889033357b0b39731d63c3cd4511f12b99bba0d30538f20ac63823568f5bf1c3

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Size

60.4MB
MD5

e840f880132b051a8ed040859372be54
SHA1

518107b1def3725b3a3c9a4789d60d4b91750a32
SHA256

889033357b0b39731d63c3cd4511f12b99bba0d30538f20ac63823568f5bf1c3
SHA512

88a02e5b9e706b53007673dd3d29d575560bd886c9ecc66496a4aebecaf9cf0cae8ad4e01db7dad7811d21da664ffb9f47a4d75a1c601f99cf12c0493ed79de9
SSDEEP

1572864:WOXa8tDkuw1ZdKB1Oh06d/SM0RLR4blsqxgpbqd:1Zl9K4Bn6d/cR14blj6pbk

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	OneDrive.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 18 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	OneDrive.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	OneDrive.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	Microsoft.SharePoint.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Microsoft.SharePoint.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_sr-Cyrl-RS.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_bn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ko.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_as.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_kk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_bs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ka.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_fr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_hr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ja.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_kn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_sk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_lt.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\MicrosoftEdgeUpdateBroker.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_bg.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_pt-PT.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_lv.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ta.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_tr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_lo.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_sr-Cyrl-BA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\psuser_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\NOTICE.TXT	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_cs.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_et.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_vi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_af.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_en.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ro.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_bn-IN.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_pa.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_fr-CA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\psuser_64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ur.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_or.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_sq.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_km.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdate.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ar.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_pt-BR.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ne.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_hi.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\MicrosoftEdgeComRegisterShellARM64.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\MicrosoftEdgeUpdateCore.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_mr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_sr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_nn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\psuser.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_it.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_gl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_mi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ml.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_cy.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\psmachine_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\EdgeUpdate.dat	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\msedgeupdateres_el.dll	MicrosoftEdgeWebview2Setup.exe

Executes dropped EXE 15 IoCs

pid	Process
3652	FileSyncConfig.exe
1436	OneDriveStandaloneUpdater.exe
4932	OneDrive.exe
2728	MicrosoftEdgeWebview2Setup.exe
1084	Microsoft.SharePoint.exe
1772	MicrosoftEdgeUpdate.exe
4124	MicrosoftEdgeUpdate.exe
4376	MicrosoftEdgeUpdate.exe
3460	MicrosoftEdgeUpdateComRegisterShell64.exe
4248	MicrosoftEdgeUpdateComRegisterShell64.exe
1340	MicrosoftEdgeUpdateComRegisterShell64.exe
5036	MicrosoftEdgeUpdate.exe
4540	MicrosoftEdgeUpdate.exe
1672	MicrosoftEdgeUpdate.exe
2560	MicrosoftEdgeUpdate.exe

Loads dropped DLL 64 IoCs

pid	Process
3652	FileSyncConfig.exe
3652	FileSyncConfig.exe
3652	FileSyncConfig.exe
3652	FileSyncConfig.exe
3652	FileSyncConfig.exe
3652	FileSyncConfig.exe
3652	FileSyncConfig.exe
3652	FileSyncConfig.exe
3652	FileSyncConfig.exe
3652	FileSyncConfig.exe
3652	FileSyncConfig.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe

Modifies system executable filetype association 2 TTPs 5 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key deleted	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}"	OneDrive.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileSyncConfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OneDrive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Microsoft.SharePoint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OneDriveStandaloneUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5036	MicrosoftEdgeUpdate.exe
2560	MicrosoftEdgeUpdate.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Colors	OneDrive.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	OneDrive.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\TypeLib	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\ = "ISyncEngineDeviceNotifications"	OneDrive.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{10C9242E-D604-49B5-99E4-BF87945EF86C}\PROXYSTUBCLSID32	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\TypeLib	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{2B865677-AC3A-43BD-B9E7-BF6FCD3F0596}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\ProgID	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SyncEngineEnumeratorProvider.SyncEngineEnumeratorProvider.1\CLSID	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{B5CDC0E5-9558-4899-A58B-5D894F493C1D}\ = "IKFMEnrollmentStatus"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\ = "IToastNotificationEvent"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ThreadingModel = "Apartment"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{e40cef71-c060-48bf-832d-3adc3e5985a6}	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\24.161.0811.0001\\amd64\\FileCoAuthLib64.dll"	OneDrive.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\VersionIndependentProgID\ = "SyncEngineFileInfoProvider.SyncEngineFileInfoProvider"	OneDrive.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\CLSID\{6BB93B4E-44D8-40E2-BD97-42DBCF18A40F}\LOCALSERVER32	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ = "IFileSyncOutOfProcServices"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ = "IFileSyncOutOfProcServices"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\ = "IGetAllSharedFoldersCallback"	OneDrive.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\System.IsPinnedToNameSpaceTree = "1"	FileSyncConfig.exe
Key deleted	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\PROXYSTUBCLSID32	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key deleted	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\CLSID\{389510B7-9E58-40D7-98BF-60B911CB0EA9}\VERSIONINDEPENDENTPROGID	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ProxyStubClsid32	OneDrive.exe
Key deleted	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\INPROCSERVER32	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\TypeLib\Version = "1.0"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ThreadingModel = "Apartment"	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\TypeLib\{4B1C80DA-FA45-468F-B42B-46496BDBE0C5}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\\3"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Key deleted	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{5D65DD0D-81BF-4FF4-AEEA-6EFFB445CB3F}\PROXYSTUBCLSID32	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy.1\CLSID	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\TypeLib\Version = "1.0"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\ProxyStubClsid32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\24.161.0811.0001\\amd64\\FileSyncShell64.dll"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ProxyStubClsid32\ = "{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}"	OneDrive.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\grvopen\UseOriginalUrlEncoding = "1"	OneDrive.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\BannerNotificationHandler.BannerNotificationHandler\shell\import	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Key deleted	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4932	OneDrive.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
3108	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
3108	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
4932	OneDrive.exe
4932	OneDrive.exe
1772	MicrosoftEdgeUpdate.exe
1772	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3108	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Token: SeIncreaseQuotaPrivilege	4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Token: SeIncreaseQuotaPrivilege	4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
Token: SeDebugPrivilege	1772	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4932	OneDrive.exe
4932	OneDrive.exe
4932	OneDrive.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4932	OneDrive.exe
4932	OneDrive.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 1692	3108	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe	94
PID 3108 wrote to memory of 1692	3108	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe	94
PID 3108 wrote to memory of 1692	3108	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe	94
PID 4952 wrote to memory of 3652	4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe	102
PID 4952 wrote to memory of 3652	4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe	102
PID 4952 wrote to memory of 3652	4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe	102
PID 4952 wrote to memory of 1436	4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe	103
PID 4952 wrote to memory of 1436	4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe	103
PID 4952 wrote to memory of 1436	4952	2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe	103
PID 1436 wrote to memory of 2728	1436	OneDriveStandaloneUpdater.exe	105
PID 1436 wrote to memory of 2728	1436	OneDriveStandaloneUpdater.exe	105
PID 1436 wrote to memory of 2728	1436	OneDriveStandaloneUpdater.exe	105
PID 2728 wrote to memory of 1772	2728	MicrosoftEdgeWebview2Setup.exe	109
PID 2728 wrote to memory of 1772	2728	MicrosoftEdgeWebview2Setup.exe	109
PID 2728 wrote to memory of 1772	2728	MicrosoftEdgeWebview2Setup.exe	109
PID 1772 wrote to memory of 4124	1772	MicrosoftEdgeUpdate.exe	110
PID 1772 wrote to memory of 4124	1772	MicrosoftEdgeUpdate.exe	110
PID 1772 wrote to memory of 4124	1772	MicrosoftEdgeUpdate.exe	110
PID 1772 wrote to memory of 4376	1772	MicrosoftEdgeUpdate.exe	111
PID 1772 wrote to memory of 4376	1772	MicrosoftEdgeUpdate.exe	111
PID 1772 wrote to memory of 4376	1772	MicrosoftEdgeUpdate.exe	111
PID 4376 wrote to memory of 3460	4376	MicrosoftEdgeUpdate.exe	112
PID 4376 wrote to memory of 3460	4376	MicrosoftEdgeUpdate.exe	112
PID 4376 wrote to memory of 4248	4376	MicrosoftEdgeUpdate.exe	113
PID 4376 wrote to memory of 4248	4376	MicrosoftEdgeUpdate.exe	113
PID 4376 wrote to memory of 1340	4376	MicrosoftEdgeUpdate.exe	114
PID 4376 wrote to memory of 1340	4376	MicrosoftEdgeUpdate.exe	114
PID 1772 wrote to memory of 5036	1772	MicrosoftEdgeUpdate.exe	115
PID 1772 wrote to memory of 5036	1772	MicrosoftEdgeUpdate.exe	115
PID 1772 wrote to memory of 5036	1772	MicrosoftEdgeUpdate.exe	115
PID 1772 wrote to memory of 4540	1772	MicrosoftEdgeUpdate.exe	116
PID 1772 wrote to memory of 4540	1772	MicrosoftEdgeUpdate.exe	116
PID 1772 wrote to memory of 4540	1772	MicrosoftEdgeUpdate.exe	116
PID 1672 wrote to memory of 2560	1672	MicrosoftEdgeUpdate.exe	118
PID 1672 wrote to memory of 2560	1672	MicrosoftEdgeUpdate.exe	118
PID 1672 wrote to memory of 2560	1672	MicrosoftEdgeUpdate.exe	118

C:\Users\Admin\AppData\Local\Temp\2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe"
1⤵
- Checks computer location settings
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Users\Admin\AppData\Local\Temp\2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
  "C:\Users\Admin\AppData\Local\Temp\2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe" C:\Users\Admin\AppData\Local\Temp\2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe /permachine /childprocess /silent /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode /installWebView2 /cusid:S-1-5-21-656926755-4116854191-210765258-1000
  2⤵
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  PID:1692
- C:\Users\Admin\AppData\Local\Temp\2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe
  C:\Users\Admin\AppData\Local\Temp\2024-08-24_e840f880132b051a8ed040859372be54_magniber.exe /peruser /childprocess /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode /installWebView2 /SetPerProcessSystemDPIForceOffKey /EnableNucleusAutoStartFix
  2⤵
  - Checks computer location settings
  - Checks system information in the registry
  - Modifies system executable filetype association
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4952
- - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncConfig.exe
    "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncConfig.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:3652
- - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /installWebView2
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1436
  - - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\MicrosoftEdgeWebview2Setup.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\MicrosoftEdgeWebview2Setup.exe /silent /install
      4⤵
      Drops file in Program Files directory
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
        5⤵
        Event Triggered Execution: Image File Execution Options Injection
        Checks computer location settings
        Checks system information in the registry
        Drops file in Program Files directory
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1772
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4124
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4376
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3460
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4248
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1340
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjY2Nzc0MzMtRDhBQS00OTdGLTkzMTgtNjM1NEU5MDZDQzM2fSIgdXNlcmlkPSJ7MUIyNTdCREQtNzdEOS00QTVELUI3MTgtOUU1RTJFNkMyNDAwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1NTU2RUY0QS1CQzA4LTQ5NzgtODg0RS1GMTdBQjMzMDg1QjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ5OTQ1NTI1MTciIGluc3RhbGxfdGltZV9tcz0iNDM3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        6⤵
        Checks system information in the registry
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5036
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{B6677433-D8AA-497F-9318-6354E906CC36}" /silent
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4540
- - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    /updateInstalled /background
    3⤵
    - Checks computer location settings
    - Checks system information in the registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system executable filetype association
    - System Location Discovery: System Language Discovery
    - Modifies Control Panel
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4932
- - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\Microsoft.SharePoint.exe
    /silentConfig
    3⤵
    - Checks system information in the registry
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1084

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Checks system information in the registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjY2Nzc0MzMtRDhBQS00OTdGLTkzMTgtNjM1NEU5MDZDQzM2fSIgdXNlcmlkPSJ7MUIyNTdCREQtNzdEOS00QTVELUI3MTgtOUU1RTJFNkMyNDAwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTJENzkxRjUtNjRDMy00QUE4LUFGQzgtN0IyMDREQ0UyNUQ0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyMiIgaW5zdGFsbGRhdGV0aW1lPSIxNzIyNjAyNzA1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNjcwNzUyOTQ1NzgwOTk5Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDMyNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDk5NzY3NzQwMyIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Checks system information in the registry
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
136e8226d68856da40a4f60e70581b72

SHA1
6c1a09e12e3e07740feef7b209f673b06542ab62

SHA256
b4b8a2f87ee9c5f731189fe9f622cb9cd18fa3d55b0e8e0ae3c3a44a0833709f

SHA512
9a0215830e3f3a97e8b2cdcf1b98053ce266f0c6cb537942aec1f40e22627b60cb5bb499faece768481c41f7d851fcd5e10baa9534df25c419664407c6e5a399

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEBE6.tmp\MicrosoftEdgeUpdateSetup.exe

Filesize
1.6MB

MD5
45e5ca74b9ae3c3fc6f6a63c609783b6

SHA1
f36715bea96d69bb18075fac30b90502c6d2464b

SHA256
b4afd37b9087df7e041ae749fd0fa342926d9cce533bde9cdc4283132c3820a9

SHA512
014fd398d456fcb118dfd6b038b6f96008ca209d44d9707e175e85e7f14cfb3f2886deaed0d8ed25971813035e8dd7f88142c06972f3e2c9b4a534d84bec661a

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
181KB

MD5
dd3190450cedf953dcac1e88416122c9

SHA1
023486b75786aafc30a87d9439a09e0a2cebc18c

SHA256
8b81303141501c4b22bc9d93bb5c93970e921ddcbad2fd3231f72a63fcb22b5e

SHA512
52bf138e2a58a4e9b807994b501a1c6f4c38103483276bd3411b78ca1d271a31b0d8801c1a0aaf4e353d587e34b83391573fb6d0a731cf37a2021e578510248d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncClient.dll

Filesize
7.9MB

MD5
0ee46b9a2f0a78fcb53eb0ff786a07cc

SHA1
80594111db918a861d8e6722fc93744afe5b451f

SHA256
8cb7e20cb9fa94c06e8fc2c2ac87688c36a2b812a858db15e92712197eb28d9e

SHA512
fb4e26c436445c4e36b95002f998367f0469da4067ac8466d0fca084d425d262c3f0ca4a9747e38a516fefeaac4429543516ba970f6fb5f1f023911129a695fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncConfig.exe

Filesize
623KB

MD5
619f5d899497c4a3c0c48900224b6d09

SHA1
dab0d4d9c5d29bf49f6bd606f467ab4028b1887b

SHA256
ce51b9f4f77d911f46e307c64fa8eb5b7f2d15d25b4b24ea261faefb71b7fecb

SHA512
8166bed5196d59828aa83d65fd6c700b83b6bbef82f6a1ce5777f9474c9ffbfa4a3e429f62589f6662d86b3889ff2f946f39440c6545a11af5678f506c511959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncCxP.dll

Filesize
423KB

MD5
0c7bb6357205446a4fd608c9548bfe0f

SHA1
d740132789dfa4ffcc4311ae6249b87bba900585

SHA256
3a4d0703bbd9757b14fca887e5fdc7e04b35f2c85ef8d01d72e3efc98002e9c3

SHA512
c3dec2d9b4ba1036d14396ed9188033e0773dbf1b50bf09dc552521973a88d14f1b4770cc1338e8c0b0378b463d47e6ac13ef7566d99823afdcd4a92a0079b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncEvents.dll

Filesize
106KB

MD5
b6bb6d0c27833697481aeb9eb20c0f7c

SHA1
85ef0eca81af879fae1c2815265364eb2e8e28c8

SHA256
71c8b46a14dc33b73a4514174cb052f9358c515302826b1d03a11b62a8dc25d3

SHA512
10ab682890d4e6e2fc091e29f5e81d9df507f72fd232b3efbdb266dc01cbcceac477e076c2ea5b6a0eefc139c0b3bae59c13f2b74f070c438aa860f1f2e56222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncFS.dll

Filesize
675KB

MD5
016178db41b1c9813300bca51ed3984b

SHA1
7968c0e3e23d40a32fcd285a5652cd3a46081984

SHA256
990a6df6a951d2e91f75bd8438e5362536de684232634fa9669e8cb7ba287a41

SHA512
4cde1e126ff19556ca8b5383f44644aaf42929bdf9988b3495e0082c815147d1fa9b03bc20eeff38e55cb7268236169a15cbd49664531ec634bf3894d317ad04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncHost.DLL

Filesize
363KB

MD5
cf9f1564f0fcb1edd4d24450ac7110b3

SHA1
1776672d8ff0f3721adfc71914e72288fe24a845

SHA256
9ad4eff4c0148c2072056fd5bb2e8298ce72f2bd31aafddb9ff6cdbd5a2de467

SHA512
4f66ea879785275c369edf2c39d6f6f0929ba59bbdf0e43e1e44ebaf9e746a1db83e87a9ee083c1507e6d7f998b3359c8e3210f6902a91d937ac9ec8a6dcc7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncRNWin32Lib.dll

Filesize
305KB

MD5
cb4ff1fd37eae66d05359a2dc4381522

SHA1
cbdffecb2db1aee168ba68ff59b4184098fbe74a

SHA256
9eaf37986830986d8ef5cf9dcd6ff8d7545a563b478d1167231dc4ba03a63c7b

SHA512
53e60a6f397309e3ae3e0d03b776582e4e87da7edfd797b5c2e88ea60613490b3c590a1d1a3545c0cc0551034ce91efe7384279cbf89eeb0d51b4bafdbdd9b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncSessions.dll

Filesize
4.6MB

MD5
ae440a89568c933e86ba78d01006662b

SHA1
22b79a8564a1298b76e5d4faa51e016ddd338fde

SHA256
24bd65bbeb70b24dabd0ed86d1baa5878680f94916822a80e2196d6ad0b4e442

SHA512
b5f770e74b2e02fc796d4321ec13ced61f90c0e2ce26e9c2394021a423850a4f0512bebf5ba57bff046fa8112bc1d2195b26dce243103a8bf63a0ef5832e5c7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncSqlite3.dll

Filesize
526KB

MD5
d10532814a2d166e4e12dcaa31d3fe2a

SHA1
72950eb38e82aa139fd06fdcf50b0149c02e233f

SHA256
62a2da5912b8369b0475e1e9770d591c583251ff16d84898e797997d007ae5bd

SHA512
d5f62ed0bfaef5dda3908cfd7736cbbea5a37cb7e7b9f79a8a40cd97bb46d2015dd945a64accad49c3ecd77a216f2b9537e56465ee49a61636c4a293094bb1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncTelemetryExtensions.dll

Filesize
457KB

MD5
f17e4fe71789a45772537feed520343f

SHA1
6cff5c82d9f700e60ed92b408c12229353cda1ff

SHA256
2fe6fdf70965ab4906634c19311fb3578aa3007df85ea3bc3d4e56f91cc9b50d

SHA512
5d0d3fa972372b5a2faed32024d6cfbb0fcd55143f680891b35271ef042d88749009b2061d3f541e8ead6f113526b07524912aa7499e82e03a328b6997f22dda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\FileSyncViews.dll

Filesize
2.9MB

MD5
40d0b2cccace52cf0efe4f44d561a2d4

SHA1
128a7ffa1ff74d881beb7197a8a6e4913f5d09f9

SHA256
0cdf5266c596c78611ffffd398e47ea866089fa993184314eefaed4d923e3b2b

SHA512
415702ed9cd82e6baf4014985b225743356b16d52cd0c9ebf435785666b4678ad52dce27dc2b0cb2c04af95c626e3140e906b044eea2ce122230a6c91820cf88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogUploader.dll

Filesize
858KB

MD5
7d804f10cb34e999fb3b97426ba64196

SHA1
fa0fdeb778c3e52e8ed40f6e2362847b377a1a1c

SHA256
277026bcec0fa0ee7a488ccd3996c8798b65c39aee3e816d5697bed981f03fff

SHA512
3b1661aad3fcf553997deeb3182d29cf030e2630bbc3e40e90f3afc18943fec8d28e3bc218294b4196b2e45c6688f25ea168f3cb17064dc5e3b1c43a416949f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LoggingPlatform.dll

Filesize
523KB

MD5
60dc6b3361714ee61ba411b949f9de29

SHA1
1e98f90c4ee4145f03d4e2973a9c6baa0ecc57d5

SHA256
15be60ecdc734a7c9a8ddb9bfab8e0c73e4bc693585ca1670094ef723efd275f

SHA512
c80cef81408aa275007f4db7b07d07ed420bbf74a18d64564a9acea2604bf9938975a5ac6f67584a93788dae66b4120ce8ef7583ee9729fe35981ffa0b801d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

Filesize
1KB

MD5
72747c27b2f2a08700ece584c576af89

SHA1
5301ca4813cd5ff2f8457635bc3c8944c1fb9f33

SHA256
6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b

SHA512
3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

Filesize
1KB

MD5
b83ac69831fd735d5f3811cc214c7c43

SHA1
5b549067fdd64dcb425b88fabe1b1ca46a9a8124

SHA256
cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185

SHA512
4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

Filesize
2KB

MD5
771bc7583fe704745a763cd3f46d75d2

SHA1
e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752

SHA256
36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d

SHA512
959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

Filesize
2KB

MD5
09773d7bb374aeec469367708fcfe442

SHA1
2bfb6905321c0c1fd35e1b1161d2a7663e5203d6

SHA256
67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2

SHA512
f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

Filesize
6KB

MD5
e01cdbbd97eebc41c63a280f65db28e9

SHA1
1c2657880dd1ea10caf86bd08312cd832a967be1

SHA256
5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f

SHA512
ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

Filesize
2KB

MD5
19876b66df75a2c358c37be528f76991

SHA1
181cab3db89f416f343bae9699bf868920240c8b

SHA256
a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425

SHA512
78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

Filesize
3KB

MD5
8347d6f79f819fcf91e0c9d3791d6861

SHA1
5591cf408f0adaa3b86a5a30b0112863ec3d6d28

SHA256
e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750

SHA512
9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

Filesize
3KB

MD5
de5ba8348a73164c66750f70f4b59663

SHA1
1d7a04b74bd36ecac2f5dae6921465fc27812fec

SHA256
a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73

SHA512
85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

Filesize
4KB

MD5
f1c75409c9a1b823e846cc746903e12c

SHA1
f0e1f0cf35369544d88d8a2785570f55f6024779

SHA256
fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6

SHA512
ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

Filesize
8KB

MD5
adbbeb01272c8d8b14977481108400d6

SHA1
1cc6868eec36764b249de193f0ce44787ba9dd45

SHA256
9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85

SHA512
c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.scale-100.png

Filesize
2KB

MD5
57a6876000151c4303f99e9a05ab4265

SHA1
1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794

SHA256
8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4

SHA512
c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.scale-125.png

Filesize
4KB

MD5
d03b7edafe4cb7889418f28af439c9c1

SHA1
16822a2ab6a15dda520f28472f6eeddb27f81178

SHA256
a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665

SHA512
59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.scale-150.png

Filesize
5KB

MD5
a23c55ae34e1b8d81aa34514ea792540

SHA1
3b539dfb299d00b93525144fd2afd7dd9ba4ccbf

SHA256
3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd

SHA512
1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.scale-200.png

Filesize
6KB

MD5
13e6baac125114e87f50c21017b9e010

SHA1
561c84f767537d71c901a23a061213cf03b27a58

SHA256
3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e

SHA512
673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveMedTile.scale-400.png

Filesize
15KB

MD5
e593676ee86a6183082112df974a4706

SHA1
c4e91440312dea1f89777c2856cb11e45d95fe55

SHA256
deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb

SHA512
11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

Filesize
783B

MD5
f4e9f958ed6436aef6d16ee6868fa657

SHA1
b14bc7aaca388f29570825010ebc17ca577b292f

SHA256
292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b

SHA512
cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

Filesize
1018B

MD5
2c7a9e323a69409f4b13b1c3244074c4

SHA1
3c77c1b013691fa3bdff5677c3a31b355d3e2205

SHA256
8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2

SHA512
087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

Filesize
1KB

MD5
552b0304f2e25a1283709ad56c4b1a85

SHA1
92a9d0d795852ec45beae1d08f8327d02de8994e

SHA256
262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535

SHA512
9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

Filesize
1KB

MD5
22e17842b11cd1cb17b24aa743a74e67

SHA1
f230cb9e5a6cb027e6561fabf11a909aa3ba0207

SHA256
9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42

SHA512
8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

Filesize
3KB

MD5
3c29933ab3beda6803c4b704fba48c53

SHA1
056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c

SHA256
3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633

SHA512
09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveSmallTile.scale-100.png

Filesize
1KB

MD5
1f156044d43913efd88cad6aa6474d73

SHA1
1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26

SHA256
4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816

SHA512
df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveSmallTile.scale-125.png

Filesize
2KB

MD5
09f3f8485e79f57f0a34abd5a67898ca

SHA1
e68ae5685d5442c1b7acc567dc0b1939cad5f41a

SHA256
69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3

SHA512
0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveSmallTile.scale-150.png

Filesize
3KB

MD5
ed306d8b1c42995188866a80d6b761de

SHA1
eadc119bec9fad65019909e8229584cd6b7e0a2b

SHA256
7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301

SHA512
972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveSmallTile.scale-200.png

Filesize
4KB

MD5
d9d00ecb4bb933cdbb0cd1b5d511dcf5

SHA1
4e41b1eda56c4ebe5534eb49e826289ebff99dd9

SHA256
85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89

SHA512
8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\OneDriveSmallTile.scale-400.png

Filesize
11KB

MD5
096d0e769212718b8de5237b3427aacc

SHA1
4b912a0f2192f44824057832d9bb08c1a2c76e72

SHA256
9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef

SHA512
99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\LogoImages\Resources.pri

Filesize
18.1MB

MD5
4fbd1578d8beef2787c69a650c6e18a9

SHA1
51c7bfd3d23b7aaef7f6f9fa16f816714900c7e9

SHA256
2d9961faa1b5b8018f803a74c8e83c0036eed830fbe70fc9c57320bd8cddf1cf

SHA512
ab82c867dad53c2c839c16f031d97ebe9ba691be9ae0d9aed6370d34cd43594330f8167bc1e1a2dbfc99848a30aea5f6d3532590a263d4248db72319a26a3f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\OneDrive.VisualElementsManifest.xml

Filesize
344B

MD5
5ae2d05d894d1a55d9a1e4f593c68969

SHA1
a983584f58d68552e639601538af960a34fa1da7

SHA256
d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c

SHA512
152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\OneDrive.exe

Filesize
4.5MB

MD5
7e08a28d3b424e858829cc5988ef5e48

SHA1
f741c9eb5e0095de600673f66804be9d6eee14eb

SHA256
6b2c396dee5315426520fe5de6b68ec85c79dc04147178d9fae19b9447757975

SHA512
10505316ccaf54fe0fb7f42dd9611f09868fae754406838f76e0db9a326924b14a697de67f7288992f5a89f6abc7417315ebbd3852ae54847750315937f5b5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\OneDriveStandaloneUpdater.exe

Filesize
3.1MB

MD5
8ac6dcf2791f83b26f8a8b79ae0453c4

SHA1
1848666e7fa7ddeb85af73af1e866faed39dd1a9

SHA256
70b18d20e0313f9fa18643a724ea509bb10888cd7886e64206162c3152c6e4aa

SHA512
dba044053f57a11cc2d9746bb08227944fb15692e24d250d6d546e32d0367b4696bb74a4cda3ff71cca43aafd1d75bc93247f71b00feded349b21f712cd5984e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\OneDriveTelemetryStable.dll

Filesize
1.6MB

MD5
2509d4bbdbdeec1ee76d364463b4a4e3

SHA1
37edb64d1466c45d84941138ff2c96c58cdac7df

SHA256
539a0d6653226fbd840e153838548211915fc4439e3039bf7e5be1aa7e560d31

SHA512
ad583d17f6bc559c0f8b998b31d6d21784bdf5adaa863d652e6c98c97aa8a0cad58cd61aeeb4af4d013f3cb47f926cb4509b522161976aec0c27ac3b606a357f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\Qt5Core.dll

Filesize
5.2MB

MD5
c8bc09fb09a043b4e39077c7c5032a82

SHA1
dcb12555fb9c443fdd2f7dc2f3bac1cabb4c7c16

SHA256
2120698937f1cc086fc385f40bf69177d301d9fb4a7a9b87661a9ab1b97748c0

SHA512
2503d0fa83ae3edc6397ff012f45e872256e761a55bf2548018f720865e4c18574c799f9e40fd672891076d2b3414d9d713d307c3dc29ae44a68913f48f6356e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\Qt5Qml.dll

Filesize
2.8MB

MD5
d039da8ff00c6879f2955a22a103c138

SHA1
437acad8b524976448a48b5ed7336e86d1cafd69

SHA256
b76752bb07505087340ea531b52f31429aff62ca2ec3a3eb0549de41762a0f17

SHA512
1d5f883822df24e744b0874b343bfbeb95c1f46c0ae08fe14eb8f036fd7c5c84ef42d369603d53d617ed2998c71163e46935872fb8cc90f3d58b2ace959912f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\SyncEngine.dll

Filesize
9.9MB

MD5
14fdb2a33701eb96426326b7a6cf4aac

SHA1
37610d08cb8cf6f57894e06ca790532f53d2d151

SHA256
591382713ca46aaa0850a51e7a4ea5dbc8320241e80611dd284d32ac67bd56ad

SHA512
48ff5d87dbc131752b364b2d60053bca03367b9c7b14019c4597959ed764343b33eabf9ad089bc84a91085cbdceb08809b2a3a4d96e49b168758a74cca9d6149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\Telemetry.dll

Filesize
892KB

MD5
2f7b8bbc2008f3ff2dfb901d8b9abca5

SHA1
5dd9e0d28f09ff4d7a8d21d4b970643a6c39f8f3

SHA256
f11de3382f68bcb1018fd1f119cd530ee17be7fb9ed6df8e424e201194848a7a

SHA512
2286af860dd01ae91fdadf62f1f01b32e6a09c77b61b75cf24358aff37e0c818378e7f0d5825710b20c23e9d4b70c14e0e68ebf2f0f5de250698bf9a78902254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\UpdateRingSettings.dll

Filesize
513KB

MD5
4d46be7485d89ae1a286b5631ceffe4d

SHA1
c1242148ee5bdbe3f9286a1e4ae8fa68db40c0c3

SHA256
2b7602bbe06b80142243e2d8d37a8828d74d3c005d06fd6fc47561612ce6b6ea

SHA512
be9b1538fa39efe90777229d0e9a94a41f237ae98d2a7e8f5c33de87e029c8d4f06e5d287b52c678532a0b276d4ff3a7942ccf9fdb43ccd62967ba03187f00c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\WebView2Loader.dll

Filesize
108KB

MD5
c18bd18ea7a70fc954bcd5ac2b92f577

SHA1
d76ad59c427903e3db30e49045bed564def8f6ef

SHA256
289cc7d9017472a7506a64e76bd1939ec6994247062bd5b449329e20c67901f8

SHA512
f38636d3562e54fe26a3a4a04e6ec635ae9f176fd532f579190bf9bdee9e27f2d11dafa644bf905230126632c4f4242e7e63522e5872e6b3f4b54d602656a17a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\WnsClientApi.dll

Filesize
720KB

MD5
283d56a7b34829b8ac6efebacf79a699

SHA1
4f38a24dc5e7092c2c0f5a1960d90ba3a74d72fd

SHA256
53c4562a0428f8ee2e23e1f1b74444a0d2f2c8d6b1e567eea23e5a88de10a201

SHA512
0bc49793fc48be0e27606a2972fb8e23e356c77b9bd1c546fb5f5ddb15cfc340ee51ba3b31e7aba895c26f483af25b82776c533cd273c760fd4a67f03b1cb8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\adal.dll

Filesize
1.3MB

MD5
f8b1b047444274c1b73416731f2b22b9

SHA1
d43cfd07a38081198cbf656431564a0ffa3daf95

SHA256
c9966be7befbeedf14b2ffd76412b92bf2d93f836588760a8e17e50db8aacbd3

SHA512
1628eb227d7237967e23521ff617ec706b116bc4e38cff60ce45a2d854146dd1fc1859e3d58c1d7f1e588821a0ddc2aef4eceb9527277c3c1fa30f5368d7e51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\msvcp140.dll

Filesize
427KB

MD5
f3b8af1786fa36eedb02323a0b1a1411

SHA1
027447264bfe6bdc94d824f65178d057b775f2b0

SHA256
9cb03b4936cd195cbc339f727a3f21108fb0016656f30442ae3b89850d86f673

SHA512
125eaccd74dad8786fe871efa2be226265b35984978b8427297f10f703756cf5af2b48242dbbfbe9a854e8fca55f0198ddaa7b1355ef98935ec806e707988afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\msvcp140_atomic_wait.dll

Filesize
52KB

MD5
9804c091e87042aa32429d1010d94b67

SHA1
15ca476ce006d5dc3a105bb544aa5fad7f4280dc

SHA256
c4caec5237faf802c3727965b73c99cba78f626cf73090378684c6c66c4e4016

SHA512
d8591c097874261a55271986e0a920a01f95a4a91f9ed5b7dcc773d91f56bb70b059db3dd4a00687ef6145e2a844f3da73e0419af566efd165b5b9ccde4a14c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\pa-Arab-PK\localizable.json

Filesize
4B

MD5
c443b04d0fc26b0a5a4573a78e0082a1

SHA1
3c957535345645dce7190b85eb10b39da96b2518

SHA256
e3566b3a06430868d71e9287dfd6c6c520a3da027aabea01951d407ee131dc2f

SHA512
7bbf6dac485c9e59d02edabc91ff5b15bc1319cef6905c0077ee16e3b1f572b61bff85f2400bc0f5b4aeab0260bd5d68787d72c7a688d79192952f7957a44de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\ucrtbase.dll

Filesize
1.1MB

MD5
b51427633fe201dca91a4667f8e93727

SHA1
a31cf3967cd6902ee4685890fdd9857e32198e27

SHA256
49d99cf727e413bc3dc4b4f1ae64b3067f5b61806fd9cb283ba90e87aff9ee4d

SHA512
90fe8bc116fc8c40a197d96f0e019451309fbaade39a724e1242db43f827f24d1fbadb6b3260e614aab065d72947cc29f4ecfd8bb589868e3cd8db69288bbc75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\24.161.0811.0001\vcruntime140.dll

Filesize
78KB

MD5
198cad6893a9cd38edfe94264f8062bb

SHA1
3de831edfbfc6edcb41a479ff6f86e49d75a8ddb

SHA256
0a7c667ac72d5367cf70ae5676e9f9c4ce3d5de204676bdb2489eb3971549a24

SHA512
d8f97b8a198942f0a9e41e01ae9a46828041a282aa7a9131bf34cbecfb639dbcbb25a3d601d98bf9269e898347e8c6fd09356e7493e05310c280d5987b84f8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\ListSync\Business1\settings\Microsoft.ListSync.Settings.db

Filesize
16KB

MD5
0130cad03d5c4c60fb6dc0de22a45299

SHA1
3ebbea2c5a73d85aab43d22d24c11be0b67a8a30

SHA256
d38575e23552206e737d95a9d84c15fc0c8558f2ea4365a4e2903ae81cc5e59f

SHA512
a5d09d5d89a29cd3b8bc49c53da0391a0cadac6683a8726ca359984cec9ab9788702faaff298790747e9930a357a5133c523b73b8bbb0ce32f6802d6e6b5562a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\ListSync\Business1\settings\Microsoft.ListSync.Settings.db

Filesize
16KB

MD5
2a8e09d538d1672bc71b9c54ca3e9dd3

SHA1
4e4fcdd4eeba73975035a61296d20b4e331ed578

SHA256
904bab35cf9efee8824fde5a00e049a79ed02d72875a9bb0ee54c067ceaab83b

SHA512
61c337e135806fcd2bae3457d1af315b9afe00a057b97077edc248d5982f397e3b66557378709361c9c412948c89b2d80bb15bc13bb946bd4ed83fa803457f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json

Filesize
81KB

MD5
d1d5db2960fce53261765962d95d7558

SHA1
d1fb7e6e4a5a0fa7af01b8206f7c13cd6a317370

SHA256
5924793a8f6dd5dea080daa316e248306ddc1b4cab64b8559486be5fb99d3486

SHA512
56a13be8013e62cb9cbcc7782dc28787f82bea9163a341af18482266f29cb882e1a02145f79ece65fa8f2264924c42155da48c90a42ff8b3fb405a5ea69b1d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\1521f696d8626c8e8127c0284ab987ff1974f39a.tbres

Filesize
2KB

MD5
8cba5283c3da7128e34d1174d91d248d

SHA1
be91ed1e241a1da00fae267b61624d14f8e3022a

SHA256
6246228e1749cbf8ee403fa8b8275e7ef0993d972be5daa3884fe7419c06fc16

SHA512
bb0aa2b7007f8da82e76d4f1496a3b43d85df586b5b53c0ece913bc4e05a30a392439dfd61709abe3a8e49bef43f380f90982ff61081818db471896c62335c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\4e7a3602a6530194fc2a9d803f78656054f42b7e.tbres

Filesize
2KB

MD5
33237bd2ab4afa00c290d2524819b8e7

SHA1
8194ca3a4aa3033abb51d8eed58804bdc6033614

SHA256
0fede640c262f5851623ae999bf78316b3c7d9bf9bb9f718533723e1099655c8

SHA512
ed1bdd02d664ff422288bc6200532d923af104f26c936409aeff32b572437a5136240058710d23f43d802462a585d57841d5f5f570582cfdb2e1d211121a2d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\78c091ac6d34daa9d603629dd088840de549030f.tbres

Filesize
2KB

MD5
1635513113d225c33e52e551a03e2e4c

SHA1
15141bd665972ea1f32939001516e5d20cfb02c8

SHA256
dba3f2b23d902f6dae4b37ad69d1524711ce6ae6d4865265a149bc8e134290a4

SHA512
ebc2e640438c81f0c46d2a3777db0433fa519ee387facaa24df71e36765c50bc35d41b3229bd7a58671e6ff6dd0317660a64e59818ca889f49869f43d4bbd63f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KQ3665LB\26cd1b04339a18197427087fe7a87fe7d1d2db62[1].xml

Filesize
1KB

MD5
deaced675b91816dd28892ef57f8d023

SHA1
68c3fb5bb49b750732f2b134da3d204cc4b7b577

SHA256
d023ecf82f20455fd4c12d4ae16e02b9765bc4c27fd6930f33bfd4bacb701079

SHA512
c50accf5815524d19292d6a1941394327316f7e6f2d187c077771b523f865f973fee54336bd9e66f19fa12a6f37fd4bb47e33877d58622712726fa937d792042

Download Submit
C:\Users\Admin\AppData\Local\Temp\wctEA41.tmp

Filesize
475B

MD5
b3261dc73bed7177a3a6cddbca3d8968

SHA1
abbaba3e770e9dc5c6c322f3df32cfb08355bfe8

SHA256
760a0af477ac49ae08c3af10149e2b263e88ca68986e29e73b61c45379abd932

SHA512
2859aa785a66f989613990cd11abd7951748b14da592f3f0fe36fad8bb6a57caa87e38b50481c445eef8945a629152f75abf8992aef5d8e8601cff306d9150a6

Download Submit
memory/1772-1568-0x0000000000F70000-0x0000000000FA5000-memory.dmp

Filesize
212KB

Download
memory/1772-1569-0x00000000691E0000-0x0000000069405000-memory.dmp

Filesize
2.1MB

Download
memory/1772-1587-0x00000000691E0000-0x0000000069405000-memory.dmp

Filesize
2.1MB

Download