Analysis Overview
SHA256
5360426ae21b378b66e5cc46eadb132d6040f5ff79c4baf18f0a488c5ead672c
Threat Level: Likely malicious
The file main.exe was found to be: Likely malicious.
Malicious Activity Summary
Manipulates Digital Signatures
Drops file in Drivers directory
Reads user/profile data of web browsers
Drops startup file
Executes dropped EXE
Modifies system executable filetype association
Registers COM server for autorun
Checks computer location settings
Loads dropped DLL
Drops desktop.ini file(s)
Checks whether UAC is enabled
Looks up external IP address via web service
Checks installed software on the system
Adds Run key to start application
Modifies termsrv.dll
Checks system information in the registry
Detected potential entity reuse from brand google.
Drops autorun.inf file
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies system certificate store
Opens file in notepad (likely ransom note)
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Checks processor information in registry
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-02-18 15:45
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-18 15:45
Reported
2024-02-18 15:48
Platform
win7-20231215-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-18 15:45
Reported
2024-02-18 16:03
Platform
win10v2004-20231215-en
Max time kernel
715s
Max time network
865s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\drivers\ja-JP\wfplwfs.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\de-DE\usbport.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\it-IT\USBXHCI.SYS.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\ja-JP\sermouse.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\sisraid4.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\UcmUcsiCx.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\de-DE\parport.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\es-ES\EhStorTcgDrv.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\es-ES\http.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\fr-FR\isapnp.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\it-IT\wdf01000.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\UMDF\PosCx.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\adp80xx.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\en-US\afd.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\es-ES\kbdclass.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\sfloppy.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\UMDF\EhStorPwdDrv.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\en-US\kbdclass.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\es-ES\qwavedrv.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\it-IT\rfxvmt.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\ntfs.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\terminpt.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\UMDF\SensorsCx.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\es-ES\rdvgkmd.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\scsiport.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\udfs.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\mspclock.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\it-IT\NdisImPlatform.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\AcpiDev.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\de-DE\MTConfig.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\fr-FR\sdstor.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\it-IT\usbport.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\ja-JP\dumpsd.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\de-DE\refsv1.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\fr-FR\kbdclass.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\fr-FR\mslldp.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\es-ES\luafv.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\fr-FR\mshidumdf.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\tpm.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\UMDF\de-DE\hidscanner.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\UMDF\it-IT\hidscanner.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\fr-FR\IPMIDRV.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\it-IT\isapnp.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\ja-JP\usbstor.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\ja-JP\volmgr.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\es-ES\ataport.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\fr-FR\PktMon.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\fr-FR\qwavedrv.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\fr-FR\wacompen.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\UMDF\es-ES\UsbccidDriver.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\UMDF\usbdr.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\cldflt.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\de-DE\BTHUSB.SYS.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\de-DE\hidbth.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\es-ES\acpi.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\hdaudbus.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\UMDF\SMCCx.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\en-US\vhdmp.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\lsi_sas.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\drivers\mspqm.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\es-ES\wfplwfs.sys.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\iaLPSSi_I2C.sys | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\wintrust.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\wintrust.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LOCALSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\WOW6432NODE\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\LOCALSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\WOW6432NODE\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LOCALSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileCoAuthLib64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\WOW6432NODE\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\WOW6432NODE\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\Temp\GUMBCD2.tmp\GoogleUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\Temp\GUM8D12.tmp\GoogleUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Google\Temp\GUME94C.tmp\GoogleUpdate.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Public\Libraries\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\Fonts\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files (x86)\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\3D Objects\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Public\AccountPictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Public\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Web\Wallpaper\Theme2\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\$Recycle.Bin\S-1-5-21-635608581-3370340891-292606865-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Web\Wallpaper\Theme1\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Detected potential entity reuse from brand google.
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File created | C:\Windows\BitLockerDiscoveryVolumeContents\autorun.inf | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\de-DE\dimsroam.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\es-ES\bcastdvruserservice.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\ja-jp\hid.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\es-ES\hgcpl.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\p2pnetsh.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\C_20278.NLS | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-PrintToPDFServices-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.cat | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\ja-jp\vaultsvc.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\wbem\AutoRecover\D8A32838B23AD6809B3B7858DA93D26B.mof | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\fr-FR\odbcconf.exe.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\it-IT\SmsRouterSvc.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\ja-jp\BdeHdCfgLib.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\ja-jp\oleaccrc.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\wbem\AutoRecover\517ED769F6478117021531216F609C27.mof | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\wbem\AutoRecover\C7AD207ED7993A4809373AC7E5784F42.mof | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\wbem\it-IT\WMIPICMP.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-HypervisorPlatform-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\SyncInfrastructureps.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PersistentMemory\PmemDisk.ps1xml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\it-IT\autopilotdiag.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\eeprom_ar6320_3p0_NFA344A_power1213_DE_P87G.bin | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\downlevel\api-ms-win-core-timezone-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\en-US\NfcRadioMedia.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\ja-jp\wmitomi.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\D3D12Core.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\BackgroundTransferHost.exe | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPWGR-pipelineconfig.xml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\es-ES\odbcad32.exe.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\wbem\msfeeds.mof | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-AppServer-Client-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\es-ES\XInput1_4.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\ja-jp\accessibilitycpl.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\ja-jp\ulib.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-ppdlic.xrm-ms | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\wbem\AutoRecover\2A2AB14E79261C4C2272F4B50901244C.mof | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PAW-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\agentactivationruntime.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\en-US\dskquoui.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\en-US\cngcredui.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\es-ES\ICacls.exe.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\it-IT\IPNATHLPCLIENT.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\ja-jp\mrinfo.exe.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\en-US\wmiprop.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\vfwwdm32.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\MicrosoftAccountWAMExtension.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\fr-FR\msmpeg2enc.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_1394.inf_amd64_cac08af12caec647\c_1394.inf | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\DriverStore\ja-JP\nete1e3e.inf_loc | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\nshipsec.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\es-ES\twinui.pcshell.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\ja-JP\wecutil.exe.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-msmq-dcomproxy-Opt-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\DriverStore\de-DE\hdaudbus.inf_loc | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\KnobsCore.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\SettingsHandlers_Region.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\de-DE\Windows.Devices.Custom.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\wbem\wsp_sr.mof | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\ja-jp\ShutdownUX.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\netjoin.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SysWOW64\FirewallControlPanel.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppServerClient-OptGroup-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.cat | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\System32\dmenterprisediagnostics.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Modifies termsrv.dll
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\termsrv.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\MSFT_PackageManagementSource.schema.mfl | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\odffilt.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\mfc140u.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-32.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.UI\Resources\SegXbox2.ttf | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\es-es\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\cs-cz\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.scale-150.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Fur.jpg | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-125_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-32_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-400.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_share_18.svg | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\vk_swiftshader_icd.json | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-125.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\msointl30_winrt.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker29.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-400.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.scale-200_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Mail.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail2x.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\PlayStore_icon.svg | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationCore.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\LargeTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-60_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\BreakAndContinue.Tests.ps1 | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ja-jp\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Close2x.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-200_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Google.scale-250.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarWideTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\saext.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\PresentationCore.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinTranslator.xml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\ms.pak | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_nl.json | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_2x.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyView.scale-200.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\mip.exe | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\1px.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\WideTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.targetsize-256.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1851_20x20x32.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\ug.pak | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-125.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookMedTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Fonts\arialbd.ttf | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\ImmersiveControlPanel\images\TinyTile.contrast-black.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\System.Runtime.Remoting.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it\aspnet_regsql.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\PolicyDefinitions\ja-JP\ICM.adml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Fonts\modern.fon | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\de\SMDiagnostics.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\PolicyDefinitions\ja-JP\CEIPEnable.adml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Cursors\aero_pen.cur | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.IsolatedStorage.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\v4.0_10.0.0.0_de_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\PolicyDefinitions\ja-JP\EventLogging.adml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\PolicyDefinitions\nca.admx | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Media\Windows Information Bar.wav | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\DE\System.Transactions.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\es\system.data.sqlxml.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1036\dv_aspnetmmc.chm | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\ManageAppSettings.aspx.de.resx | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\PolicyDefinitions\WinInit.admx | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ja\Microsoft.Activities.Build.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\PolicyDefinitions\fr-FR\Camera.adml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\ES\System.Web.Mobile.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0410\mscorsecr.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ja\System.Configuration.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-60_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\INF\c_cashdrawer.inf | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_GlobalResources\GlobalResources.de.resx | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.NetTcp.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\INF\netvwifimp.inf | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\http_gen.htm | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppxManifest.xml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Boot\Resources\de-DE\bootres.dll.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\System.Activities.DurableInstancing.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\PolicyDefinitions\TouchInput.admx | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\Fonts\GlobalSansSerif.CompositeFont | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\de\sysglobl.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\System.ComponentModel.DataAnnotations.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\napinit.resources\v4.0_10.0.0.0_fr_31bf3856ad364e35\napinit.Resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\square150x150logo.scale-200_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\JA\mscorrc.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\de\CustomMarshalers.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Resources\Themes\aero\de-DE\aero.msstyles.mui | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.Shell\Images\Icon_MMXresume.contrast-white_scale-400.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\NearShare.contrast-black_scale-400.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles\manageSingleRole.aspx | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\PLA\Rules\en-US\Rules.System.Wireless.xml | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrormfnotfound.html | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.scale-100_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\PolicyDefinitions\SkyDrive.admx | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp.aspx.ja.resx | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\fr\System.Net.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\normnfkc.nlp | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SecurityAuditPoliciesSnapIn.resources\v4.0_10.0.0.0_de_31bf3856ad364e35\SecurityAuditPoliciesSnapIn.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics.Vectors\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Numerics.Vectors.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.resources\v4.0_4.0.0.0_fr_b03f5f7f11d50a3a\System.Web.resources.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Assets\PasswordExpiry.contrast-white_scale-125.png | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Threading.Thread.dll | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\pris\resources.fr-FR.pri | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe.config | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\memoryAnalyzer\snapshotTileView.css | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00430b188362da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d228e40a7820b94dbd5c7b6846f2f5ad000000000200000000001066000000010000200000000d5cdc42c9cc0ec4ecf8f0b5bf3154bcce29b09c9cbe972171268745612b6ab2000000000e8000000002000020000000897c2ec0e82ada8f99608f31f3cc532a26777fe839767d3c07e8f01784ac2371200000005b0e8ae92ba4addad4b7298b1c2d403cfb450c4f9be7f63e17847b7c6560bd2e40000000af118430a4eb23bfbf9e412d01cce881af06a86d86cef44e0adccc61e2cea4cdeefc1bfbe179101af2e4b2e06e152e800172267fb0f61c3bcd7ee9446b34a816 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d228e40a7820b94dbd5c7b6846f2f5ad000000000200000000001066000000010000200000002d70d3498cf01b46d3a998f74407e4859bcdba119b072f171a929b7362002d16000000000e8000000002000020000000fc2b4648de3e79be3ae42b299a0f6806e1cf8bc71f4e7d71c6ebe62f484a7f742000000066c903e77a1a2da6b20324f988347c68fb1c4fcad0194dd0a578e591c1341d9a40000000bdb8600aa087bd17beb83640cdbf532bdb12bd73276849bbab81b735321fe8ad975eb4c68f6de296a7ed99c70f8e0823427aa59db8dd255df62e9a35ce0f2a52 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "277497798" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3BAC8FEA-CE76-11EE-B7F4-52EF8B93895E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "279073931" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3BACB6FA-CE76-11EE-B7F4-52EF8B93895E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31089283" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "277497798" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\WOW6432NODE\INTERFACE\{AF60000F-661D-472A-9588-F062F6DB7A0E}\TYPELIB | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\ = "IGetSelectiveSyncInformationCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\ = "IItemActivityCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\ = "IContentProvider" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\ = "IMapLibraryCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\ = "FileSyncEx" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\ = "IAlbumMetadataCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ = "ILoginCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\TypeLib\ = "{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{1EDD003E-C446-43C5-8BA0-3778CC4792CC}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\TypeLib\{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}\1.0 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7}\ = "IFileSyncClient6" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\mssharepointclient\shell\open | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\Programmable\ | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\ProgID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\WOW6432NODE\INTERFACE\{1EDD003E-C446-43C5-8BA0-3778CC4792CC}\TYPELIB | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ = "ISyncItemPathCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\TYPELIB\{F904F88C-E60D-4327-9FA2-865AD075B400}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{0f872661-c863-47a4-863f-c065c182858a}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\ = "SharedOverlayHandler Class" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\WOW6432NODE\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\INPROCSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{0f872661-c863-47a4-863f-c065c182858a}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ = "IGetSyncStatusCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\FileSyncClient.FileSyncClient\CLSID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\ = "ICreateLibraryCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\ProgID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_CLASSES\SYNCENGINESTORAGEPROVIDERHANDLERPROXY.SYNCENGINESTORAGEPROVIDERHANDLERPROXY.1\CLSID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\ = "IGetItemPropertiesCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
/updateInstalled /background
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\WatchNew.mhtml
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa31ef46f8,0x7ffa31ef4708,0x7ffa31ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1348 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\SplitConvertFrom.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa31ef46f8,0x7ffa31ef4708,0x7ffa31ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,514427019442126749,15572506840347247358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0e851af6bf3d41a883bde61ccfc92b8a /t 584 /p 1104
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileCoAuth.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileCoAuth.exe" -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault7e13f283hdc1eh46b7h877ch0de424072da5
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa31ef46f8,0x7ffa31ef4708,0x7ffa31ef4718
C:\Program Files (x86)\Google\Temp\GUMBCD2.tmp\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Temp\GUMBCD2.tmp\GoogleUpdate.exe" -Embedding "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={77AAE3B2-03D2-A7AB-5FD5-70B5E1DD59B6}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6750946927464371657,9502482841939242624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6750946927464371657,9502482841939242624,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6750946927464371657,9502482841939242624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /url:"odopen://launch/?scenarioId=27&accounttype=personal"
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultc96ad11fhaa4eh4e7bhb86bh334fe62da974
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa31ef46f8,0x7ffa31ef4708,0x7ffa31ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,16818483499212393018,18166979946248133939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,16818483499212393018,18166979946248133939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,16818483499212393018,18166979946248133939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResizeSubmit.rm"
C:\Program Files (x86)\Google\Temp\GUM8D12.tmp\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Temp\GUM8D12.tmp\GoogleUpdate.exe" --started-from-file "C:\Users\Admin\Desktop\ResizeSubmit.rm" "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={77AAE3B2-03D2-A7AB-5FD5-70B5E1DD59B6}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/support/installer/?hl=&product=&error=0x80040c01&extra_code=0&guver=1.3.36.372&m=0&os=10.0.19041.1288&sp=&iid=&brand=&source=gethelp
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/support/installer/?hl=&product=&error=0x80040c01&extra_code=0&guver=1.3.36.372&m=0&os=10.0.19041.1288&sp=&iid=&brand=&source=gethelp
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/support/installer/?hl=&product=&error=0x80040c01&extra_code=0&guver=1.3.36.372&m=0&os=10.0.19041.1288&sp=&iid=&brand=&source=gethelp
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/support/installer/?hl=&product=&error=0x80040c01&extra_code=0&guver=1.3.36.372&m=0&os=10.0.19041.1288&sp=&iid=&brand=&source=gethelp
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:496 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4124 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5116 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4556 CREDAT:17410 /prefetch:2
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileCoAuth.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileCoAuth.exe" -Embedding
C:\Program Files (x86)\Google\Temp\GUME94C.tmp\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Temp\GUME94C.tmp\GoogleUpdate.exe" -Embedding "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={77AAE3B2-03D2-A7AB-5FD5-70B5E1DD59B6}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.194.113.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| GB | 142.250.187.206:443 | support.google.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.251:443 | storage.googleapis.com | tcp |
| GB | 142.250.187.251:443 | storage.googleapis.com | tcp |
| GB | 142.250.187.251:443 | storage.googleapis.com | tcp |
| GB | 142.250.187.251:443 | storage.googleapis.com | tcp |
| GB | 142.250.187.251:443 | storage.googleapis.com | tcp |
| GB | 142.250.187.251:443 | storage.googleapis.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.251:443 | storage.googleapis.com | tcp |
| GB | 142.250.187.251:443 | storage.googleapis.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Program Files\7-Zip\7z.dll
| MD5 | 0f195eeb129891db61aa2be4f2a748e8 |
| SHA1 | 671a308dc5ca46fe8e4fa0d6b8b63e064cecfde3 |
| SHA256 | 9b9b746f76b26950795727f9b635c2fe60dbb3213e88cc598d13b6d45ae7f5b3 |
| SHA512 | 71b8ae5fe463c0b7cced5852ff075b12eafc0d261c681050773bd1d4b0a133d432330c266afa53295d098eebca811f649a26753ff9b5116116230c00fb276c1e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json
| MD5 | e516a60bc980095e8d156b1a99ab5eee |
| SHA1 | 238e243ffc12d4e012fd020c9822703109b987f6 |
| SHA256 | 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7 |
| SHA512 | 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\43O0UZKG\update100[2].xml
| MD5 | 53244e542ddf6d280a2b03e28f0646b7 |
| SHA1 | d9925f810a95880c92974549deead18d56f19c37 |
| SHA256 | 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d |
| SHA512 | 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
| MD5 | c0171caf49fc8b699c991ae954459f61 |
| SHA1 | 813d7c4f66a78a146915381dca5b592a37801fd1 |
| SHA256 | 23cfe0158b20cd3ac2414cb4fd8986909396243f49c6ae3be2bc3897eced919b |
| SHA512 | bd095b4f4a8f837c2416c22eae6adb2d7a1226c11eef075bff149bf160fc3130978b627806afe48757114af01d8421acd2fe6a776a3cb348e3ee8ceb55dd0882 |
memory/2832-3609-0x0000024B1F440000-0x0000024B1F441000-memory.dmp
memory/2832-3626-0x0000024B1F440000-0x0000024B1F441000-memory.dmp
memory/2832-3620-0x0000024B1F440000-0x0000024B1F441000-memory.dmp
memory/2832-3696-0x0000024B1F440000-0x0000024B1F441000-memory.dmp
memory/2832-3697-0x0000024B1F440000-0x0000024B1F441000-memory.dmp
memory/2832-3699-0x0000024B1F440000-0x0000024B1F441000-memory.dmp
memory/2832-3700-0x0000024B1F440000-0x0000024B1F441000-memory.dmp
memory/2832-3701-0x0000024B1F440000-0x0000024B1F441000-memory.dmp
memory/2832-3698-0x0000024B1F440000-0x0000024B1F441000-memory.dmp
memory/2832-3702-0x0000024B1F440000-0x0000024B1F441000-memory.dmp
\??\c:\users\admin\appdata\local\microsoft\onedrive\update\onedrivesetup.exe
| MD5 | baf1c107751777e7630a9d2c1865f64b |
| SHA1 | ae2a2954bbdd3800366f860253019a9e5451da4c |
| SHA256 | 5ed8cc967c498f99578e857ec4b2b3ea8254e32f371741543faabd48fdf244bd |
| SHA512 | 176aa32dfaa3f4fb3bde63c50a5607a96a3fa8f056d523c59d2d87e29057ef7d71d49502c0364bc6dc6a2a6fc392f4db6207e2eb3865dc3644b9ef68087fa482 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
| MD5 | ed6171c4a7187c4fb35a2e9d3439ab56 |
| SHA1 | 551f6853dd5e80df3b13de4a58b3edcd4063c6e9 |
| SHA256 | 44c60a46f9de2023af281f2a92b014069a5bf4335fa808d245fdee37487f7e4b |
| SHA512 | 21f980bf0c6b1d3fe5dfeb8aa62712769bb8224714487e6b0cb96226a02646fe3f2bd156ffce16c584ec2413dca9d24f78dbbba9ec48ac592d79fd6e2580b208 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
| MD5 | 55cbf756649757b619e2bac805a52ef5 |
| SHA1 | fe669d17ad26185d057a77ffb55d91fd28d63a7d |
| SHA256 | e52a7c89ce9510ffabe51f155d2c76bd55351cf794fbfdaebb24c7019507fb5e |
| SHA512 | e38f713db47171e0f32f2bca7d702c82e80091542b3b32bdc2768d6f96ed2d95c2fe1e958cdc39a48d83fb637b1a1833d6322d21e0137677bf0df338227bb7ea |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini
| MD5 | 3871ec5da13713758481f173d0a5613b |
| SHA1 | ce240792555155a48b0eb299c5be0a214a375027 |
| SHA256 | 0dec4f64bb0ee066a44a4d1dadc915d651d80b695a97e4c25a644af78ede16e0 |
| SHA512 | 5fbf2af533f2380979e12342d846db35186962273c6c8aa253f1cecf8bf8df1b772c6cd17c683dd6e9aab5e9da35262dbd005c1e0996fe1a7d0ea7ac0e09eda0 |
C:\Users\Admin\AppData\Local\Temp\tmp166C.tmp
| MD5 | a1a92049ed67937e014c6442210325f5 |
| SHA1 | 24b6fa48a6368de672d637c22ff4d1b9331ee4d6 |
| SHA256 | 851da805b98e4ec15ecf7ec5b34677dda4eb20cab38a90930b2cdfdc31f84fa8 |
| SHA512 | b4670ecdede2c3d940121435308f394424d8074898e1f9f82df65584b316ff17986f45db35e094af5174fc3915b200f4283fdbf50a82e23df6fabda50f09d406 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini
| MD5 | cc04d6015cd4395c9b980b280254156e |
| SHA1 | 87b176f1330dc08d4ffabe3f7e77da4121c8e749 |
| SHA256 | 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e |
| SHA512 | d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe
| MD5 | 33c8db06809f01a0dbeb383d070297b2 |
| SHA1 | fad0c6d42cc5df3fac0d2770db1a794c9b4a2519 |
| SHA256 | 856a6a1839c39fbdaff26a58953561b55362351ac0d15bb2a1aa57697451b939 |
| SHA512 | b3b89c2737df4501e904c34c8e9b5418cd95b63d9c81d57fea5a3f9324e4b648c4180e663b236b096057d931fb1ac58a8197fc6b5d226c3262298db97552c867 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png
| MD5 | 72747c27b2f2a08700ece584c576af89 |
| SHA1 | 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33 |
| SHA256 | 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b |
| SHA512 | 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png
| MD5 | b83ac69831fd735d5f3811cc214c7c43 |
| SHA1 | 5b549067fdd64dcb425b88fabe1b1ca46a9a8124 |
| SHA256 | cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185 |
| SHA512 | 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png
| MD5 | 771bc7583fe704745a763cd3f46d75d2 |
| SHA1 | e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752 |
| SHA256 | 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d |
| SHA512 | 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png
| MD5 | e01cdbbd97eebc41c63a280f65db28e9 |
| SHA1 | 1c2657880dd1ea10caf86bd08312cd832a967be1 |
| SHA256 | 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f |
| SHA512 | ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png
| MD5 | d03b7edafe4cb7889418f28af439c9c1 |
| SHA1 | 16822a2ab6a15dda520f28472f6eeddb27f81178 |
| SHA256 | a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665 |
| SHA512 | 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png
| MD5 | 57a6876000151c4303f99e9a05ab4265 |
| SHA1 | 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794 |
| SHA256 | 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4 |
| SHA512 | c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png
| MD5 | 09f3f8485e79f57f0a34abd5a67898ca |
| SHA1 | e68ae5685d5442c1b7acc567dc0b1939cad5f41a |
| SHA256 | 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3 |
| SHA512 | 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri
| MD5 | 7473be9c7899f2a2da99d09c596b2d6d |
| SHA1 | 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac |
| SHA256 | e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3 |
| SHA512 | a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe
| MD5 | 9cdabfbf75fd35e615c9f85fedafce8a |
| SHA1 | 57b7fc9bf59cf09a9c19ad0ce0a159746554d682 |
| SHA256 | 969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673 |
| SHA512 | 348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml
| MD5 | 5ae2d05d894d1a55d9a1e4f593c68969 |
| SHA1 | a983584f58d68552e639601538af960a34fa1da7 |
| SHA256 | d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c |
| SHA512 | 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png
| MD5 | 096d0e769212718b8de5237b3427aacc |
| SHA1 | 4b912a0f2192f44824057832d9bb08c1a2c76e72 |
| SHA256 | 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef |
| SHA512 | 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png
| MD5 | d9d00ecb4bb933cdbb0cd1b5d511dcf5 |
| SHA1 | 4e41b1eda56c4ebe5534eb49e826289ebff99dd9 |
| SHA256 | 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89 |
| SHA512 | 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png
| MD5 | ed306d8b1c42995188866a80d6b761de |
| SHA1 | eadc119bec9fad65019909e8229584cd6b7e0a2b |
| SHA256 | 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301 |
| SHA512 | 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png
| MD5 | 1f156044d43913efd88cad6aa6474d73 |
| SHA1 | 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26 |
| SHA256 | 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816 |
| SHA512 | df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png
| MD5 | 3c29933ab3beda6803c4b704fba48c53 |
| SHA1 | 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c |
| SHA256 | 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633 |
| SHA512 | 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png
| MD5 | 22e17842b11cd1cb17b24aa743a74e67 |
| SHA1 | f230cb9e5a6cb027e6561fabf11a909aa3ba0207 |
| SHA256 | 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42 |
| SHA512 | 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png
| MD5 | 552b0304f2e25a1283709ad56c4b1a85 |
| SHA1 | 92a9d0d795852ec45beae1d08f8327d02de8994e |
| SHA256 | 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535 |
| SHA512 | 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png
| MD5 | 2c7a9e323a69409f4b13b1c3244074c4 |
| SHA1 | 3c77c1b013691fa3bdff5677c3a31b355d3e2205 |
| SHA256 | 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2 |
| SHA512 | 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png
| MD5 | f4e9f958ed6436aef6d16ee6868fa657 |
| SHA1 | b14bc7aaca388f29570825010ebc17ca577b292f |
| SHA256 | 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b |
| SHA512 | cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png
| MD5 | e593676ee86a6183082112df974a4706 |
| SHA1 | c4e91440312dea1f89777c2856cb11e45d95fe55 |
| SHA256 | deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb |
| SHA512 | 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png
| MD5 | 13e6baac125114e87f50c21017b9e010 |
| SHA1 | 561c84f767537d71c901a23a061213cf03b27a58 |
| SHA256 | 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e |
| SHA512 | 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png
| MD5 | a23c55ae34e1b8d81aa34514ea792540 |
| SHA1 | 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf |
| SHA256 | 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd |
| SHA512 | 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png
| MD5 | adbbeb01272c8d8b14977481108400d6 |
| SHA1 | 1cc6868eec36764b249de193f0ce44787ba9dd45 |
| SHA256 | 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85 |
| SHA512 | c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png
| MD5 | f1c75409c9a1b823e846cc746903e12c |
| SHA1 | f0e1f0cf35369544d88d8a2785570f55f6024779 |
| SHA256 | fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6 |
| SHA512 | ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png
| MD5 | de5ba8348a73164c66750f70f4b59663 |
| SHA1 | 1d7a04b74bd36ecac2f5dae6921465fc27812fec |
| SHA256 | a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73 |
| SHA512 | 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png
| MD5 | 8347d6f79f819fcf91e0c9d3791d6861 |
| SHA1 | 5591cf408f0adaa3b86a5a30b0112863ec3d6d28 |
| SHA256 | e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750 |
| SHA512 | 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png
| MD5 | 19876b66df75a2c358c37be528f76991 |
| SHA1 | 181cab3db89f416f343bae9699bf868920240c8b |
| SHA256 | a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425 |
| SHA512 | 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png
| MD5 | 09773d7bb374aeec469367708fcfe442 |
| SHA1 | 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6 |
| SHA256 | 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2 |
| SHA512 | f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
| MD5 | 57bd9bd545af2b0f2ce14a33ca57ece9 |
| SHA1 | 15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1 |
| SHA256 | a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf |
| SHA512 | d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.DLL
| MD5 | 4ffef06099812f4f86d1280d69151a3f |
| SHA1 | e5da93b4e0cf14300701a0efbd7caf80b86621c3 |
| SHA256 | d5a538a0a036c602492f9b2b6f85de59924da9ec3ed7a7bbf6ecd0979bee54d3 |
| SHA512 | d667fd0ae46039914f988eb7e407344114944a040468e4ec5a53d562db2c3241737566308d8420bb4f7c89c6ef446a7881b83eaac7daba3271b81754c5c0f34a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll
| MD5 | 50ea1cd5e09e3e2002fadb02d67d8ce6 |
| SHA1 | c4515f089a4615d920971b28833ec739e3c329f3 |
| SHA256 | 414f6f64d463b3eb1e9eb21d9455837c99c7d9097f6bb61bd12c71e8dce62902 |
| SHA512 | 440ededc1389b253f3a31c4f188fda419daf2f58096cf73cad3e72a746bdcde6bde049ce74c1eb521909d700d50fbfddbf802ead190cd54927ea03b5d0ce81b3 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll
| MD5 | 037df27be847ef8ab259be13e98cdd59 |
| SHA1 | d5541dfa2454a5d05c835ec5303c84628f48e7b2 |
| SHA256 | 9fb3abcafd8e8b1deb13ec0f46c87b759a1cb610b2488052ba70e3363f1935ec |
| SHA512 | 7e1a04368ec469e4059172c5b44fd08d4ea3d01df98bfd6d4cc91ac45f381862ecf89fe9c6bedce985a12158d840cd6cfa06ce9d22466fbf6110140465002205 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\vcruntime140.dll
| MD5 | cefcd5d1f068c4265c3976a4621543d4 |
| SHA1 | 4d874d6d6fa19e0476a229917c01e7c1dd5ceacd |
| SHA256 | c79241aec5e35cba91563c3b33ed413ce42309f5145f25dc92caf9c82a753817 |
| SHA512 | d934c43f1bd47c5900457642b3cbdcd43643115cd3e78b244f3a28fee5eea373e65b6e1cb764e356839090ce4a7a85d74f2b7631c48741d88cf44c9703114ec9 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\msvcp140.dll
| MD5 | ce8a66d40621f89c5a639691db3b96b4 |
| SHA1 | b5f26f17ddd08e1ba73c57635c20c56aaa46b435 |
| SHA256 | 545bb4a00b29b4b5d25e16e1d0969e99b4011033ce3d1d7e827abef09dd317e7 |
| SHA512 | 85fc18e75e4c7f26a2c83578356b1947e12ec002510a574da86ad62114f1640128e58a6858603189317c77059c71ac0824f10b6117fa1c83af76ee480d36b671 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
| MD5 | c5446aca206414bcac500cd33abdbf9c |
| SHA1 | 9f7be28fca8e10c645fbc4f73e3253c0912e0f1b |
| SHA256 | d4bb25f46ac176a9467a981031edaf8d52f4d45fd7ddf84ebe20655582d85235 |
| SHA512 | efd57c6697511301959d8a32d1a658047ee6cb10ecbfe53c467ab572bc8f04abf73b6d35c481e6cc64025f16f45bc66da462efa8ffe2590fc36887847e706d7e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
| MD5 | c2938eb5ff932c2540a1514cc82c197c |
| SHA1 | 2d7da1c3bfa4755ba0efec5317260d239cbb51c3 |
| SHA256 | 5d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665 |
| SHA512 | 5deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\ucrtbase.dll
| MD5 | 7a333d415adead06a1e1ce5f9b2d5877 |
| SHA1 | 9bd49c3b960b707eb5fc3ed4db1e2041062c59c7 |
| SHA256 | 5ade748445d8da8f22d46ad46f277e1e160f6e946fc51e5ac51b9401ce5daf46 |
| SHA512 | d388cb0d3acc7f1792eadfba519b37161a466a8c1eb95b342464adc71f311165a7f3e938c7f6a251e10f37c9306881ea036742438191226fb9309167786fa59a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveTelemetryStable.dll
| MD5 | 6e8ae346e8e0e35c32b6fa7ae1fc48c3 |
| SHA1 | ca0668ddb59e5aa98d9a90eceba90a0ee2fb7869 |
| SHA256 | 146811735589450058048408f05644a93786a293c09ccb8d74420fb87c0a4d56 |
| SHA512 | aa65ef969b1868a54d78a4f697e6edbded31b118f053bbe8a19a599baaf63821dc05f75b2ac87452cb414ab6572b8d9b349093931e64601c47f8ebbb49c431cd |
C:\Users\Admin\AppData\Local\Temp\aria-debug-4016.log
| MD5 | a95c56e6d790b5d4574259ac6db55771 |
| SHA1 | 94043ce3a5b78fe2d77c203c8a8028f7c2495c8c |
| SHA256 | 95057d17ec3b4d46bd8d31a5eee51b9891cf201cab8df100ca434a0acfc3f956 |
| SHA512 | 41ec4753270fdf621c16a196075a73741f6fe80896304626f5d75a837899bbbc1fdd73811090cb464820ad4bb7d2519a3746f1e1961d5fd11a07ec010e3cfa1d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncTelemetryExtensions.dll
| MD5 | 51b6038293549c2858b4395ca5c0376e |
| SHA1 | 93bf452a6a750b52653812201a909c6bc1f19fa3 |
| SHA256 | a742c9e35d824b592b3d9daf15efb3d4a28b420533ddf35a1669a5b77a00bb75 |
| SHA512 | b8cfdab124ee424b1b099ff73d0a6c6f4fd0bf56c8715f7f26dbe39628a2453cd63d5e346dbf901fcbfb951dfbd726b288466ff32297498e63dea53289388c0c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncClient.dll
| MD5 | 304e005e845946e2f363b02f0d67c91b |
| SHA1 | 4aea239c5ef5c102217d27f36112a4cf646a0ed7 |
| SHA256 | 505be650b95a37c996d7f7159fa44e7477923909c3b39000a126f7793fb8073c |
| SHA512 | 75c57270c77572a2d1b4a7b130515fea22a8bd0d06a61392dd33158de10435e7165b4a50b21dd15c2c2c3faff73172527af900321dfe774d7d9d41b1c9b0d1bb |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncClient.dll
| MD5 | 33fa7e37e065bba4c85c0dbe45113946 |
| SHA1 | bdf96b555cc267eb196c2d5b6721b721171ce248 |
| SHA256 | ce1726148e852d5ad2416a94e88bff80b538af6745a37811e13981e8883e92c3 |
| SHA512 | 862f233dda1f5c6eca5e052f0b96e238cb0b486cc757700360407e47dd416547aaa4c1332bf25fe4104f6042d3565f2647d7cf0cb0365afa06191683c9a7d3bb |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\SyncEngine.DLL
| MD5 | 05e89ba6b727ad74065866082e5b6a0e |
| SHA1 | f1fae12c1069d0b091113ab66821ff6615b69f75 |
| SHA256 | 13fd67046cdc36c6e70120321661ab4d0fdf9e8e3ac3587ac028d7e4022f2a6f |
| SHA512 | c684b52e09521122ac2e93f2d4e9cdbf796ea08c398d6b4e4de8f1cc3e2d002a8217ba0266b90af049b049d6302b0bfce5e50a294d36b5351d14a2b83b9d248b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogUploader.dll
| MD5 | 5445b0a0c2c33a4d1fc0989ce70879b3 |
| SHA1 | 9a4b6869f016e9ea686076d89063486978ace714 |
| SHA256 | 019625906e928aa1a1a996c9eb0a28e89be6eb142085d7500c3f1fe553cc857f |
| SHA512 | 6f02375ac4f5df20d0651d361e69dc36ac63e643023697039655d58158d6de54c99653a312f0bf7a3b6ec1a736f248f070820c5096ca29013f35103d040be2e9 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncViews.dll
| MD5 | b605fabeab526d3c8966a686218e1b26 |
| SHA1 | 27df4fc52ccfa7ba34cd8196de47fce8ee17769b |
| SHA256 | eaf4af16690f66952eead8c63fa824f176b8601e2431d4591538e04c4b4ebe9a |
| SHA512 | 97e1bdc332f852d24116c10f3e6910434f9840b2e5f82c3e122070833d682bec2328f62095fff4172a7f528c83b417b674b172bdc238a29b9898b9ac0f44b788 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogUploader.dll
| MD5 | 2a237a7101eff6b67ed509e7ccc97f4b |
| SHA1 | 33dc4312ab9a84a41afaad5532f9dad14bd0841f |
| SHA256 | c91f1e0a240c285a87ab09af78885d01930a197fb05228f351d17829c7299786 |
| SHA512 | f7a8e1bbfaaf19d18382e50e803b1fdf4f961b2353502a28e31d6928225b83d370bf4ea634bb185909153ce8f3767bdeacf30d2afabcddca1c3220814687c09d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\WebView2Loader.dll
| MD5 | 925531f12a2f4a687598e7a4643d2faa |
| SHA1 | 26ca3ee178a50d23a09754adf362e02739bc1c39 |
| SHA256 | 41a13ba97534c7f321f3f29ef1650bd445bd3490153a2bb2d57e0fbc70d339c1 |
| SHA512 | 221934308658f0270e8a6ed89c9b164efb3516b2cc877216adb3fbd1dd5b793a3189afe1f6e2a7ef4b6106e988210eeb325b6aa78685e68964202e049516c984 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncViews.dll
| MD5 | ba5e0482108c822e86184f3591638c0e |
| SHA1 | 2879f0f02b599cac93b7065ff30b59040cc26289 |
| SHA256 | a2f93cd46f06e7ac741418a3339301971cb426d2f6dddf0bb41065809ec74868 |
| SHA512 | 48cdaa14d3418b151c2b8e2f8efa79014ef9261dbf7def8a17ac1ce0b8372bc2e82b4256562c9e253598ceacd3ad34f81d1c81009cd894bb82158d0b2b98765f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\libcrypto-1_1.dll
| MD5 | bc7519ad0af5597b13ebaa5359e0c2ff |
| SHA1 | 4b3bfcdf39afc4fc57e683eb71fa242b3b24fd5a |
| SHA256 | 5a476af8da2615539f97d4d796d6b163bb89772e61bf8f63dae4950845466a85 |
| SHA512 | c3156888df71a18ccae4ff84466456b5b3ef427142cb3a652f7c9f274ae07724e1d8aa20e196d86bc0418bb30e70bcafd6f58ebd0b4a71fd1d1cba643ed92403 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\adal.dll
| MD5 | ef04e12eff1a8f799c281c46befbd489 |
| SHA1 | 0224878684a60988df982b49e2016dbfdffef19a |
| SHA256 | 87be6255d0405bf1f935ab1ca3a3ae6adcf305a8138f0825981715a0ab56ab28 |
| SHA512 | ef5f7a93edb02772e55c5c44d56fd78b58cbceb3ef387a6b1af76004565f798cc74bd95b55d624dfdf400ec48379dbc99f14d3dbee1d9397d22ed32581484e53 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\adal.dll
| MD5 | 9e15b04d1009b1d245afc932eefc15a4 |
| SHA1 | a99881bcee4df10d93523af63eb2faf9f8844c97 |
| SHA256 | ed0b34793935e0c24aee47d6624008f1eb0b79a74344d01ae61fc47f3cd48c3e |
| SHA512 | a8180985d4580403819653d81af5386d18ab64449c4eb945c095acccf865179dabe704d7796de0a43f88a7abdb6d2e7accadf128c388ddc471be7ed25591b45f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\WnsClientApi.dll
| MD5 | 5aa16c91ec88db9f4e70efae4c3d5b5f |
| SHA1 | 7dc64a09fa65de55b825f3d5be7b077308ae272a |
| SHA256 | cdebf4ee5c15a4e805c8b6ff3d8e30f90eea5e0a42e357879e411e3708c96f7c |
| SHA512 | 1d15f89927303f4959376a47868a604b56ba0a1b9957ca83d714fa936b6855a22c9f1effc035f0845874b2257d8e089fc43bd7809ebcd5bc63209300614959dc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\WnsClientApi.dll
| MD5 | 1957cc4169c0b29a354fd31765b2fc1b |
| SHA1 | aad64fce1dff01bb6fb41a5354dd81706e09669c |
| SHA256 | 114ea2a7872a991a00f2ffd907248cafe1f7475cd399982fd383488f6d7f4839 |
| SHA512 | bca394595a4ef61f1e28b92bdfa70d58663ea50733c940ac36486b529775358927d1063810fcca2505a3d0e59c9492296095c2882fe69ebdc963d1f3128156ec |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5QmlModels.dll
| MD5 | 41a54cf6150f71a40517db6f9a8e12d2 |
| SHA1 | 19cb20dc55cc91877b1638ae105e6ccca65c59ae |
| SHA256 | 4129b5228cd324103e2f35a07e718d03dfa814186126d7f4ed5a7e9d92306a56 |
| SHA512 | 3ecd45e2633feb376fc71481d68e93679e105dc76d57c9dfd2cfcfe18e746bc3bd5fc285d88f3d9b419b33882a9747badcd06d4dc220ad9767a3017748e0210b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Network.dll
| MD5 | 16d0bb34732b4c0344cc89bfa64ba4ad |
| SHA1 | 247466ce1bff331ffbe0dc91c74133b3073f0ebd |
| SHA256 | 3368738af505a7c5cac644392fea8e81b862bf87b1fa261819fb013cd2e19813 |
| SHA512 | 4c333fceaa57820d25f06641fd4d1b083112bb8843c8bb37daa80d1ed87a958517148ca042871775dcc84db796c9dda8b622c37a49b83fa7a853e2b76c92a810 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Network.dll
| MD5 | f7e37f0497926c4012e56442873bf8d7 |
| SHA1 | 16ef0ac0ebdec3a59a89eae41f05d331d0f04e62 |
| SHA256 | a5d378221f75ac6d3e345045ab987e6ea90e5cc66e26290e29ca3fcea3190eb3 |
| SHA512 | 9f850fdab9907ad6f8efb4fc1d8d362e026870482dc878a3113214c8b3aab263f627a82a5f88413180d81d4af0e90ddb717f49dbd5cf40a400759a702484df8e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\libcrypto-1_1.dll
| MD5 | f57e632b335e2363f53f2b88eb58242f |
| SHA1 | b1a3f0be036b23da60b1cbf35513f0430f137304 |
| SHA256 | e22394fe2fb8c57dbff8ddef2aed31a099c34e71c50c8b869e49079b5a18fe4c |
| SHA512 | 2e6e1fa95166faab7893a2441b8542bcf61ab42c89cc578497b4877e3f8ce437c160919dec706e8c274d313ba95d08675e438710f8129bd271b000e4d80f8283 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Widgets.dll
| MD5 | 5e707cdb91c4aa162a7e12b439f41fbd |
| SHA1 | 42fd4a447aa64ec020d7d889c7c901b409e16e16 |
| SHA256 | 4b982c4a0efd552364db458a6a393c5d43a790a44ae936e0f465c1c86ca64bb9 |
| SHA512 | 36211cfe1bcb7b339198a93c24897effbf5f0e7a710defdf38b6e9067fa4f849da9d42a378c344cf725a4ddd9a4eaee666426a3bfa80b43f9e9714eccbebb5f7 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Gui.dll
| MD5 | c68d41c26e361c509056d8ff8c0c8416 |
| SHA1 | 691ffca3512404076e41ece1e819cca44060b1a4 |
| SHA256 | 722cdd5d3f7481687d3bf9fff9bc7519aa9e24bd3257474846736804a834f009 |
| SHA512 | 2e32ac706c157484a42354cecc7aedf1e1ceedb610aaa2d0a2af4480958a48782feab85983c3b5b9e6d8a8dea82d46a84e44987f17f929777fad18b329d9043a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5WinExtras.dll
| MD5 | e94c89df4aab6ecc5c4be4d670245c0a |
| SHA1 | 4d6c31556dbdbee561805557c25747f012392b65 |
| SHA256 | 8bc10ab2b66a07632121deb93b3b8045b5029e918babc2ee2908a29decdab333 |
| SHA512 | 3f42f9eadc0cbebc8e99ee63761aadb7851572b3600197514febd638455b34ee9075d4ec36eae82b2786877f06ebfade73735e3c9d3232fcbb66bed55b96595e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Quick.dll
| MD5 | 9a18ce749e6e4ccce297a6579736d8a5 |
| SHA1 | 6175fbad815f3024f1a91ba610943efae3f9ce2e |
| SHA256 | 7486f0207fe2d8f409825fb3dd11ccbd51fbe8a4d8327e5f4885f5345900d1c1 |
| SHA512 | c693f1080c088742f78e3ff0d2d291a8f46b93fd219e866d3d9e9154bbfc57b95c731729451bc29afcc9648ec0e52d6add46e7a54e314db388bf5a1fa0fea08c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\SyncEngine.dll
| MD5 | 2ea0032aed3a2340fb43d24470ac2be4 |
| SHA1 | 191e6731f2ef8e3cdc78094b3f37cf492302a09c |
| SHA256 | b646577782b3a0c28486da0256a4c13cc0750f2a941ce01173b4e0a518048da6 |
| SHA512 | f707b422d30af6c7084bab5f6ad9b8f5bacc6b08051a4625bc84d81cc9cae5eb02299d5723b70e6050ccdb86da4c16504a63fb308d7dc6cfba36a9b222579ac4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Qml.dll
| MD5 | f8f1a9593b6abeb31497ea6ac7ee6d80 |
| SHA1 | 70d3dea03e07481c76f6a2e94fcbff6692b456a1 |
| SHA256 | c5d6c59351bff10845e686ac82166852e69520f39b444c9709ac0a42b0921a09 |
| SHA512 | 71b0d2bd09758b09606dcf62a467233566b421ff2fa8111865185470b9ff7e48eb2be4e5e0dc37abe30a33362a983f251a6899c16a2493b7e87fdd0ba0985df6 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Core.dll
| MD5 | 639d3c99c9737fda66cba8c971713466 |
| SHA1 | feecd6bc9f6a6d50fe4a857ea5403ae9d8023a02 |
| SHA256 | f9126f4b336d22059cf99f2a4de84677c78eeab66136b155f071428ff47840a0 |
| SHA512 | d911fcd28cb11bd01a2fcd81fabdbbdbcfee54111a8154f177302f761d0ed23114f9912424ea765d124bbb255207fd8474914a964f64ecd901993a89309a72fa |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Quick.dll
| MD5 | 7055483d9302b969ec3b4d9389b8c1b7 |
| SHA1 | 4ef47a73a8e9ed802883580b76ac4cb9bd562eef |
| SHA256 | d48e2147cfb9d571d6438c4e1f8eead702b908932bd7aebe472b8758717ff7c5 |
| SHA512 | 60166e49d9008cf3dc6818723c467e3742fc91234b0f4f051dfb91394b302ad8057c665977f6ede50c4a7911d0495a04498d1405da561b675f96bd6464fcc7d0 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Qml.dll
| MD5 | e751f74dee4bb76875dab70a5c7d5583 |
| SHA1 | 2eab7cc9a263381b9d01d45eca5937791de703bf |
| SHA256 | 34b38a1f66747e4026ffb717019b5d4cc1bde2b6cc8c15625485c9fa9809b31f |
| SHA512 | a8e848fd88c0785f68c72b452d6899b101f029c0664b1f456c7dcb99a0e3f09c818d720067cf2abb0edf22449f88195dff01190cbdbf83f7d8596729bca071a6 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Core.dll
| MD5 | fc7bfd22b665fa97ab0485d630d1f3c5 |
| SHA1 | 4cef36d9f5257bc6efbd359cc10d2fda59420aa8 |
| SHA256 | b6df6d1f7e87f27818fe87c1328b232fcd249702e2f49602dbec55a6fb5aad5b |
| SHA512 | bcb4737ec9bf0da0120acd514525371fba6ea412f3800959877007d7942eeddf48e02f353ae33fd788d9a6f3a11f2b9f322338c331133fbe99b235b7dbb2ae60 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncSessions.dll
| MD5 | 7a9c3cb270fe0a27c2568612c7e6a4b1 |
| SHA1 | 94e52fccbe58cca425b25278b95a8a2377f2d834 |
| SHA256 | 8070d145428ecb0aab7104f583580271272844c468c262762aeb0b7c3aa200bf |
| SHA512 | eb9e3783e17eaba21664f19a63877ea82fad534b42e4967a89155251ad6b0dbcc11652c31da4c50b7c2c67d091949c3f9f556709ddf1ab52cd76d4c1bb39875a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncSessions.dll
| MD5 | 116fc71a534d6e4a519ac07d8873b213 |
| SHA1 | 2996ca69cf5643309853f84d08be8f03f8f6127c |
| SHA256 | ea78ceb6c7f9aeef834255c7f4a0533e445609895b28f00b440a10678a135881 |
| SHA512 | 8920e4f1cea6e09df7170b3f75a24a9f32de31f1797d9460effbc53dc6ef8bdd76a62cd83c0e5eca930d3082ff38d814875c5900f5ae3cbd6d09c6934c8936e6 |
memory/3900-7097-0x0000000003F90000-0x0000000003FA0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini
| MD5 | 6ea5f512cc3eb8012635ec954cc3f8eb |
| SHA1 | 805e664ae6af5f4ca926bccb409ab9d3dd625c8e |
| SHA256 | 222e941b77d525de853b733e00d0648a30ecbf5945bdb609385cf4b826beaa8a |
| SHA512 | 7550ae3bcb746f6da17716626cc397df63dde91dde1f0b3f977b6425aadef9e5b6345fc99d33520ce5cfb3dc31919f0ef7e66e2270e9f2c4802223d8ac712864 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fa070c9c9ab8d902ee4f3342d217275f |
| SHA1 | ac69818312a7eba53586295c5b04eefeb5c73903 |
| SHA256 | 245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7 |
| SHA512 | df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d8fd4fc06841947a1e19398b7acca87 |
| SHA1 | a618c12ddddc1b8bd47043be107e95e5885fb9cd |
| SHA256 | c8a9329f09f1407f458d93a1bd3d90e263d215d1d0f90fe61fbef336bf40a359 |
| SHA512 | ecb96da3938d156248b931fdfffa6d0d4555e77d05ec41433822bd5b8bb7b856a43b496dbcb64558bd917c32110deda7eb8576bcaa61f998b69a7f4bfb18db64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5db8d06615554ef05a5f6b0d7dccfe80 |
| SHA1 | 2faff16d21fbab14b3fbfca6b6dcabc5b4404b47 |
| SHA256 | b8cb04d1b50091226e8e6cac9ce64841378f87fefdec53f3636030e1f956587a |
| SHA512 | 2ee63281107a8a441862f12bce17e4bb5f4a08d7752ea1e95edf805b4bbb4f406e8075eca262a6c78c1d6a2121dfe8584193ec1d598dd6470e0d35e58685329b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc45abc535302fc31b13a6441b13c169 |
| SHA1 | b8fb050642dc15eaddda8fcccb5a05569dd6cf35 |
| SHA256 | 535edd9403a1722fd0ac2efda63149512b53c86d71b89abfa87ff2043c32a143 |
| SHA512 | b78670419587b63bd22c86fc17a8d9ce7387715d356351459454d50b5b1dd46aad67c8a5cb33b0385795c8ab746b67aacee181c36243c02c6f53fddc3eaae9e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | db81f13f7d212d6adc6592e598d24bde |
| SHA1 | 718717edcd49c20f4b28b285c58c1ed572857e49 |
| SHA256 | 0985a90821e282ac12ea3e28bd2ebab6647176d5290d5f2b7a6831397cc1cf80 |
| SHA512 | 15c7056e36f0489dbed0157897d3428174b41be7ed5db336989461b4e04fd83fde0c6c53ca72259c94c66cced60828506eeb83493e57cfd9100f34609cf74822 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f3c136c59e98d5a67506395a143da93 |
| SHA1 | 298b03f140fa217dae23467606542099def97346 |
| SHA256 | eca4ff8f6b8cc9d2cc80d96d4b915123d682ece7e5a61b35749c12cacfd69c72 |
| SHA512 | 5803b3e0bd06e42d226dd50636519d80b2832cfef990b92d9b71ff05f75f26492952de45ef028167b019da26f34690c402602e9aad3aab6d18d724da0aa7e66a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 917dedf44ae3675e549e7b7ffc2c8ccd |
| SHA1 | b7604eb16f0366e698943afbcf0c070d197271c0 |
| SHA256 | 9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37 |
| SHA512 | 9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fb1bf5c59be29f297e621100185c0771 |
| SHA1 | a43c80ffcee4d77ef26b248ef57ce51f09cb4fd6 |
| SHA256 | 14617d4c6b86dd0c5b51667025690a02cf45826696bbc8d7308eb2abd8ab2a1d |
| SHA512 | 29cd7abd93c6639274545c6ecb4b8d45304e8ac36013ac192680f3c0c8a446853ef7450dc83af1dd96aed17c2f660a3fce439b6ebe4693c7b227e177803c73c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4b0b53f91c9a04226f2ccb11739b270 |
| SHA1 | 5aa377db6a78a5c3c303babca91ba5be641fd682 |
| SHA256 | 786529d9fea81fe420c6c37b2a5241218d6517a095471d5b749fe6024779fbfe |
| SHA512 | 24647db0d141aea46587c71696256f670ca2b3ea82668d296cb2769bb6e820226697d0aa178818a6e4746f71379e02e3e2fa04467142c637d0fa8560f502d103 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6e8de19b9bbaa99641282c69aee0f1d4 |
| SHA1 | f1ee155474c564470bcbfc67fd6f3ab5f84e5b46 |
| SHA256 | 66e69a03de2fd09cd38fc54aa7ea0a8cfb1c543a209d7533c743363a0d82ad31 |
| SHA512 | cc0cf7bc38b387d54c38a5d4b0e2b19a0fd66584072e0756b38922fd1d95f37fdc78739cdc35038c7f71cffc8b602eea9632a8d5b2cf5106dfa1bca7ab34fe58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 277a5d39e6caa173a9dad452046b0cd0 |
| SHA1 | f55f8252db7b05e0e30914e453a6a6e58d80580c |
| SHA256 | a8b572e3ef00ffa64913e2dfc9c9057db571c8b51c68dbd790cc5a73ee3240b2 |
| SHA512 | b47365cf9f2d8e40746e364613c1aed49ebedc5dc44f542a61595868863ea355c7e7b634257e95a5ab9ace93df44decd6f501aa4e8ea11080e562ab488c185ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c0901598053dde5de72d6957c733b644 |
| SHA1 | fd6bf2377bcc7a02c7c286ad39c4aba4a9bdd951 |
| SHA256 | dd72809b1bd707836aa26972c2d39d6de3dbfa34de71c7d4c692ee9702e10636 |
| SHA512 | 140329f9bd640bd6d5c6418b715b65cc4f4a00967c27ac57aec4deb8557bc47947e32f276a8c00fea6a8b0d5273a1f2cb6cea64c71a7833412821280c31af40f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 96a2cfe44278077893deced6797236d2 |
| SHA1 | 76b85e4c3e3fac6bf7828216209b1799e8a638b7 |
| SHA256 | 35430cbc5684b0106caf03c0ecdf7f861eb333ba8770dfe2122b96ac02d6ab05 |
| SHA512 | 1ae53123740aa4744daa07f310d518ea04ebc599902ede045976a1fd3d6b0f757505a43ec27e3a28fa8106fd40660b46ecea6dddf338226f742bf2da9b7f3840 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 67b8310c38b57c0c896c1979a01c8ad1 |
| SHA1 | 6b7141b96d17454e4a2f8c8114162f0d074f162b |
| SHA256 | d8587a2f6ea0a6877307596b3b15a583a75090526740c655fd8782151ed84a81 |
| SHA512 | 0747f2d97af5256961180147bfbc35641be076dbbed644cac5c22939cb20f7447305fe38c8eb5ffb75a7eacdb9122852e16a5b064c652ab715e5139d434ad0dd |
memory/412-14865-0x000002C51EC20000-0x000002C51EC21000-memory.dmp
memory/412-14867-0x000002C51EC20000-0x000002C51EC21000-memory.dmp
memory/412-14866-0x000002C51EC20000-0x000002C51EC21000-memory.dmp
memory/412-14872-0x000002C51EC20000-0x000002C51EC21000-memory.dmp
memory/412-14876-0x000002C51EC20000-0x000002C51EC21000-memory.dmp
memory/412-14875-0x000002C51EC20000-0x000002C51EC21000-memory.dmp
memory/412-14877-0x000002C51EC20000-0x000002C51EC21000-memory.dmp
memory/412-14879-0x000002C51EC20000-0x000002C51EC21000-memory.dmp
memory/412-14878-0x000002C51EC20000-0x000002C51EC21000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old
| MD5 | 12cf8ec9846cd1b6b04062b5f9431ace |
| SHA1 | dd03a05743d55541d5c1d6ec8a7c2ebc6677c79d |
| SHA256 | a37bab78eb4fe5fe52b6333566dabe29ad09ac117ffe93e39be8b93ad612887e |
| SHA512 | 769ad6dec8f204cdc1e48e2392082655d5d949b061047c858cb53815120ad30aab69a213661255ad324853c41d56e57a23b3cff0ce96a1775020efa03cd76cd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bccc8020f80635dcfba9b93d1c2c993b |
| SHA1 | 8069ba3071ab87b96fd4ea9116e9d25857858937 |
| SHA256 | 8b83c37cd40bba399b2f9b1cbbae5614c29a4e9d6d6f6a0bc68b95a0efc51c45 |
| SHA512 | f50b2ac0150cfedf0d94e4ab1e71c2b5035990fc6a4415181b8b0459b679c66cc31159025930b9c99aaa25752ecb22174acb163c8bbbe62ef4ccaf0a070aa0f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ba3962fe-7690-4d4f-a9ea-60fbf692ec6c.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO8BH966\js[1].js
| MD5 | 56ed2a356ec5d33d9e85792a53f052ce |
| SHA1 | 3a41ffabd02203211400676a99ee3e6634f572e6 |
| SHA256 | c81d532ce80a39b5cb05f01ea20e1b277d19504ca54edb5b0ec9806526815339 |
| SHA512 | d03232016593bf6258e2485d719bb8ea2481baf949f4ed4c7046feacbeeb997ace4008aeb9097fa81e147fb4ab6ee6d3d60ed82de9c0544ffeccc11b51a91ba1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO8BH966\analytics[1].js
| MD5 | 575b5480531da4d14e7453e2016fe0bc |
| SHA1 | e5c5f3134fe29e60b591c87ea85951f0aea36ee1 |
| SHA256 | de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd |
| SHA512 | 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_08C6821C7E5E240D96652251BED5C839
| MD5 | 9485ece12f0b8ffbaa6eaf5c6045c2d9 |
| SHA1 | a223f5ac12c77ab25fbe47a427f16552bb22b010 |
| SHA256 | 1b201000686659a4d0efcd4cca2ca4124bea69a41c8dcd92256156895191c867 |
| SHA512 | 2a4e786b99c29e47767cc81541d4832a213465cc88d003a75af9f135611740b312b2232d21f2e18e663a6a9de213206b925f40382ca73d6c42b7cdf64d9294d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_08C6821C7E5E240D96652251BED5C839
| MD5 | 4714eec6fc22785d8707b06de7904019 |
| SHA1 | afaca618d022cfd34a9f36ecb49327e8d9a84c92 |
| SHA256 | 5525b24bb6a9650e8b82ba8d7a9cc8a01987a2b8bc4af0fdc0ddced6d5a43e3d |
| SHA512 | 86ceda36345eb1b91a8833990f2bce6e543a903f00d8610e684d34d06ace6bfb1638b7c9a9be7659d29b2514411964894ccdcbbaf9d81382fba1332f8ab7c966 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\43O0UZKG\cb=gapi[1].js
| MD5 | a18f7275d21826de9c1c94f40b812a8b |
| SHA1 | 5ce82b054d72993b077525e9dd96fc19b93c1dee |
| SHA256 | 243a4646b67f033cd730970f4267a9673298d28acb199c696953b53ec61c2628 |
| SHA512 | 4e2f3320c750601f68f51adfb9040d5fe832b35a0bbe831f19ff56940b94f36d364b78a17b7ad3d36b7ecd76a2d4c7b06ba71797d113f15b53229f40804e2f49 |
C:\Program Files (x86)\Google\Temp\GUME94C.tmp\GoogleUpdate.exe
| MD5 | baf0b64af9fceab44942506f3af21c87 |
| SHA1 | e78fb7c2db9c1b1f9949f4fcd4b23596c1372e05 |
| SHA256 | 581edeca339bb8c5ebc1d0193ad77f5cafa329c5a9adf8f5299b1afabed6623b |
| SHA512 | ee590e4d5ccdd1ab6131e19806ffd0c12731dd12cf7bfb562dd8f5896d84a88eb7901c6196c85a0b7d60aee28f8cfbba62f8438d501eabd1bb01ec0b4f8d8004 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver3F3D.tmp
| MD5 | 1a545d0052b581fbb2ab4c52133846bc |
| SHA1 | 62f3266a9b9925cd6d98658b92adec673cbe3dd3 |
| SHA256 | 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1 |
| SHA512 | bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\43O0UZKG\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |