb5fd6c5cee248a3aa511517346fd2592db434b57dde49fc79bed8efdeaea2992cc16de71cd2bfb23f8fc52d656152aed1cb920b79820f0ad7635e

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5WinExtras.dll

Filesize
14KB

MD5
7dc1288277a4294a2fded74bce99f47e

SHA1
720584d0d85ade9b715e550dd8f50af87a14cb3e

SHA256
e59a93092da31b106186c098a8d3078639700981bc454c2b4c163cff68ec18fb

SHA512
8c29af8a412398b4b1d57e1a71bb4500be1f8ab4ea231ef2a94467e49f65a7b1a8331ee07ca5fb919bed238a739cfc24f786447c85ce3d0c08c730d2ceb5c9bc

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\SyncEngine.dll

Filesize
205KB

MD5
236dca33c5309b7686827581755c9038

SHA1
ea7986fe568c9f01d6d487e4bda142f491fb8079

SHA256
553dcdbba5be201184d20685361b115e3693524e403a559e9a7d66b4833d3a49

SHA512
4181161500ebbc3dfa8193990b59dc5f9ec20c424311a21ca35a6dcdbc48bcb22802326ac4adf1b56ce7cd82526f3be0e70f5da1aef281d4fdc17f5f9b9487bc

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll

Filesize
123KB

MD5
8e820d9ccda6688e9fc11d11668f533f

SHA1
fc9620794f8979ec8fd99a8182c49b60929646fc

SHA256
62f1140ee9ce3c19b4a5a821db8b0d3daf3a1bb7743e03454297ec42d76b0ef4

SHA512
dac01d451d25e02d49c05f7de76ca5a8ada35b50c0f9a953420f68fd0de7800e4915d5a8adeb514488eac6c5f9fa862d6375607de65e945581b841abe3fe892e

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll

Filesize
241KB

MD5
288d0d00fd6da490cbc2bd7b8a60c894

SHA1
affa4ad38a5476fafe7a52b64a4b4f6fe6c33ef2

SHA256
67bdea76ace1b4f66358800f98867148f3b5e41407da0d5b3437bb2c0f27b104

SHA512
8dda841148a65b63c9100779fed872a3042f80efa4409359f494fc21ce61ac9f3559d6aa0b2138e2e5cb402eb2421872f57617ac5d5caca7740d3430e8415bef

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll

Filesize
168KB

MD5
caa8256594815913dc819cf3153a2717

SHA1
c8868fe6f699973191477e57a095ab30c894bce0

SHA256
5c7d49117e7802f2474f6ac1797b74bb5b45d3b584d292831b60f450742fb130

SHA512
9c59de6da13ae34899879541d7428303859242755f50002c14826112e6650b802bf5c0f416d4d0fb8b7a0aaa8b75cebf7e3aca19a9826173005c8865f04c0aa8

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll

Filesize
162KB

MD5
1df781a7d3fb2ee9b5db7a37da4ebac5

SHA1
f252b6fc383eb8ef12924ee8326a42109d68d4a0

SHA256
4c91cd008cd7562be98caec1da6fc1836f6a43870a7c04777edc00b7c7e21c81

SHA512
d26889f9f52faf16e7ba2f11d5a695ebcff35189b06f3e7bbaa6c9a39b5c325b89e69c2be8f18371611b8f0e29604fe043db3f205cc5b452dc6b1a39706547f7

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\WebView2Loader.dll

Filesize
107KB

MD5
925531f12a2f4a687598e7a4643d2faa

SHA1
26ca3ee178a50d23a09754adf362e02739bc1c39

SHA256
41a13ba97534c7f321f3f29ef1650bd445bd3490153a2bb2d57e0fbc70d339c1

SHA512
221934308658f0270e8a6ed89c9b164efb3516b2cc877216adb3fbd1dd5b793a3189afe1f6e2a7ef4b6106e988210eeb325b6aa78685e68964202e049516c984

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\WnsClientApi.dll

Filesize
256KB

MD5
b8449bbf84c8df42d0fd886429898794

SHA1
216e25baa64689762db10c0257a960e229655bf6

SHA256
1c1f9f6911a5dedbfe0f1d7d3c4fbb6702ae94b3bda13c7e1471ebd3491316f7

SHA512
d9f35ea93cd7058d200481359c62cc31303f5d5a3b3b10de512be4a742953440fe97d5a2d161b940077cbaf593e8b2a867c98622ca34b7f41c0bb9e20741c2cd

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\adal.dll

Filesize
257KB

MD5
09cd18104b601daa8a873661ecbc4062

SHA1
9bb7139dbb67dc7d0500cfaf140a168a422fb217

SHA256
1c4b71bcb3476f273ee40c96314ea7bea01fdaf5132269f26a42ce94e59629ba

SHA512
bf3cc588b7bab1be017196ec9e2e40badee93c122d315f2988a81fc389d395f09125c72479b61748c45eb97b0bbb7e7a6504a05923a404078bd5a4b5bf76afa4

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\libcrypto-1_1.dll

Filesize
156KB

MD5
3e53d1d71bc7d79419abc54512c04a75

SHA1
79efeed05a3660071ca48fa1e7083ad38605004d

SHA256
dfadc79e04e7af0364b54f27d5814f96c28c08cf759b512167efa99610684b26

SHA512
50c24ac7591c493ca0e91c72880d65a412400fdd0ff05fa9fb15c7747717795bb27329bd80fffb2ffb83f3a816f9769231279fb8c5b14c5cf6f5ea36f6befb33

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\msvcp140.dll

Filesize
124KB

MD5
38e37b77a1c795ef56f7608b6937acb9

SHA1
c739ae64a8bdedc204e00063fcf62cb5cd67a565

SHA256
f08b4480c33d7df7eddb672a675d02cadf9f0555132153fc01eb7b199431ae94

SHA512
0c84029c4992967c903eb9de0c8585d7038e4ff116cbcf1754a74e8d35eb9bdbcdd5a26ba698fea31ef44abf0c9e9258fc0e149890358c4e9c9c29f6a86f6a92

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\msvcp140.dll

Filesize
303KB

MD5
0c01e3fdad496f1a4f243fa4d3cd1159

SHA1
afee28e3ac806056d361adf2ea822e5ec4e36ab6

SHA256
0655a5daff1795396dcc04cd54b7eff7ffbc9d044f72a94eb5eaec67e3d8f355

SHA512
cf34eef1b65c74a019356f25e37b39c5bb270c2e96ccafe39c05d2cc5bac0147a26279dc8bc07ef886f7e272636a849f626183326944eadadc300d8bf7869cf0

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\ucrtbase.dll

Filesize
344KB

MD5
76f18844466be4e15a3ea3e1fde2bceb

SHA1
105ff587a3ccae409d0155c35ea728c2ecb40cb8

SHA256
c143a6be07588b74f159d8708641a73cc6b36929b5a855d56ca1bd4a30a4adf5

SHA512
c848beea23ae5b3cb49a6165573bee81a6a215b26e5ef906040b219bbdaf69939304cc927c1d93e4be9c2aa0be6efe397a2cf1ad32c4d3f5a9df43d5f48e5d69

Download Submit
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\vcruntime140.dll

Filesize
73KB

MD5
cefcd5d1f068c4265c3976a4621543d4

SHA1
4d874d6d6fa19e0476a229917c01e7c1dd5ceacd

SHA256
c79241aec5e35cba91563c3b33ed413ce42309f5145f25dc92caf9c82a753817

SHA512
d934c43f1bd47c5900457642b3cbdcd43643115cd3e78b244f3a28fee5eea373e65b6e1cb764e356839090ce4a7a85d74f2b7631c48741d88cf44c9703114ec9

Download Submit
memory/3012-16-0x00000000086C0000-0x0000000008710000-memory.dmp

Filesize
320KB

Download
memory/3012-6-0x0000000006EF0000-0x00000000073EE000-memory.dmp

Filesize
5.0MB

Download
memory/3012-15-0x0000000007F30000-0x0000000007F96000-memory.dmp

Filesize
408KB

Download
memory/3012-21-0x0000000073560000-0x0000000073C4E000-memory.dmp

Filesize
6.9MB

Download
memory/3012-17-0x0000000008830000-0x00000000089F2000-memory.dmp

Filesize
1.8MB

Download
memory/3012-1-0x0000000000520000-0x000000000055C000-memory.dmp

Filesize
240KB

Download
memory/3012-13-0x00000000076B0000-0x00000000076EE000-memory.dmp

Filesize
248KB

Download
memory/3012-12-0x0000000007690000-0x00000000076A2000-memory.dmp

Filesize
72KB

Download
memory/3012-10-0x0000000007920000-0x0000000007F26000-memory.dmp

Filesize
6.0MB

Download
memory/3012-11-0x0000000007580000-0x000000000768A000-memory.dmp

Filesize
1.0MB

Download
memory/3012-9-0x0000000002490000-0x000000000249A000-memory.dmp

Filesize
40KB

Download
memory/3012-8-0x0000000007570000-0x0000000007580000-memory.dmp

Filesize
64KB

Download
memory/3012-7-0x0000000004AC0000-0x0000000004B52000-memory.dmp

Filesize
584KB

Download
memory/3012-14-0x0000000007750000-0x000000000779B000-memory.dmp

Filesize
300KB

Download
memory/3012-5-0x0000000073560000-0x0000000073C4E000-memory.dmp

Filesize
6.9MB

Download
memory/3012-0-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/3012-18-0x0000000008A20000-0x0000000008F4C000-memory.dmp

Filesize
5.2MB

Download
memory/4788-955-0x00000000080D0000-0x00000000080E0000-memory.dmp

Filesize
64KB

Download