Analysis Overview
SHA256
94c0a9f4adcb87a5705f7ad0776b27ee6471131f21fadad162de21590669f649
Threat Level: Known bad
The file soan_2_2.zip was found to be: Known bad.
Malicious Activity Summary
Crealstealer family
An infostealer written in Python and packaged with PyInstaller.
Drops startup file
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
Modifies system executable filetype association
Executes dropped EXE
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks system information in the registry
Unsigned PE
Detects Pyinstaller
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Enumerates processes with tasklist
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-02 16:06
Signatures
An infostealer written in Python and packaged with PyInstaller.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Crealstealer family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-02 16:06
Reported
2024-02-02 16:27
Platform
win10-20231215-en
Max time kernel
346s
Max time network
866s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /autoplay" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LOCALSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LOCALSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\Microsoft.SharePoint.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuthLib.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /autoplay" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LOCALSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci /client=Personal" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci /client=Personal" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LOCALSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Checks installed software on the system
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\TypeLib\ = "{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{A87958FF-B414-7748-9183-DBF183A25905} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\FileSyncClient.AutoPlayHandler.1\CLSID\ = "{5999E1EE-711E-48D2-9884-851A709F543D}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider\CLSID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\INTERFACE\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\PROXYSTUBCLSID32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ProxyStubClsid32\ = "{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\INTERFACE\{0776AE27-5AB9-4E18-9063-1836DA63117A}\PROXYSTUBCLSID32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ = "IGetLibrariesCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\ = "IFileInformationProvider" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\BannerNotificationHandler.BannerNotificationHandler\shell\import\DropTarget\CLSID = "{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\OOBERequestHandler.OOBERequestHandler\CurVer\ = "OOBERequestHandler.OOBERequestHandler.1" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\INTERFACE\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TYPELIB | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\INTERFACE\{53DE12AA-DF96-413D-A25E-C75B6528ABF2}\TYPELIB | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\ = "IFileSyncClient" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\NucleusToastActivator.NucleusToastActivator\CLSID\ = "{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ = "PSFactoryBuffer" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\ = "IFileSyncClient8" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\ProgID\ = "OOBERequestHandler.OOBERequestHandler.1" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy.1 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\SyncEngineCOMServer.SyncEngineCOMServer\CLSID\ = "{AB807329-7324-431B-8B36-DBD581F56E0B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy.1\CLSID\ = "{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}\TypeLib\ = "{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\INTERFACE\{DA82E55E-FA2F-45B3-AEC3-E7294106EF52}\TYPELIB | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\TypeLib\{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{2B865677-AC3A-43BD-B9E7-BF6FCD3F0596}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ = "ISyncItemPathCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\ = "FileSyncLibrary 1.0 Type Library" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_CLASSES\WOW6432NODE\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LOCALSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\soan_2_2.zip
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
/updateInstalled /background
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 225.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.194.113.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json
| MD5 | e516a60bc980095e8d156b1a99ab5eee |
| SHA1 | 238e243ffc12d4e012fd020c9822703109b987f6 |
| SHA256 | 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7 |
| SHA512 | 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YLFDN1IZ\update100[1].xml
| MD5 | 53244e542ddf6d280a2b03e28f0646b7 |
| SHA1 | d9925f810a95880c92974549deead18d56f19c37 |
| SHA256 | 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d |
| SHA512 | 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
| MD5 | aded4aa943525cd7b2d441c47ec2b259 |
| SHA1 | ccf282730df48e617cb775fca1140ef7d36bc17c |
| SHA256 | b25948a8f08852b8429f028914376ad3f4afa507708481c3df1a05c1af457ac1 |
| SHA512 | 0baec066aa6c1bda75c2b2e3e721f1e03e9569eee8e43a896cafc5c020f35ae704372d00899d68c923079f57276405131f51d8465e69f21243e22801b8040255 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
| MD5 | 62fe0c765b7125d0b053d74588ba3d45 |
| SHA1 | 0de31ceeb9db24c51a8506673dbcfcbbbc8b46e6 |
| SHA256 | 19bb9c6dd3ebb9f50d6baca19eaaaeb0a0759c6f1705f874ffea5cf9ed927618 |
| SHA512 | f4b635c193eee16dcda3f59ba2265bec5c03378c0bcf99889233a99e8cfe6ca0cd1b140b6fb1939d4b84174d099e289ee582a40998fd98c646fa0c5fe8f474b4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
| MD5 | d8fab3f2c80a14d9c90a61099e9436e1 |
| SHA1 | 3203ae30c08a75029a89594c9895f77208c83667 |
| SHA256 | 00f566ecea462f7b21ecbffb8aa2a7e40b4ed546cddc87d7c0dabbe115237580 |
| SHA512 | 42382159275c6a19a154165353a36ea50d9a7259842d9f7af52681337d56a49f74b4619257eb3c4a14fe4e3bf33054e25c709d189ef6123cf3af90aa4861c095 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
| MD5 | 53d730faa9948634c6c403e999a765f0 |
| SHA1 | ebd6189d01e51822c883a335973dc5f7c6009d1f |
| SHA256 | 0647e3e48e84143a24c5559cc4a22dfe85ee1d22a595a8966f08441b5a6cfbe7 |
| SHA512 | d45dd3912145dcbc7a38506f55e2611acfef84234b5457e068273881f7bedccd1b4ada5a148326d1f3b9e0daec69272e868e1f92bf271daaccf23c49dae840d7 |
C:\Users\Admin\AppData\Local\Temp\tmp19EC.tmp
| MD5 | 652ec82af8aa614631131b788850df89 |
| SHA1 | a579facd902be530fda89c10921b7d1480518ada |
| SHA256 | 80b4041dfedd8830d2e9bca7154b351351fdb725ad2061d89a09393f0414c53b |
| SHA512 | 7fa9fa7de89f480ff00b7e93961b22871f15e12460401ce648845fd6b3a23d426619f77e64b4807f2fd6916640bcaf2081b27e7ee6c88b631daba2875e13b78b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini
| MD5 | cc04d6015cd4395c9b980b280254156e |
| SHA1 | 87b176f1330dc08d4ffabe3f7e77da4121c8e749 |
| SHA256 | 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e |
| SHA512 | d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png
| MD5 | 09773d7bb374aeec469367708fcfe442 |
| SHA1 | 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6 |
| SHA256 | 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2 |
| SHA512 | f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe
| MD5 | ea6a4de38d96cb0a164f8626a7624e0a |
| SHA1 | fe61adc62b6ef6308a0234966ff650df7020fe0e |
| SHA256 | bf9e76166d1c3a7f834d378d2d710790cb0dfa9550cb708b235396b23f840f60 |
| SHA512 | eb71315e7f5507ce26630b98a0e24e6e4b68dff4fdc846adcb7d8ffc6994f77bfa6da969cf8b357ef6e92076e7235966779856c015695d4b1f31ccbe8082fe52 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png
| MD5 | 3c29933ab3beda6803c4b704fba48c53 |
| SHA1 | 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c |
| SHA256 | 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633 |
| SHA512 | 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml
| MD5 | 5ae2d05d894d1a55d9a1e4f593c68969 |
| SHA1 | a983584f58d68552e639601538af960a34fa1da7 |
| SHA256 | d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c |
| SHA512 | 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri
| MD5 | 7473be9c7899f2a2da99d09c596b2d6d |
| SHA1 | 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac |
| SHA256 | e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3 |
| SHA512 | a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe
| MD5 | 85e1b7cb5f06e97d5cb8bfeabf5bb5e3 |
| SHA1 | 20d250e4b3f2edff83ab6e491539f6cc93d8b167 |
| SHA256 | 38ad1a585c30ce17a7e86db323f533d019711dce1f8aadd4f5515b091371cef8 |
| SHA512 | 92c4eb5a38da25119a9bcb3b48e0c6887b15ee8aaf1e90accc49de07cf311c2a747e812197699d8236038d7c550eb8331edfe230173c56f85170dbf828b768e8 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png
| MD5 | 096d0e769212718b8de5237b3427aacc |
| SHA1 | 4b912a0f2192f44824057832d9bb08c1a2c76e72 |
| SHA256 | 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef |
| SHA512 | 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png
| MD5 | d9d00ecb4bb933cdbb0cd1b5d511dcf5 |
| SHA1 | 4e41b1eda56c4ebe5534eb49e826289ebff99dd9 |
| SHA256 | 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89 |
| SHA512 | 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png
| MD5 | ed306d8b1c42995188866a80d6b761de |
| SHA1 | eadc119bec9fad65019909e8229584cd6b7e0a2b |
| SHA256 | 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301 |
| SHA512 | 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png
| MD5 | 09f3f8485e79f57f0a34abd5a67898ca |
| SHA1 | e68ae5685d5442c1b7acc567dc0b1939cad5f41a |
| SHA256 | 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3 |
| SHA512 | 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png
| MD5 | 1f156044d43913efd88cad6aa6474d73 |
| SHA1 | 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26 |
| SHA256 | 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816 |
| SHA512 | df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png
| MD5 | 22e17842b11cd1cb17b24aa743a74e67 |
| SHA1 | f230cb9e5a6cb027e6561fabf11a909aa3ba0207 |
| SHA256 | 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42 |
| SHA512 | 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png
| MD5 | 552b0304f2e25a1283709ad56c4b1a85 |
| SHA1 | 92a9d0d795852ec45beae1d08f8327d02de8994e |
| SHA256 | 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535 |
| SHA512 | 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png
| MD5 | 2c7a9e323a69409f4b13b1c3244074c4 |
| SHA1 | 3c77c1b013691fa3bdff5677c3a31b355d3e2205 |
| SHA256 | 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2 |
| SHA512 | 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png
| MD5 | f4e9f958ed6436aef6d16ee6868fa657 |
| SHA1 | b14bc7aaca388f29570825010ebc17ca577b292f |
| SHA256 | 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b |
| SHA512 | cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png
| MD5 | e593676ee86a6183082112df974a4706 |
| SHA1 | c4e91440312dea1f89777c2856cb11e45d95fe55 |
| SHA256 | deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb |
| SHA512 | 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll
| MD5 | c5492e88487a89786a238aa0326ecdae |
| SHA1 | b34859c1ff5916eefea8c190f84471171fd9204b |
| SHA256 | f93983bd7e360165d64da61a2cbab2e5932227c2f1d38485d74d2fe3cac95f0c |
| SHA512 | 46ece6f3d6cf48b49cbf6332f6350deb8ed674cac51a52189dd9102d112ef8bb51e13197e408080f98f35080eafb5d410396b4876317a70d8645f37f02446854 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll
| MD5 | 90f7bbc40d8ab8ba956e18e5bbe8b6fe |
| SHA1 | 7ed27deb554fd017fe45d93ed69eb3580dae5d6c |
| SHA256 | acac6ac7d8f8eeca6e07533b28e90d5a3cab9c4c84db39dc1205a0e364d5c444 |
| SHA512 | 67234df6bc005d347e0e17f0c10566db2e5d3fe9742f2043b627a68712ddeb9a5a320af617a2232f09fc8243abe4b93bbdbd8a7a552a2fe336ac237d8762adfd |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll
| MD5 | b3a9fbefe44d100da641f671fd8a0d93 |
| SHA1 | bec9544067efa61fa849f35a1b3c55dbe597bfd5 |
| SHA256 | d5f8f00f5ad68bbd7f5b05e994e3731ba860602e8a4161671baa538b044dc5dc |
| SHA512 | 195a27150e255a9b1e775c0d03de41119b59a6eb91b7a59d38507ce661725d13f7aa250473002554c89cc5c4af525f10648d7c62f3fa67b0c52870e0cb0ad269 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\msvcp140.dll
| MD5 | 63fe699cabf3397b8040800e021eff7f |
| SHA1 | 1e6785e22677f70de4417f727349b599b8cba2e9 |
| SHA256 | 57f257332beba19628cf5dff2dc10515db5d07e070e9e12b40e8cef0525230e8 |
| SHA512 | 8406245437472d292cd80758f7e131014e10c4fab9d6c246ddb75af284f9a3b49593039a5f66811ff829c9d98804bb421889539e0a2401ea90b6a84efe5315a3 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\msvcp140.dll
| MD5 | f53491346c6f42111544c1b2b4b86905 |
| SHA1 | e6e457230f6f4117066ba14b9b162be3eb3a7156 |
| SHA256 | d06600a0f386cefc1b694763757c1aeed33f360f2963e05e90ce699eb9ae3ec5 |
| SHA512 | 4ac7f4f8149efdd82b202ccda4a47873449519e507b448e095e9a5ff67fbbf248c983307e49d9716525f5e7f96cde86e68dd51e2efba4f08b1c10fe7d9b5610e |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\vcruntime140.dll
| MD5 | cefcd5d1f068c4265c3976a4621543d4 |
| SHA1 | 4d874d6d6fa19e0476a229917c01e7c1dd5ceacd |
| SHA256 | c79241aec5e35cba91563c3b33ed413ce42309f5145f25dc92caf9c82a753817 |
| SHA512 | d934c43f1bd47c5900457642b3cbdcd43643115cd3e78b244f3a28fee5eea373e65b6e1cb764e356839090ce4a7a85d74f2b7631c48741d88cf44c9703114ec9 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll
| MD5 | d1fa069e1ff5a1314d31eb4efff29725 |
| SHA1 | f9ef5f9f25dfc22de0478e85001a728b683c5800 |
| SHA256 | 3cfada409e5335ecb78cd87acca0570801c9477d9f8406f97f1acdd892e64d1a |
| SHA512 | 80ff1bb73df718052d84528eac0445a9a62de2ceada721a40a92f76df7d0b92a68e7581af52fbd834e428f87a334c4880e84de95ac217917cdfc93dad09b8064 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\MSVCP140.dll
| MD5 | f4d6a2e2d08d92767e631a620a235655 |
| SHA1 | 42157c05b5fa862e8989327dcb935d89e8698b33 |
| SHA256 | 230a0d67a2df442ec90effbfcecf8d2cbe3a0a7257463a568a37d693adaacfa6 |
| SHA512 | f346edfd265e2401c3aa45fc12e438c65aeaad9afe430999507b871d1122c957ad3836edaaf078d2959df96f2d175aa089ff9200fc46649154a2116f7addc0c5 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.dll
| MD5 | 2da0b7f96c2884f6371ffe303c60bb18 |
| SHA1 | 4cdc45e5b34d3407dd77019c6a58091336c94c57 |
| SHA256 | aa6b880930f1e7f244de21a2e1cc0db003652533b54adcc4366170294d5e269b |
| SHA512 | 3910d33352afcd17b8a2147ceef7f1b192fdbaa04d04d7da158367889f816b762c8ca681ccc7be7fd09c3cade728e8b440e525bb5877decd459cd4bb7e466cc5 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.DLL
| MD5 | 63e421e3c48f0157d512967d1a62e75d |
| SHA1 | ac1b70e155a0b438d2347c9f86001f64c2d4f701 |
| SHA256 | 2da4fe0743c039ddc1b310f014247c0f0d4aa31c7c22715cf12b078b6d9fdff7 |
| SHA512 | bae4200735eb2a7e765be290ea81c34f368e18cc31f74988521de478636a7de4b1ef126503349fac0a735333d0265e0374e9f7e798fd80b173b2ee06a46fbfbd |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
| MD5 | 239a61b89e11eb164f8e95a03129f8f2 |
| SHA1 | 00d4f7976758a84e8fb7018f3da77d82a940dd34 |
| SHA256 | df36bd465e044c61c200a8687ba1614d548d0a37a4009da7952c1b627de97335 |
| SHA512 | 4dd94a7edaf6b97b81ceb499a3901a92f626cfab074c8218f5ab7a79e5564bb223834c1aad8c76e7e989daf7ba38405225ded956b6f9866e2e657ec6ce34fc8d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png
| MD5 | 13e6baac125114e87f50c21017b9e010 |
| SHA1 | 561c84f767537d71c901a23a061213cf03b27a58 |
| SHA256 | 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e |
| SHA512 | 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveTelemetryStable.dll
| MD5 | ec5a3529cbc44086d344ec5db0276cf1 |
| SHA1 | 6bb238684be427533bfeb0046e8a81fe02064f55 |
| SHA256 | 3ac2ad82c76a26ec23c55475a00d74d80053a2b5fe4fc551554d99558dee00e7 |
| SHA512 | 816d7365699f5046b5134b5f727db40e0264804cfd7b90748c60a24f2efb925b3c0da4b97cf605ff99082896b4523db650e1e0cbe201d33ab073a5530fde18a2 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogUploader.dll
| MD5 | 7641ff13332b09216b25010946db659f |
| SHA1 | 3f4b253fc42b007276905e1f3e83d04a62ce3b82 |
| SHA256 | 699f84844e0bfc89340b120aef9d51a31325cb61d97c67cfd7dfa3477248f215 |
| SHA512 | 57e74cb88a92b89df76d9c85f5adaf4805429ae8465307f59d6b7aac4569bd562b167f1a339cd4da881bea0bc48ed1ea1d810161ff60d389437cbb7757563258 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5WinExtras.dll
| MD5 | 65f9e865a30b033181eef3e91feb2f6e |
| SHA1 | 35ad169a46f875c3ef0d5b556c794e780bba66db |
| SHA256 | 421df99771052696642b56e784b133448a46d2ffe64c40d6a09230d6caa58205 |
| SHA512 | 45035ac06b45010850fcb5db3d5726c4272ed2e805196289303e425a54b56d6e8a2e6f0afb808deb1c7974bc338fec1a572c9fb2f9f1dfea1c428741425868b4 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5QmlModels.dll
| MD5 | ae15759bded0056dfbd560c6edb265a1 |
| SHA1 | 45a2ad5ea01e3b135bd45b509be82416305d6d98 |
| SHA256 | ff61ff5c37f4e9cfc0ef470eddcc7564b9e2fe4b33cdda281958015e794b27da |
| SHA512 | bee0fb17d371e94218b5c77a31c558bcae93f11280920ade37d5e04bcf7c424f4cb588e41d7a44564c15fbd477a1f10be15ea9918fddcc38e5b87b0f1b98683d |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\libssl-1_1.dll
| MD5 | 332373aaa18e113a561a25c70a7143dc |
| SHA1 | 48455de78d0e89b913986e5ae3f1a41377488149 |
| SHA256 | 8211218a223909324fbcbf66db5e6adcef89a7b33f0d7d85b33fa0967ad189bc |
| SHA512 | 969d95cfcaf0887594e94ebc5e7b418d0eeafa6fcd207187c6b234903b4b51903ffe7a272b7b8ec2c4364bbe2859fbeb4ff10cdea2c115ff20eb610f12abf009 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\libssl-1_1.dll
| MD5 | ca0d6538894893d5cd95cd38febefb15 |
| SHA1 | 75ef6fa57b4a66893166c191f8fe7d0ddab7dc4a |
| SHA256 | b554fb725fe91f3992da73b0ba4be09702792462d06eeca1f8ade2e9a52a56e7 |
| SHA512 | 2c57016d72cf0c9b6b1dbf9c2fe4bfa663088dd7894f2a31949906170f6cbfd874848c86a0a90e48f5612664ece980b6f88714eb21ea3c3b221a559ee96f5163 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Gui.dll
| MD5 | 181302e3db1ccdfbad0a210317784162 |
| SHA1 | 3a370bd986129a5068e826b83d7eacf36571f0fe |
| SHA256 | 3dfcb071a3f349740447804e2840d0d05e9213172a43c1ed3d9f24a80f30ef64 |
| SHA512 | ed58655cf09270c70eb993f343a021399a888dfb54d6da721e4324f8b69b5940d8cdc9a49d63ad1e015738b120382374fdba191c1c7d1c7013d693e4fd4f77ab |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\WnsClientApi.dll
| MD5 | 2e9d037bd13115f7d00a7065bcda04a7 |
| SHA1 | 019e0f1e6d6bc2acda7a0a562ad440c10399de81 |
| SHA256 | 7718f142fe18ced9e255e486d9cf08ab8dd96acd42d6c3d20e7da927ffc9ea6f |
| SHA512 | 84c9a4b879c7cd872b960469d76ce2eb2af4bc8d852f97aaba1d59b427b21ff9a162ef8eec7f282e5934a02228042d1e6a3bd1b6327049ed26979719dd9ef3df |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Network.dll
| MD5 | a345b02ef3f1c02fa109b846cc710011 |
| SHA1 | 6a3e18cf165ff448ed7e10fbb606b986e527407a |
| SHA256 | 719424727af753b036e411cbf0c7fae1d4f8bae63db0cefe49384724d778a775 |
| SHA512 | 3f42c5e6ea19114536741f434efba97e5294a1304dfce4447e57dd178ce99726027446215a97efa4deeb1832dee45f216381dc6b79732315993a5bb69506083a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5QmlModels.dll
| MD5 | 7ca509e56c0c2c01e2b2d513cee64b3e |
| SHA1 | ead63b63ddd9b2ad716b2b6555e85cc02fe9eeba |
| SHA256 | 7bad451bf3fe06a7f02071a908b9f5c284d3e8879c49d94ce8eafabf4f187933 |
| SHA512 | 7284979e951d5e3fa0d2bf005c7a9226f19041517d033ab423f0c24cd86e4b29886b69e2f15ca791cd1a40e9d9f80bc76047bf0ee4083c617ff9c802c16b2e50 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Widgets.dll
| MD5 | 3a425315ccdf84abddbe25748b2d0bfd |
| SHA1 | 0a6dcce697681aefdc84c5629da55611781eef8d |
| SHA256 | fcca126a2065c7951739aa299986f8a343b750b41365ac35b69425ee1d3cfb16 |
| SHA512 | 25cb19028b16c257e892ba85b42189ac09051e7db4c997558fb19e3523482728091f403829abfa001440d2c9ab5fdc4fcc9e1c6be053e70ed16960876b3b3363 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5WinExtras.dll
| MD5 | f71c21e523fbbd02e044f83a38a660b5 |
| SHA1 | 9318ec09316e21e412391e25ba2be3dbebeb6354 |
| SHA256 | 13843b14a899f1313365ea781348ef25cde24174e590ed56ebd2fcfaaac2b056 |
| SHA512 | 3d95693a1a6247b2491110c4ea61035352237eb13226a4f4bdf72f38de41fb36dd38bcecec3201e054c63fc0d90275cf92d6bc6eca419d0e068a02f67d698259 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Network.dll
| MD5 | fb5f0a49ffc41f1d3b1b4cb26dcf9de4 |
| SHA1 | 73b5cd77bf4726874626682b5f4a055bd362fc48 |
| SHA256 | 342ee464122895e8eecce3a4289883d44e47da69346668dea240c53483f5246a |
| SHA512 | 423cf59c9f6256547e30256471ea0147510641a7d704a6ac7e3b57a38c9305848cdd2e760c1100f55f86dd26f705298b077bcdd2406ca023a26f8897e9d7a814 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\libcrypto-1_1.dll
| MD5 | 15c504d2b45a10c2a8a624b5d618d668 |
| SHA1 | 5fe03ba326b5300fca3e15650387c267e8a6ba8b |
| SHA256 | 078f296eee7fd8b3417142d7da2fe8742f8650a2d4943e920a496ceae7d60153 |
| SHA512 | 4e6e7a63f05fac9fae08f83aaf04271c6478f7af29a0be67b70284ca9cf22a663578d40be3325e870c1a3e6fbcfbc0f25d00dbc885147ad60fc2860c6a7fbf89 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\libcrypto-1_1.dll
| MD5 | ae5fc2a07155537c32ec59f4d9363a5a |
| SHA1 | e0b6ebabef14f6c4d0883dcae7f413a58696b1e4 |
| SHA256 | ee08d7ae594a350aa07176347f5fbd63d83e2daaa63591f54f51322663915dcf |
| SHA512 | 6e9664e405817c303fa9cbd1532efae61e909931dae9352e163afef3ebc2813703af3c08e9fce1695b60b86ae14c2d0377c65fef972ce6e73b38a5441a6b4068 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\SyncEngine.dll
| MD5 | 9c65a8f2e87723a79868b4791425cef6 |
| SHA1 | 2d9757521a7e7d20598d535983300bc5df889bb7 |
| SHA256 | 689ba41e3dd6eab9a3231cda590f788d506bbcdbbdd81ec576142568ee7cee02 |
| SHA512 | 9a430ecca89441a99e38629045b823f7b5f6c7f1c9c77c21001ed8d9818bba8d7c3a05e931c234cfe548f88d2a11af4eaf3ae637f5d7f175f29111fef8a8f22d |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Quick.dll
| MD5 | 6e4a6473125f394a6c5995263c3964e2 |
| SHA1 | 77496f0960c64e14dd773611925bea64743b42b5 |
| SHA256 | 63b25ef67d9431e0a7e019cf2f511a856f50e54316e95c3c0d95f4dab5893192 |
| SHA512 | 861587108542e1c85a1647abc9b9b1706e267c29cc6184306bc466298864f9c933decd383f61fec53f59cfc641ad010434a2f0fb15e0e1d06aba098397d1d735 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Widgets.dll
| MD5 | 178ba831938b21e1db955107b47e59dd |
| SHA1 | a744af3157fce0a319a590c89f5e1037eac52392 |
| SHA256 | 5f87116b6724276fa9c3b43e778287b177fd47c7d20bcfc4691be8d8c5dae618 |
| SHA512 | c14b6a7d22e0a1214212b765e88b6b1b3213f9509976dd6aa3432aeb1778c5858e59e57d04d4f78923a1e99d97de359c00e0f534a86aa1f03428a4ed349e3215 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Core.dll
| MD5 | 9fd3090cfe1d877e5bc9b9aefa767a84 |
| SHA1 | a8baf0f66e4f7255926d639d658873a49670409b |
| SHA256 | 874cbec08ad1317e0807f8f687862817bf62bb35ea0474f2fb6d8fbabc78f59d |
| SHA512 | 710d79ef4a2b06a1fc879453a4daf652f6397df9ebd3642f1769504f95178cac868cbbbe9d0c4b400d27bc53c748ca728d7af73182b82b0bd95827764ebb5f68 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Gui.dll
| MD5 | 1b4904f5759ddcb635d7a7d60b56f0bb |
| SHA1 | 867e33a510d21a62164619e9a330bc9792d20e5d |
| SHA256 | 4aae3c5d258e409e31424f2f81ba35c0dc2288f3b92fd559f24d14f781efe312 |
| SHA512 | a4d09f24391b6b68f0b83d8d266d8ac79a4efa1bb04a5ba0bbcb1a08346c8af2b0db07be9a9783a59cf042b43f6e966ba96b9817c40e384ee26038586e44769b |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Qml.dll
| MD5 | bf600ecd2e4c5494bee85f47db6a6947 |
| SHA1 | e5118f7ed60d50054cc322ed66aba18bccb2e7ad |
| SHA256 | c3e8947861c8c6d11237cbe818d1011574c7e0f6025059674b3934b5ff67c02a |
| SHA512 | 3503ad52a0f7dfa0ee034706f74a9ebe14a636ea4912c7c059632028f0fbd5f0add0857ffe9e1cbd5e1e04f09136965ccaa5b841bfaf17a8cce98ce630542905 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Quick.dll
| MD5 | 0c5faa41f289ef8f5f756ff8f046e88a |
| SHA1 | 8e7ae9e51587c114d84e1d19a8da3d823a8553ea |
| SHA256 | 38341dade9a7ddabbc2ea3c2c953e2df97c1c7f7ced0f3fd646a7406798c98ca |
| SHA512 | e3cb820b8ab258e02f8650861a82f9a260dd62711ab496bfcf50ec3760fcb94aaa51baa840f53ce3759e8838489aeabb9ad323d183edae813405784839be86f4 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\WebView2Loader.dll
| MD5 | 925531f12a2f4a687598e7a4643d2faa |
| SHA1 | 26ca3ee178a50d23a09754adf362e02739bc1c39 |
| SHA256 | 41a13ba97534c7f321f3f29ef1650bd445bd3490153a2bb2d57e0fbc70d339c1 |
| SHA512 | 221934308658f0270e8a6ed89c9b164efb3516b2cc877216adb3fbd1dd5b793a3189afe1f6e2a7ef4b6106e988210eeb325b6aa78685e68964202e049516c984 |
memory/4668-922-0x0000000007440000-0x0000000007450000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Qml.dll
| MD5 | 707962c1a61647b4b08431273861d0f2 |
| SHA1 | 8ee307a3dcaa470fda19d5d0d18c5825209a29ac |
| SHA256 | 6bd58bee1d3131010c36eb599a3c1466066f29405a18fd200dfb5a0f8f0184ea |
| SHA512 | 2a780fe87a8272c28ee127fcd7f0d971ca9ba5adcfd6668604d206f08af9f4867877de1480e705334ecdeec3504b81d93c731416dbf42b047b949a39001d379d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Core.dll
| MD5 | 3b1cf13280e7c25222e94c5d1a7ee0aa |
| SHA1 | bd055113c6cb1ccd99b0e08b99576b1df2d24f9b |
| SHA256 | cc7f22665780d728e15440b84be943e8ad11a45eb919bb5d615a04c84bd93005 |
| SHA512 | fb26cec892a5cb2868bb20f877b2c4b60482b09fd5531e9c431a5c4b49be94d66cf4f9181f55ffa0d83b422ce44fe7c7eec366502642c4764d31cc5ba9543949 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\adal.dll
| MD5 | 6cb3209ab281794c1074c70658d26c05 |
| SHA1 | e82444088e808d0c40149c3cb3fab620c91b10b1 |
| SHA256 | f9d39c05207bbc1ba05b861fcd3775368f9f5ce7c59dce2f7b082265543413a1 |
| SHA512 | 17eabb80c0a79b0fd86e7311037378ef7cc5395105481b628a94532925a556dd0cabefe975acd5e0e324b3ebbdd35249afd462a1718b077b02e2a0865eb184a3 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\adal.dll
| MD5 | 612732ab8e3cb9c871676b09c54f4c04 |
| SHA1 | 1845981b41048bcde51c279eddda2dfd893a2b66 |
| SHA256 | f3a0e33bc04e9daca63ab13d32d86ebbd928411435956b80f12a43fa43dd3777 |
| SHA512 | 797682c6ba8a03de62d73dcf5391d98ee50151373dea80bf3fd48b2cf7713d3a03c408a66a8ab86e604f98cde755d4b70056283907bfb66d3f4a6e909f111a1c |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogUploader.dll
| MD5 | fbe918886d4441024d1e4c3abe4d47d6 |
| SHA1 | 5d1179ee0500738a45bbeead033d7e4cf074a762 |
| SHA256 | 21744585b39d3fcd9c609a5033c8bfcb28e9b85a99ebfd0f63a29b96ffd29558 |
| SHA512 | 749ee68e1705c6b2e08b4c358ec9172a9c83d5c652b5f6661a3c3fc461618d3cd38336a0b18b1b65bc7ad5e400e437e8a427ca5cb5a40b00ef615aa34dff9742 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncViews.dll
| MD5 | db1bfbbbbda00ff890efc71fd07d6e45 |
| SHA1 | 0381cc823d7a9e77567e38eb9107c7bc9163c352 |
| SHA256 | 824c0983fa04c3423a2a1a927d2f6f703ad33246e1714da5cfa33a03a7a682e3 |
| SHA512 | 6aca9e7c1278c8375998caf9af655dde2d50999ba716a44100b48be1b7bf0616624a5cf14488c3749fc6ab89e04d3799ebf1945aa62a2fe07e5148b9f3c6cf28 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncViews.dll
| MD5 | 629973d5ea9c30f27b2c8483a216f33e |
| SHA1 | 398134a8a7c9277ce9c7598ea08b7f54115b2593 |
| SHA256 | 1c6ae99f7f911bdc193d03a170b8fb55307ac3f1dbdda56e2dc750d53c4cea3d |
| SHA512 | 8323992e9d0b6c01d9549561e64374acba73e9c6d26809c55ca891141c66fa7d544c93b1e276f06faa437df573bf1245b629d3ceed26ef01d171baa932f5ca65 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncSessions.dll
| MD5 | 8bd0fbb813d49b92f1c4be5768419680 |
| SHA1 | 150626f8f398abb74b5e211743772df1715eb3ff |
| SHA256 | e12c58d67cf8cbbe015f3547a12a670cf4783b21d9dd83c32b5b648933393e09 |
| SHA512 | 37c3b46b971446d1439de63dcde60778e8031ce19c835b85398643c366653fe2f1f36568f329332893ae59aebba7df7335cc25e440c0af59020aa73a4b0c5cac |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\SyncEngine.DLL
| MD5 | 376fd5564a1fbec0d35770d44776d302 |
| SHA1 | 4e0b8cc7e9ea558af533e87b2efc35d6452aec7f |
| SHA256 | 5bf2c642848ce90eaf86fc62f8f6ecc091efbb7259e76ca920485a13e6f2226b |
| SHA512 | bbed306609957f73ce544acfd90ea3c0d222165f51aeaa3d62ae481971f256b5de39a6838d5f47e87a26abeef317713556e76a0d546f791c5859de6d761ee8aa |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll
| MD5 | 2661c6ef205c37e71cb857f3f0d3bc50 |
| SHA1 | 9101bfdcc28279e7e8991173ecf17611875c26bc |
| SHA256 | 345843b6e037806b7d65d9ddfa4627d27e6819d90852bfe0bd78928e8fae21e4 |
| SHA512 | 6eb2a720a269d94dfb8b8ac93ec67d44514903bcc383f55df1264a715e9cb960899f8744967569b766e9364061502181cebc42e55265da12bbd610af87da5aa1 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll
| MD5 | b0b3ae926067d8b446cc6c4045800c78 |
| SHA1 | b07754ade85b2df97b2f3edcaa41d815c61ffcd0 |
| SHA256 | 08c1f65ec08dbe23bd3c5d7c7647e8d2845b44525ef8b31a613a18a9ef3f54ac |
| SHA512 | 109e86709a530711c0b87d534880ad3d3880d2aa7428f05ab53ed47a4ecc5aaaa64c4c6df2fd9bbb53f0fb63f58517fcc3a7b4e1fdd79230363f64d6257737b8 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncClient.dll
| MD5 | 27ae78b27d6aaa1b7cf0c7070744d93a |
| SHA1 | f290c98ee9d7ea6bd8fa81bdc57d1012ed8b84b7 |
| SHA256 | 6c1b8ad74a217158e76f8e83039b2e31f4abb7034edec98d52f4499a8ca3f0b0 |
| SHA512 | bbc1ac592bd8e13796e3773c58c19b9b6a2827ab6a7ce58b1a8be4c9cefc5124ddad1e592cc2279cf5748f591a944a39d66dbff42863e1e857324525bc10ad2e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncSessions.dll
| MD5 | b57dba19902cb89091d30ebb8d868b48 |
| SHA1 | 7e847f460e77a68dd0e92be14d28c7a2687fbb3a |
| SHA256 | f27f84eb494b0d5e95cf50c48d2992edc2dc7544517489e5c58a9eaca5826a69 |
| SHA512 | 735ec1e951db8269c64b8cfd876d545ae6c4ed92557ad0f69ac0c1f42738d843fe222e932ff98f65414e840721e5974beb9aec24255648f82bc99b85f00b5976 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncClient.dll
| MD5 | 6c2fdecab5e7e0280216ac6113c8003a |
| SHA1 | 459596e3c332d9d049549fe961d69c4198c04e50 |
| SHA256 | c46a22b8acc1d260393cbe2787c79dc7083128da7b9a5663b5633916746b2375 |
| SHA512 | 516730780154f608999238fafc38eddbc0dd0a6e556acf0bb1de92208e8a9463f7ed0b19197e544f784790f47df69b565fbc660861fb558a98b07f3df00aa019 |
C:\Users\Admin\AppData\Local\Temp\aria-debug-4364.log
| MD5 | 5ec2118ed6c8d372cc70fab0bb53640e |
| SHA1 | 2d9067f190cecd138fbdf0ceb72277d6aed2e34e |
| SHA256 | 60e2e547444537c6bcde78a804cf1e093e90b5d0b2403101ff5e1a02ef55ad4a |
| SHA512 | 2923909d2019a406873f3df17612f5af4d1bb0b2ebbf53a5085716f890f786fa13754f2a851364e1d8f95202cf2b9f1cd2d3a38ab769f5a47a148111f2c89c2a |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncTelemetryExtensions.dll
| MD5 | 51b6038293549c2858b4395ca5c0376e |
| SHA1 | 93bf452a6a750b52653812201a909c6bc1f19fa3 |
| SHA256 | a742c9e35d824b592b3d9daf15efb3d4a28b420533ddf35a1669a5b77a00bb75 |
| SHA512 | b8cfdab124ee424b1b099ff73d0a6c6f4fd0bf56c8715f7f26dbe39628a2453cd63d5e346dbf901fcbfb951dfbd726b288466ff32297498e63dea53289388c0c |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveTelemetryStable.dll
| MD5 | 3746c2c72a58bf183672be6ea3e3dc31 |
| SHA1 | c57fd2a247d0758fda967a41e579ba84a7cb0d44 |
| SHA256 | e8a68344b28dba140d5a9abbe484a64bc7d19a78bd379712c1a8d50b7da31add |
| SHA512 | bd57e93bf1dd57bc64dfbb8ab6c058273d9f40b6f0344cb2b95e4f5469f7320af2c5766045f85a6a2516229454678ae6a6ca1115971b2f84ea49a9cfa2859977 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\msvcp140.dll
| MD5 | bde86ac2d1455f3c47d1d1e1db852774 |
| SHA1 | b0e6eca9a5e00b82ac3e0f6b23985d5f6b8e6c88 |
| SHA256 | f5657d39e2b8439f7e300c2b8919ca29d54391a32aef9a7ef5ea75ab3c488259 |
| SHA512 | b6192bb7ec76fc5348dcebdfeb23ae29c9511f7b3b8865caebeda0c231b66d8f060cb611fd7befc334a30fb97dd343c12929ef3e4267f35ae122fd99e6bb947e |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.dll
| MD5 | 8431f7fc6cf6db39833970cd0ec17a8e |
| SHA1 | 114427e606f60d7ad881dbf75ef072ab4a195eda |
| SHA256 | 14cd2f88e5bbd70b159b7ef604df909518fbed96482c5a3b0849390e588863f5 |
| SHA512 | 4004ae942a73d35cb40da2826b4a383d290510ad15bed5dc380e331bd910826c3f463a03caa3ccee8daaca7e11b2ee6a026c4f299c27d3fa2c3a1414200dc822 |
\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\ucrtbase.dll
| MD5 | a6713645adef83490f5b9116e2ffcccf |
| SHA1 | 91d18966536ff3116e2e3452a40d32436d7b11dc |
| SHA256 | a64e0ab682a1e28adcf8cef887bff0e760b4cd154bdbe5f05b8e5bda0dca5dd7 |
| SHA512 | 54a1967fb2a16aa7c5183de9ccd49855d97bc6f5acc96ba65e64ddbd5c9a737805d117ee4aae5ed4cbf37348191eb5c9c41dcd9c3c1ad084445812e009af080d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\ucrtbase.dll
| MD5 | 7df46a79d331cae63c9ae3fb160b6436 |
| SHA1 | 5cf6d0659bc5ff7b381c2aa5b8d083597b324e51 |
| SHA256 | acddc90d451ea1afec61e9e944643245c9e73f8acdb39f2d5d7b59e045a9a881 |
| SHA512 | fb2b3bba3732e53d91ffb4a0eac5b82be89a6dfc7003d26a33aead6595ed6c846a9cfb055e45b90e1790106663ba2aa7f843e01c5f84624bfee3f079c213f2f5 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
| MD5 | fb7cd856b973b459f24b4d6f4610f6e3 |
| SHA1 | 3562739447b8180c18cb08446dcfb6a1ef4af3ba |
| SHA256 | 2ef829b0ba1c935cbb52fe8135239228762bab87c3c03ecf2b87183a7e4eb7ee |
| SHA512 | 2c8e11883d23b3f8c1fc045cff974da2b1435147ece66d21f1e562659a3bf8ad0dfd817507d87229c8c6ff8bc5db180fe34c893ab0690d55b4aa42604e90d952 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png
| MD5 | a23c55ae34e1b8d81aa34514ea792540 |
| SHA1 | 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf |
| SHA256 | 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd |
| SHA512 | 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png
| MD5 | d03b7edafe4cb7889418f28af439c9c1 |
| SHA1 | 16822a2ab6a15dda520f28472f6eeddb27f81178 |
| SHA256 | a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665 |
| SHA512 | 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png
| MD5 | 57a6876000151c4303f99e9a05ab4265 |
| SHA1 | 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794 |
| SHA256 | 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4 |
| SHA512 | c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png
| MD5 | adbbeb01272c8d8b14977481108400d6 |
| SHA1 | 1cc6868eec36764b249de193f0ce44787ba9dd45 |
| SHA256 | 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85 |
| SHA512 | c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png
| MD5 | f1c75409c9a1b823e846cc746903e12c |
| SHA1 | f0e1f0cf35369544d88d8a2785570f55f6024779 |
| SHA256 | fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6 |
| SHA512 | ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png
| MD5 | de5ba8348a73164c66750f70f4b59663 |
| SHA1 | 1d7a04b74bd36ecac2f5dae6921465fc27812fec |
| SHA256 | a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73 |
| SHA512 | 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png
| MD5 | 8347d6f79f819fcf91e0c9d3791d6861 |
| SHA1 | 5591cf408f0adaa3b86a5a30b0112863ec3d6d28 |
| SHA256 | e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750 |
| SHA512 | 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png
| MD5 | 19876b66df75a2c358c37be528f76991 |
| SHA1 | 181cab3db89f416f343bae9699bf868920240c8b |
| SHA256 | a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425 |
| SHA512 | 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png
| MD5 | e01cdbbd97eebc41c63a280f65db28e9 |
| SHA1 | 1c2657880dd1ea10caf86bd08312cd832a967be1 |
| SHA256 | 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f |
| SHA512 | ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png
| MD5 | 771bc7583fe704745a763cd3f46d75d2 |
| SHA1 | e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752 |
| SHA256 | 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d |
| SHA512 | 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png
| MD5 | b83ac69831fd735d5f3811cc214c7c43 |
| SHA1 | 5b549067fdd64dcb425b88fabe1b1ca46a9a8124 |
| SHA256 | cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185 |
| SHA512 | 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png
| MD5 | 72747c27b2f2a08700ece584c576af89 |
| SHA1 | 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33 |
| SHA256 | 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b |
| SHA512 | 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini
| MD5 | dc40d33c727dfd5f7e9229a9309cf88b |
| SHA1 | ead643df404f280834d484f3275b309e098caec1 |
| SHA256 | 66cab68b94d4e3c8807bab2ff22660b6a79209c601f9fa47a5079ed158c2a75f |
| SHA512 | 5c2ee34bef85eb7fd6e2eb719a035a9ba97aa133703518da5423e40a0320ff0a576df3876fbad30ad3f58800f4963fe466ffd58ec238f5754b158306d0f56974 |
memory/4668-958-0x0000000007440000-0x0000000007450000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-02 16:06
Reported
2024-02-02 16:28
Platform
win10-20231215-en
Max time kernel
1060s
Max time network
1067s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\soan.exe | C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3032 wrote to memory of 4856 | N/A | C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe | C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe |
| PID 3032 wrote to memory of 4856 | N/A | C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe | C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe |
| PID 4856 wrote to memory of 1740 | N/A | C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe | C:\Windows\system32\cmd.exe |
| PID 4856 wrote to memory of 1740 | N/A | C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe | C:\Windows\system32\cmd.exe |
| PID 1740 wrote to memory of 4256 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\tasklist.exe |
| PID 1740 wrote to memory of 4256 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\tasklist.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe
"C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe"
C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe
"C:\Users\Admin\AppData\Local\Temp\soan2\soan.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | geolocation-db.com | udp |
| US | 8.8.8.8:53 | 33.66.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.16.231.173.in-addr.arpa | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 8.8.8.8:53 | 253.102.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store3.gofile.io | udp |
| US | 136.175.10.233:443 | store3.gofile.io | tcp |
| US | 8.8.8.8:53 | 233.10.175.136.in-addr.arpa | udp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.17.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI30322\ucrtbase.dll
| MD5 | 0e0bac3d1dcc1833eae4e3e4cf83c4ef |
| SHA1 | 4189f4459c54e69c6d3155a82524bda7549a75a6 |
| SHA256 | 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae |
| SHA512 | a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\python312.dll
| MD5 | 48ebfefa21b480a9b0dbfc3364e1d066 |
| SHA1 | b44a3a9b8c585b30897ddc2e4249dfcfd07b700a |
| SHA256 | 0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2 |
| SHA512 | 4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\base_library.zip
| MD5 | ccee0ea5ba04aa4fcb1d5a19e976b54f |
| SHA1 | f7a31b2223f1579da1418f8bfe679ad5cb8a58f5 |
| SHA256 | eeb7f0b3e56b03454868411d5f62f23c1832c27270cee551b9ca7d9d10106b29 |
| SHA512 | 4f29ac5df211fef941bd953c2d34cb0c769fb78475494746cb584790d9497c02be35322b0c8f5c14fe88d4dd722733eda12496db7a1200224a014043f7d59166 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_ctypes.pyd
| MD5 | 452305c8c5fda12f082834c3120db10a |
| SHA1 | 9bab7b3fd85b3c0f2bedc3c5adb68b2579daa6e7 |
| SHA256 | 543ce9d6dc3693362271a2c6e7d7fc07ad75327e0b0322301dd29886467b0b0e |
| SHA512 | 3d52afdbc8da74262475abc8f81415a0c368be70dbf5b2bd87c9c29ca3d14c44770a5b8b2e7c082f3ece0fd2ba1f98348a04b106a48d479fa6bd062712be8f7c |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\python3.DLL
| MD5 | 4038af0427bce296ca8f3e98591e0723 |
| SHA1 | b2975225721959d87996454d049e6d878994cbf2 |
| SHA256 | a5bb3eb6fdfd23e0d8b2e4bccd6016290c013389e06daae6cb83964fa69e2a4f |
| SHA512 | db762442c6355512625b36f112eca6923875d10aaf6476d79dc6f6ffc9114e8c7757ac91dbcd1fb00014122bc7f656115160cf5d62fa7fa1ba70bc71346c1ad3 |
\Users\Admin\AppData\Local\Temp\_MEI30322\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
\Users\Admin\AppData\Local\Temp\_MEI30322\_bz2.pyd
| MD5 | 90f58f625a6655f80c35532a087a0319 |
| SHA1 | d4a7834201bd796dc786b0eb923f8ec5d60f719b |
| SHA256 | bd8621fcc901fa1de3961d93184f61ea71068c436794af2a4449738ccf949946 |
| SHA512 | b5bb1ecc195700ad7bea5b025503edd3770b1f845f9beee4b067235c4e63496d6e0b19bdd2a42a1b6591d1131a2dc9f627b2ae8036e294300bb6983ecd644dc8 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_lzma.pyd
| MD5 | cf8de1137f36141afd9ff7c52a3264ee |
| SHA1 | afde95a1d7a545d913387624ef48c60f23cf4a3f |
| SHA256 | 22d10e2d6ad3e3ed3c49eb79ab69a81aaa9d16aeca7f948da2fe80877f106c16 |
| SHA512 | 821985ff5bc421bd16b2fa5f77f1f4bf8472d0d1564bc5768e4dbe866ec52865a98356bb3ef23a380058acd0a25cd5a40a1e0dae479f15863e48c4482c89a03f |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 6ea31229d13a2a4b723d446f4242425b |
| SHA1 | 036e888b35281e73b89da1b0807ea8e89b139791 |
| SHA256 | 8eccaba9321df69182ee3fdb8fc7d0e7615ae9ad3b8ca53806ed47f4867395ae |
| SHA512 | fa834e0e54f65d9a42ad1f4fb1086d26edfa182c069b81cff514feb13cfcb7cb5876508f1289efbc2d413b1047d20bab93ced3e5830bf4a6bb85468decd87cb6 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_asyncio.pyd
| MD5 | 70fb0b118ac9fd3292dde530e1d789b8 |
| SHA1 | 4adc8d81e74fc04bce64baf4f6147078eefbab33 |
| SHA256 | f8305023f6ad81ddc7124b311e500a58914b05a9b072bf9a6d079ea0f6257793 |
| SHA512 | 1ab72ea9f96c6153b9b5d82b01354381b04b93b7d58c0b54a441b6a748c81cccd2fc27bb3b10350ab376ff5ada9d83af67cce17e21ccbf25722baf1f2aef3c98 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\unicodedata.pyd
| MD5 | fc47b9e23ddf2c128e3569a622868dbe |
| SHA1 | 2814643b70847b496cbda990f6442d8ff4f0cb09 |
| SHA256 | 2a50d629895a05b10a262acf333e7a4a31db5cb035b70d14d1a4be1c3e27d309 |
| SHA512 | 7c08683820498fdff5f1703db4ad94ad15f2aa877d044eddc4b54d90e7dc162f48b22828cd577c9bb1b56f7c11f777f9785a9da1867bf8c0f2b6e75dc57c3f53 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\sqlite3.dll
| MD5 | 31cd2695493e9b0669d7361d92d46d94 |
| SHA1 | 19c1bc5c3856665eca5390a2f9cd59b564c0139b |
| SHA256 | 17d547994008f1626be2877497912687cb3ebd9a407396804310fd12c85aead4 |
| SHA512 | 9dd8d1b900999e8cea91f3d5f3f72d510f9cc28d7c6768a4046a9d2aa9e78a6ace1248ec9574f5f6e53a6f1bdbfdf153d9bf73dba05788625b03398716c87e1c |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\select.pyd
| MD5 | e1604afe8244e1ce4c316c64ea3aa173 |
| SHA1 | 99704d2c0fa2687997381b65ff3b1b7194220a73 |
| SHA256 | 74cca85600e7c17ea6532b54842e26d3cae9181287cdf5a4a3c50af4dab785e5 |
| SHA512 | 7bf35b1a9da9f1660f238c2959b3693b7d9d2da40cf42c6f9eba2164b73047340d0adff8995049a2fe14e149eba05a5974eee153badd9e8450f961207f0b3d42 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\pyexpat.pyd
| MD5 | e2d1c738d6d24a6dd86247d105318576 |
| SHA1 | 384198f20724e4ede9e7b68e2d50883c664eee49 |
| SHA256 | cdc09fbae2f103196215facd50d108be3eff60c8ee5795dcc80bf57a0f120cdf |
| SHA512 | 3f9cb64b4456438dea82a0638e977f233faf0a08433f01ca87ba65c7e80b0680b0ec3009fa146f02ae1fdcc56271a66d99855d222e77b59a1713caf952a807da |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\libssl-3.dll
| MD5 | bfc834bb2310ddf01be9ad9cff7c2a41 |
| SHA1 | fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c |
| SHA256 | 41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1 |
| SHA512 | 6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\libcrypto-3.dll
| MD5 | 51e8a5281c2092e45d8c97fbdbf39560 |
| SHA1 | c499c810ed83aaadce3b267807e593ec6b121211 |
| SHA256 | 2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a |
| SHA512 | 98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 9a3b4e5b18a946d6954f61673576fa11 |
| SHA1 | 74206258cfd864f08e26ea3081d66297221b1d52 |
| SHA256 | ce74a264803d3e5761ed2c364e2196ac1b391cb24029af24aee8ef537ec68738 |
| SHA512 | da21178f2e7f4b15c28ae7cb0cc5891eaa3bdd0192042965861c729839983c7dcba9cfb96930b52dbe8a592b4713aa40762e54d846b8135456a09ae5bacbb727 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 82e6d4ff7887b58206199e6e4be0feaf |
| SHA1 | 943e42c95562682c99a7ed3058ea734e118b0c44 |
| SHA256 | fb425bf6d7eb8202acd10f3fbd5d878ab045502b6c928ebf39e691e2b1961454 |
| SHA512 | ff774295c68bfa6b3c00a1e05251396406dee1927c16d4e99f4514c15ae674fd7ac5cadfe9bfffef764209c94048b107e70ac7614f6a8db453a9ce03a3db12e0 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-string-l1-1-0.dll
| MD5 | cf115db7dcf92a69cb4fd6e2ae42fed5 |
| SHA1 | b39aa5eca6be3f90b71dc37a5ecf286e3ddca09a |
| SHA256 | eb8fe2778c54213aa2cc14ab8cec89ebd062e18b3e24968aca57e1f344588e74 |
| SHA512 | 8abd2754171c90bbd37ca8dfc3db6edaf57ccdd9bc4ce82aef702a5ce8bc9e36b593dc863d9a2abd3b713a2f0693b04e52867b51cd578977a4a9fde175dba97a |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 9a7e2a550c64dabff61dad8d1574c79a |
| SHA1 | 8908de9d45f76764140687389bfaed7711855a2d |
| SHA256 | db059947ace80d2c801f684a38d90fd0292bdaa1c124cd76467da7c4329a8a32 |
| SHA512 | 70a6eb10a3c3bad45ba99803117e589bda741ecbb8bbdd2420a5ae981003aebe21e28cb437c177a3b23f057f299f85af7577fec9693d59a1359e5ffc1e8eaabd |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 3ae4741db3ddbcb205c6acbbae234036 |
| SHA1 | 5026c734dcee219f73d291732722691a02c414f2 |
| SHA256 | c26540e3099fa91356ee69f5058cf7b8aee63e23d6b58385476d1883e99033c3 |
| SHA512 | 9dd5e12265da0f40e3c1432fb25fd19be594684283e961a2eaffd87048d4f892d075dcd049ab08aeee582542e795a0d124b490d321d7beb7963fd778ef209929 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-process-l1-1-0.dll
| MD5 | ad586ea6ac80ac6309421deeea701d2f |
| SHA1 | bc2419dff19a9ab3c555bc00832c7074ec2d9186 |
| SHA256 | 39e363c47d4d45beda156cb363c5241083b38c395e4be237f3cfeda55176453c |
| SHA512 | 15c17cba6e73e2e2adb0e85af8ed3c0b71d37d4613d561ce0e818bdb2ca16862253b3cb291e0cf2475cedcb7ce9f7b4d66752817f61cf11c512869ef8dabc92a |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-math-l1-1-0.dll
| MD5 | e9036fd8b4d476807a22cb2eb4485b8a |
| SHA1 | 0e49d745643f6b0a7d15ea12b6a1fe053c829b30 |
| SHA256 | bfc8ad242bf673bf9024b5bbe4158ca6a4b7bdb45760ae9d56b52965440501bd |
| SHA512 | f1af074cce2a9c3a92e3a211223e05596506e7874ede5a06c8c580e002439d102397f2446ce12cc69c38d5143091443833820b902bb07d990654ce9d14e0a7f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | d8302fc8fac16f2afebf571a5ae08a71 |
| SHA1 | 0c1aee698e2b282c4d19011454da90bb5ab86252 |
| SHA256 | b9ae70e8f74615ea2dc6fc74ec8371616e57c8eff8555547e7167bb2db3424f2 |
| SHA512 | cd2f4d502cd37152c4b864347fb34bc77509cc9e0e7fe0e0a77624d78cda21f244af683ea8b47453aa0fa6ead2a0b2af4816040d8ea7cdad505f470113322009 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 546da2b69f039da9da801eb7455f7ab7 |
| SHA1 | b8ff34c21862ee79d94841c40538a90953a7413b |
| SHA256 | a93c8af790c37a9b6bac54003040c283bef560266aeec3d2de624730a161c7dc |
| SHA512 | 4a3c8055ab832eb84dd2d435f49b5b748b075bbb484248188787009012ee29dc4e04d8fd70110e546ce08d0c4457e96f4368802caee5405cff7746569039a555 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 931246f429565170bb80a1144b42a8c4 |
| SHA1 | e544fad20174cf794b51d1194fd780808f105d38 |
| SHA256 | a3ba0ee6a4abc082b730c00484d4462d16bc13ee970ee3eee96c34fc9b6ef8ed |
| SHA512 | 4d1d811a1e61a8f1798a617200f0a5ffbde9939a0c57b6b3901be9ca8445b2e50fc736f1dce410210965116249d77801940ef65d9440700a6489e1b9a8dc0a39 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | f983f25bf0ad58bcfa9f1e8fd8f94fcb |
| SHA1 | 27ede57c1a59b64db8b8c3c1b7f758deb07942e8 |
| SHA256 | a5c8c787c59d0700b5605925c8c255e5ef7902716c675ec40960640b15ff5aca |
| SHA512 | ac797ff4f49be77803a3fe5097c006bb4806a3f69e234bf8d1440543f945360b19694c8ecf132ccfbd17b788afce816e5866154c357c27dfeb0e97c0a594c166 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 33b85a64c4af3a65c4b72c0826668500 |
| SHA1 | 315ddb7a49283efe7fcae1b51ebd6db77267d8df |
| SHA256 | 8b24823407924688ecafc771edd9c58c6dbcc7de252e7ebd20751a5b9dd7abef |
| SHA512 | b3a62cb67c7fe44ca57ac16505a9e9c3712c470130df315b591a9d39b81934209c8b48b66e1e18da4a5323785120af2d9e236f39c9b98448f88adab097bc6651 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 42ee890e5e916935a0d3b7cdee7147e0 |
| SHA1 | d354db0aac3a997b107ec151437ef17589d20ca5 |
| SHA256 | 91d7a4c39baac78c595fc6cf9fd971aa0a780c297da9a8b20b37b0693bdcd42c |
| SHA512 | 4fae6d90d762ed77615d0f87833152d16b2c122964754b486ea90963930e90e83f3467253b7ed90d291a52637374952570bd9036c6b8c9eaebe8b05663ebb08e |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-util-l1-1-0.dll
| MD5 | 427f0e19148d98012968564e4b7e622a |
| SHA1 | 488873eb98133e20acd106b39f99e3ebdfaca386 |
| SHA256 | 0cbacaccedaf9b6921e6c1346de4c0b80b4607dacb0f7e306a94c2f15fa6d63d |
| SHA512 | 03fa49bdadb65b65efed5c58107912e8d1fccfa13e9adc9df4441e482d4b0edd6fa1bd8c8739ce09654b9d6a176e749a400418f01d83e7ae50fa6114d6aead2b |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 2554060f26e548a089cab427990aacdf |
| SHA1 | 8cc7a44a16d6b0a6b7ed444e68990ff296d712fe |
| SHA256 | 5ab003e899270b04abc7f67be953eaccf980d5bbe80904c47f9aaf5d401bb044 |
| SHA512 | fd4d5a7fe4da77b0222b040dc38e53f48f7a3379f69e2199639b9f330b2e55939d89ce8361d2135182b607ad75e58ee8e34b90225143927b15dcc116b994c506 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 9ca65d4fe9b76374b08c4a0a12db8d2f |
| SHA1 | a8550d6d04da33baa7d88af0b4472ba28e14e0af |
| SHA256 | 8a1e56bd740806777bc467579bdc070bcb4d1798df6a2460b9fe36f1592189b8 |
| SHA512 | 19e0d2065f1ca0142b26b1f5efdd55f874f7dde7b5712dd9dfd4988a24e2fcd20d4934bdda1c2d04b95e253aa1bee7f1e7809672d7825cd741d0f6480787f3b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-synch-l1-2-0.dll
| MD5 | dd6f223b4f9b84c6e9b2a7cf49b84fc7 |
| SHA1 | 2ee75d635d21d628e8083346246709a71b085710 |
| SHA256 | 8356f71c5526808af2896b2d296ce14e812e4585f4d0c50d7648bc851b598bef |
| SHA512 | 9c12912daea5549a3477baa2cd05180702cf24dd185be9f1fca636db6fbd25950c8c2b83f18d093845d9283c982c0255d6402e3cdea0907590838e0acb8cc8c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-string-l1-1-0.dll
| MD5 | 84b1347e681e7c8883c3dc0069d6d6fa |
| SHA1 | 9e62148a2368724ca68dfa5d146a7b95c710c2f2 |
| SHA256 | 1cb48031891b967e2f93fdd416b0324d481abde3838198e76bc2d0ca99c4fd09 |
| SHA512 | 093097a49080aec187500e2a9e9c8ccd01f134a3d8dc8ab982e9981b9de400dae657222c20fb250368ecddc73b764b2f4453ab84756b908fcb16df690d3f4479 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 4380d56a3b83ca19ea269747c9b8302b |
| SHA1 | 0c4427f6f0f367d180d37fc10ecbe6534ef6469c |
| SHA256 | a79c7f86462d8ab8a7b73a3f9e469514f57f9fe456326be3727352b092b6b14a |
| SHA512 | 1c29c335c55f5f896526c8ee0f7160211fd457c1f1b98915bcc141112f8a730e1a92391ab96688cbb7287e81e6814cc86e3b057e0a6129cbb02892108bfafaf4 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 8711e4075fa47880a2cb2bb3013b801a |
| SHA1 | b7ceec13e3d943f26def4c8a93935315c8bb1ac3 |
| SHA256 | 5bcc3a2d7d651bb1ecc41aa8cd171b5f2b634745e58a8503b702e43aee7cd8c6 |
| SHA512 | 7370e4acb298b2e690ccd234bd6c95e81a5b870ae225bc0ad8fa80f4473a85e44acc6159502085fe664075afa940cff3de8363304b66a193ac970ced1ba60aae |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-memory-l1-1-0.dll
| MD5 | c4098d0e952519161f4fd4846ec2b7fc |
| SHA1 | 8138ca7eb3015fc617620f05530e4d939cafbd77 |
| SHA256 | 51b2103e0576b790d5f5fdacb42af5dac357f1fd37afbaaf4c462241c90694b4 |
| SHA512 | 95aa4c7071bc3e3fa4db80742f587a0b80a452415c816003e894d2582832cf6eac645a26408145245d4deabe71f00eccf6adb38867206bedd5aa0a6413d241f5 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 772f1b596a7338f8ea9ddff9aba9447d |
| SHA1 | cda9f4b9808e9cef2aeac2ac6e7cdf0e8687c4c5 |
| SHA256 | cc1bfce8fe6f9973cca15d7dfcf339918538c629e6524f10f1931ae8e1cd63b4 |
| SHA512 | 8c94890c8f0e0a8e716c777431022c2f77b69ebfaa495d541e2d3312ae1da307361d172efce94590963d17fe3fcac8599dcabe32ab56e01b4d9cf9b4f0478277 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 9082d23943b0aa48d6af804a2f3609a2 |
| SHA1 | c11b4e12b743e260e8b3c22c9face83653d02efe |
| SHA256 | 7ecc2e3fe61f9166ff53c28d7cb172a243d94c148d3ef13545bc077748f39267 |
| SHA512 | 88434a2b996ed156d5effbb7960b10401831e9b2c9421a0029d2d8fa651b9411f973e988565221894633e9ffcd6512f687afbb302efe2273d4d1282335ee361d |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | 8e6eb11588fa9625b68960a46a9b1391 |
| SHA1 | ff81f0b3562e846194d330fadf2ab12872be8245 |
| SHA256 | ae56e19da96204e7a9cdc0000f96a7ef15086a9fe1f686687cb2d6fbcb037cd6 |
| SHA512 | fdb97d1367852403245fc82cb1467942105e4d9db0de7cf13a73658905139bb9ae961044beb0a0870429a1e26fe00fc922fbd823bd43f30f825863cad2c22cea |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | eaf36a1ead954de087c5aa7ac4b4adad |
| SHA1 | 9dd6bc47e60ef90794a57c3a84967b3062f73c3c |
| SHA256 | cdba9dc9af63ebd38301a2e7e52391343efeb54349fc2d9b4ee7b6bf4f9cf6eb |
| SHA512 | 1af9e60bf5c186ced5877a7fa690d9690b854faa7e6b87b0365521eafb7497fb7370ac023db344a6a92db2544b5bdc6e2744c03b10c286ebbf4f57c6ca3722cf |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 20ddf543a1abe7aee845de1ec1d3aa8e |
| SHA1 | 0eaf5de57369e1db7f275a2fffd2d2c9e5af65bf |
| SHA256 | d045a72c3e4d21165e9372f76b44ff116446c1e0c221d9cea3ab0a1134a310e8 |
| SHA512 | 96dd48df315a7eea280ca3da0965a937a649ee77a82a1049e3d09b234439f7d927d7fb749073d7af1b23dadb643978b70dcdadc6c503fe850b512b0c9c1c78dd |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | 8dfc224c610dd47c6ec95e80068b40c5 |
| SHA1 | 178356b790759dc9908835e567edfb67420fbaac |
| SHA256 | 7b8c7e09030df8cdc899b9162452105f8baeb03ca847e552a57f7c81197762f2 |
| SHA512 | fe5be81bfce4a0442dd1901721f36b1e2efcdcee1fdd31d7612ad5676e6c5ae5e23e9a96b2789cb42b7b26e813347f0c02614937c561016f1563f0887e69bbee |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 4f631924e3f102301dac36b514be7666 |
| SHA1 | b3740a0acdaf3fba60505a135b903e88acb48279 |
| SHA256 | e2406077621dce39984da779f4d436c534a31c5e863db1f65de5939d962157af |
| SHA512 | 56f9fb629675525cbe84a29d44105b9587a9359663085b62f3fbe3eea66451da829b1b6f888606bc79754b6b814ca4a1b215f04f301efe4db0d969187d6f76f1 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 6168023bdb7a9ddc69042beecadbe811 |
| SHA1 | 54ee35abae5173f7dc6dafc143ae329e79ec4b70 |
| SHA256 | 4ea8399debe9d3ae00559d82bc99e4e26f310934d3fd1d1f61177342cf526062 |
| SHA512 | f1016797f42403bb204d4b15d75d25091c5a0ab8389061420e1e126d2214190a08f02e2862a2ae564770397e677b5bcdd2779ab948e6a3e639aa77b94d0b3f6c |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-handle-l1-1-0.dll
| MD5 | d584c1e0f0a0b568fce0efd728255515 |
| SHA1 | 2e5ce6d4655c391f2b2f24fc207fdf0e6cd0cc2a |
| SHA256 | 3de40a35254e3e0e0c6db162155d5e79768a6664b33466bf603516f3743efb18 |
| SHA512 | c7d1489bf81e552c022493bb5a3cd95ccc81dbedaaa8fdc0048cacbd087913f90b366eeb4bf72bf4a56923541d978b80d7691d96dbbc845625f102c271072c42 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-file-l2-1-0.dll
| MD5 | bfffa7117fd9b1622c66d949bac3f1d7 |
| SHA1 | 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2 |
| SHA256 | 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e |
| SHA512 | b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-file-l1-2-0.dll
| MD5 | bcb8b9f6606d4094270b6d9b2ed92139 |
| SHA1 | bd55e985db649eadcb444857beed397362a2ba7b |
| SHA256 | fa18d63a117153e2ace5400ed89b0806e96f0627d9db935906be9294a3038118 |
| SHA512 | 869b2b38fd528b033b3ec17a4144d818e42242b83d7be48e2e6da6992111758b302f48f52e0dd76becb526a90a2b040ce143c6d4f0e009a513017f06b9a8f2b9 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-file-l1-1-0.dll
| MD5 | ea00855213f278d9804105e5045e2882 |
| SHA1 | 07c6141e993b21c4aa27a6c2048ba0cff4a75793 |
| SHA256 | f2f74a801f05ab014d514f0f1d0b3da50396e6506196d8beccc484cd969621a6 |
| SHA512 | b23b78b7bd4138bb213b9a33120854249308bb2cf0d136676174c3d61852a0ac362271a24955939f04813cc228cd75b3e62210382a33444165c6e20b5e0a7f24 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | f1534c43c775d2cceb86f03df4a5657d |
| SHA1 | 9ed81e2ad243965e1090523b0c915e1d1d34b9e1 |
| SHA256 | 6e6bfdc656f0cf22fabba1a25a42b46120b1833d846f2008952fe39fe4e57ab2 |
| SHA512 | 62919d33c7225b7b7f97faf4a59791f417037704eb970cb1cb8c50610e6b2e86052480cdba771e4fad9d06454c955f83ddb4aea2a057725385460617b48f86a7 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-debug-l1-1-0.dll
| MD5 | 71f1d24c7659171eafef4774e5623113 |
| SHA1 | 8712556b19ed9f80b9d4b6687decfeb671ad3bfe |
| SHA256 | c45034620a5bb4a16e7dd0aff235cc695a5516a4194f4fec608b89eabd63eeef |
| SHA512 | 0a14c03365adb96a0ad539f8e8d8333c042668046cea63c0d11c75be0a228646ea5b3fbd6719c29580b8baaeb7a28dc027af3de10082c07e089cdda43d5c467a |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | c5e3e5df803c9a6d906f3859355298e1 |
| SHA1 | 0ecd85619ee5ce0a47ff840652a7c7ef33e73cf4 |
| SHA256 | 956773a969a6213f4685c21702b9ed5bd984e063cf8188acbb6d55b1d6ccbd4e |
| SHA512 | deedef8eaac9089f0004b6814862371b276fbcc8df45ba7f87324b2354710050d22382c601ef8b4e2c5a26c8318203e589aa4caf05eb2e80e9e8c87fd863dfc9 |
C:\Users\Admin\AppData\Local\Temp\_MEI30322\api-ms-win-core-console-l1-1-0.dll
| MD5 | 40ba4a99bf4911a3bca41f5e3412291f |
| SHA1 | c9a0e81eb698a419169d462bcd04d96eaa21d278 |
| SHA256 | af0e561bb3b2a13aa5ca9dfc9bc53c852bad85075261af6ef6825e19e71483a6 |
| SHA512 | f11b98ff588c2e8a88fdd61d267aa46dc5240d8e6e2bfeea174231eda3affc90b991ff9aae80f7cea412afc54092de5857159569496d47026f8833757c455c23 |