a222bdf089f24ea1da86f7a6a6335acff90fc329ee9e0f7a21003fa42624869e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SkyDriveSetup.exe
Size

4.9MB
MD5

6961f3aec7f861c65091b8fb35086561
SHA1

e3b0fb8d929898ad342002afa28cc265194efe90
SHA256

cc9d7f28a00c0782658cfa90cfa69baebbb056d1838011f30782d2e96e2979fb
SHA512

e0fb908d916647e0297e272ec1428f6b70e4538bfdc2e8a99f45308e3d73165661a0bc3ef1425e6e8ad3da3e321bea9f5a4e10dc4434aeb4d0addf34027464bb
SSDEEP

98304:2qfhtV37w74C0CJmzevREdhOXQTFB74unJSqqgw3LFkkEGr3ra:JfXVrw7RRE2gTgunJSYw3LiWra

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 2 IoCs

pid	Process
1964	SkyDriveConfig.exe
1740	SkyDrive.exe

Loads dropped DLL 20 IoCs

pid	Process
2828	SkyDriveSetup.exe
2828	SkyDriveSetup.exe
2828	SkyDriveSetup.exe
1964	SkyDriveConfig.exe
1964	SkyDriveConfig.exe
1964	SkyDriveConfig.exe
1964	SkyDriveConfig.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe
1740	SkyDrive.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\SkyDrive\desktop.ini	SkyDriveConfig.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkyDrive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkyDriveSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkyDriveSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkyDriveSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkyDriveConfig.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SkyDrive.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SkyDrive.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	SkyDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	SkyDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	SkyDrive.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\TypeLib\{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\TypeLib\Version = "1.0"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\ = "IFileInformationProvider"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{3FE4C99C-5BB6-4F0E-9CC2-83F6A6C5A8CE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\ = "IFileUploadCallback"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ProxyStubClsid32	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\TypeLib\{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}\1.0\HELPDIR	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\VersionIndependentProgID	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\TypeLib	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\ = "SyncFileInformationProvider Class"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{76EECC6C-1042-4272-9468-9DF02AFB0A2D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\TypeLib\Version = "1.0"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\ = "IDeleteLibraryCallback"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\ProgID	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\ = "ErrorOverlayHandler Class"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{737E1B53-81D2-458A-9078-DF02C0284F39}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\ = "IContentProvider"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\TypeLib\ = "{A195846E-1536-4ACD-A720-9DB32D3AD239}"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\TypeLib	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\TypeLib	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\ = "ISyncEngineEvents"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\ = "ISyncChangesCallback"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\TypeLib	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\ProxyStubClsid32	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\TypeLib	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\TypeLib\Version = "1.0"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\TypeLib\{A195846E-1536-4ACD-A720-9DB32D3AD239}\1.0\0	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\ProxyStubClsid32	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\VersionIndependentProgID	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{72C88F85-FE66-4E49-BA23-8E850D607D06}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\ = "UpToDateOverlayHandler Class"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\SyncEngineCOMServer.SyncEngineCOMServer.1\CLSID	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\Version\ = "1.0"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.4111.0525\\amd64\\SkyDriveShell64.dll"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.4111.0525"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\TypeLib\{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}\1.0	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\TypeLib	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\TypeLib\Version = "1.0"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\ProxyStubClsid32	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\VersionIndependentProgID\ = "SyncEngineCOMServer.SyncEngineCOMServer"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\TypeLib	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\TypeLib\Version = "1.0"	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}	SkyDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Wow6432Node\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\TypeLib	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{6654AEDF-BBC3-48F9-B4F7-BD27ACF96A97}\ = "IErrorOverlayHandler"	SkyDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\Interface\{3FE4C99C-5BB6-4F0E-9CC2-83F6A6C5A8CE}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	SkyDriveSetup.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	SkyDrive.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	SkyDrive.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2828	SkyDriveSetup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2192	SkyDriveSetup.exe
Token: SeIncreaseQuotaPrivilege	2828	SkyDriveSetup.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1740	SkyDrive.exe
1740	SkyDrive.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1740	SkyDrive.exe
1740	SkyDrive.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1740	SkyDrive.exe
1740	SkyDrive.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2780	2192	SkyDriveSetup.exe	30
PID 2192 wrote to memory of 2780	2192	SkyDriveSetup.exe	30
PID 2192 wrote to memory of 2780	2192	SkyDriveSetup.exe	30
PID 2192 wrote to memory of 2780	2192	SkyDriveSetup.exe	30
PID 2192 wrote to memory of 2780	2192	SkyDriveSetup.exe	30
PID 2192 wrote to memory of 2780	2192	SkyDriveSetup.exe	30
PID 2192 wrote to memory of 2780	2192	SkyDriveSetup.exe	30
PID 2828 wrote to memory of 1964	2828	SkyDriveSetup.exe	32
PID 2828 wrote to memory of 1964	2828	SkyDriveSetup.exe	32
PID 2828 wrote to memory of 1964	2828	SkyDriveSetup.exe	32
PID 2828 wrote to memory of 1964	2828	SkyDriveSetup.exe	32

C:\Users\Admin\AppData\Local\Temp\SkyDriveSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SkyDriveSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\SkyDriveSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\SkyDriveSetup.exe" C:\Users\Admin\AppData\Local\Temp\SkyDriveSetup.exe /permachine /silent /childprocess /cusid:S-1-5-21-3063565911-2056067323-3330884624-1000
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2780
- C:\Users\Admin\AppData\Local\Temp\SkyDriveSetup.exe
  C:\Users\Admin\AppData\Local\Temp\SkyDriveSetup.exe /peruser /childprocess
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveConfig.exe
    "C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveConfig.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops desktop.ini file(s)
    - System Location Discovery: System Language Discovery
    PID:1964
- - C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    "C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies Internet Explorer settings
    - Modifies system certificate store
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3738a46712623c6ddd0a8dab470fa27

SHA1
b65914c2b4b000ad464859d510aca3fd37f5ad20

SHA256
267cf817f247e7c399e7bc0ee5ca54bce3c88885f046da7e0f177a4c3ddba347

SHA512
2c23395a185ea3f28edcc4109c59da3a4bb0e9f6d95d5b0abb9218bb72ad95a30d3b2361f3429586c42b92c550c9593ddcebf813426cb12796301670cd247087

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82623dfc9d1185c2dd094a788f25a6f2

SHA1
be1f0edcb23f6dfd26cf602f9227e12ad273798a

SHA256
a200cf199da30e242e13c0b58c4bc0c27fa8ef638812bb0cfb8b6197b8b8211b

SHA512
a5641a7209863bf31c76d578420633a5c647b4075bcff988d264d366ba06c45b2b269b31abd8d9baff1368b46952c69e854542c5b9a6ddee4fbb38647ffd865d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14e7b2786d76acc3be4b47fa18b7653d

SHA1
2fcb721d03ee5d2cb07b5766893d79fa06a6fa95

SHA256
ba0614a1b7c584630fcfa409001e7fc6a2ff21637f191887b686755cf1a18cae

SHA512
2bac96374572f18335d2cddc91a4c8c494655e9626bc1ec7f6cfae162367001dd49025df0462b6e148426a06d83543ea8f79061ec2d239600b2684c775cc7a01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd26a78c08c760b3134735de58401b11

SHA1
c12931d8a896c0b794246d70a0a746599363f21b

SHA256
5c6e15489cda149a8e2965d53e10b80c5c4c038e81749c0773c447e880578d0a

SHA512
86453d7f25d6ff83729d74113bcbc61c5527a9b0b925ea93bdb40867669227088cba5907894ff2e0509f870ab1e2a14bfabb039c3d7960beab8bb9aea736ad03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdc4617b2751a31bcfb1a737b029ee24

SHA1
d21dcb98d36bc5d2713190c0d1f14fadacfda9c0

SHA256
0c35d2d6a9198a7315e14e5ddd1dcb3e8a0bdb8651be9053cfe9212a3055c8b1

SHA512
709cb8943307eecf997a0558a5e0c0a8016c3984b2c2b0c89807f23bbff637dfb31c9e8446b1cb45e7dbd42d910027bf74b72cc3c41423251b7a2260fd20cefb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a81ee1c7a322ed42237857f0c97376f

SHA1
9c3954849aafbc9979f55e8e346897222ecd1e65

SHA256
374b30e15d7a2662a39b77fe1e31bb8e4a954b4bbed588d3a4a201357be95241

SHA512
749b63401326442e67ec6633dc14510bdf29f0465f087d775a33908779c01bdbcd81019c91c4c206e14fe5ab0208a0ff9b24a5f72f55a276cb485a6f9f5c688c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
254a3905ce359f847a536fb930b4282a

SHA1
cae00a8758252bda6519c184e21820e3ac1784e8

SHA256
c4417a8a618e3ca3f9544b743cd2f0e35ef775af9832a690fec25c6a76b626f7

SHA512
7b93fd17b4b7ee74516a7bc29f3c2286598d3c99bb4023030ecfa52d3f91f3dc57c3979d11522adcf60dbaeb219b5725a6346467fce2c1d9c9454dbb3eb9be0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76812053741f1e170fab414b3e5d5dcd

SHA1
60a2066059780fd76a2a87c5b501bb7770b58fba

SHA256
fd7298153cc3f95ab42d25512f807891f0a37dde5a4622fc58bdd42b62661b21

SHA512
c686b2c0e07f3811f6dd4a906fa071a9fb95461af101371afca5abe19e1104fb338c4a92816eae9058d4b96ad183aed73e94e0d70d60fd8dae5c732a619454a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bec701dd53294f17aed2bdb67fc529aa

SHA1
0686c1c40fbd0040bd1cace3f4f4983801a05139

SHA256
9ee18192ca49fdbb197320c9de397e99f0b82e9d87adca73a6fe522257897b4c

SHA512
dec0a2b13afb33cbf7e03bc10fea46daf03321a2d0cb7da1695a677dfde46593ac42a5ae5dd7b6004980402620af57ab3c6d85738c0c03c77aa278b44fa96824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e23a14f1d6bcdb86a09f93b7d235abc4

SHA1
4801ccaa7e8558baa6ec93c21b6e3a698a973c32

SHA256
41e6d551aa1dc05b079130900f677f31224abc97963b5755eda50c6fa0856199

SHA512
d39d7934a584ecc3d4103c0d13f1721a8847564502d0f1d9e4d2181850f5e04934f170c1bd99edafbe46a8b0dc1e346efa21542e0ce204b467c830905b81e0cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\MSVCP110.dll

Filesize
486KB

MD5
ca8caf812a9c267599f1ce883f16550f

SHA1
1fad05ba938095aa21aaeaa89fb7ef7ac378209f

SHA256
0b7347d9a5900c9d06335abeee9f14fbe01dce01d82c2a6a7f803401ca32a09c

SHA512
cf0c5bfa75c07fa4db909fabad5ce24e91011cb0487c5c02e8428b41dc3bc955dc2562c51a362c47c0d4821c3e7378a80f9cbee381df12e487252cd19d388c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\MSVCR110.dll

Filesize
838KB

MD5
3b271a85ee735442eb34a0526862acdb

SHA1
1c041547955f207137432dd5ae8b58a50ac90ee7

SHA256
8b9d8f5194ed37ec144bc6f1292687bac4e87c4e00c42d5a9accb5f77e571575

SHA512
897e222479e5f9fba4f68e59d2656605862a0323f1160a54dedfcc7fef5d950928ccd3cf96429ec11fd57e89fe21ac93cd64603efa4c6b0c5533f5d406b3ed42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\RemoteAccess.dll

Filesize
885KB

MD5
606228a21d8ff8350feb26a5e2b106b0

SHA1
b96329cc3cffbed8cdbac69ae8ad65902ff2b1f2

SHA256
666eec7449ea081f967462b105b460327ffffd96609c26c60c6b5033b802eaa9

SHA512
564841f2df6dc3ede506224c15804cf69741ce5ba8daf2bbfdb50f0bbc25594ba93597de85fac186b17ed21ad1c15219dd6c9c12bed1308528a0b0a1000aa475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDrive.LocalizedResources.dll

Filesize
28KB

MD5
06bb2a6d881371d2ed1c603d2b1e48e5

SHA1
6493f64fedd2fa5a712377535dcc096a75b99f64

SHA256
9bd2bcb6b0c55a3cc87945e867a8ba0b0c5c30f7811c951246446642fa415fdf

SHA512
2175b064b896f8a6a075f3f7fd12ef1a1a5859f6336c89d10ee471d495c6251371b6a027bd98e9c7337281490f62bd580b78d9fd15833291b0b8fade8f5c1fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDrive.Resources.dll

Filesize
427KB

MD5
2d8360363b8f6fdcca299d2c22dca771

SHA1
744fe047f366e98f078fc9bc84c3c276ddec5c75

SHA256
fd3f29babc567fe239cfadf14170ddb0f31f1735123ebfee267a7aa0132477e9

SHA512
08d2f7d5d4ab8e4f1bb39f5a74aa4a6613cd4f030b2443522022b5c735deb689f14f3fa2e93dce4eff6b0e3853f0264b3c0d3ddb23bf89688c547ddcb2520e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDrive.exe

Filesize
289KB

MD5
4f7c80e5a420e47b584055eb1ac61562

SHA1
f54a90b305dbcf051c8fccd572bd7a4ec2539414

SHA256
03a7569d09f443e19074d8f8e7fd34dd386d95421c1ff82925540a403b0c45da

SHA512
913aa669b299dccc9add2bf1244cc950b5b0d331f5a7a493f49c43c0be24709543cb64d9abe49e83328cd99d96c1ce410fc0d680d2d243142d735c01faba59aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveSessions.dll

Filesize
1.9MB

MD5
d7efb91b4c82161855e72be5b344e5e7

SHA1
deb88b421b147d2181616b3e704536499d2b038c

SHA256
1ebb38890123790c3375c9990474ba81da2b68e90f61fd2c8f4356a1d3782321

SHA512
12a21cb2af0f6a8b90dcd6349aeb54ff36ea69119dc037a85c16a522ebb9dac0c4592308acf8832df4a4ac1bfb25f8d585ff75bf9dc5ab25fe79dd71e54fe934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SqmWrapper.dll

Filesize
39KB

MD5
462ee1e45428317bb2b52445742012c9

SHA1
3ca3c44963eaad900b467a27879085f5db7f20fa

SHA256
1840e21bc882f7b3c9da3211f4bd69e56a1d9b360660723ddb553ceb227d6dda

SHA512
773a9f0db154a040850fbf9fd7699b76a013af757b10df52dc7bb9bff6a5ca75c866296a7854479cb2689d8d11c9678383a4d0b604942667a423120458b5d6ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SyncEngine.DLL

Filesize
1.9MB

MD5
8a36fb420dc8c1d9a41bc803ab06e273

SHA1
ca0423ac0d4a3380ec9b844ad69421bc07431518

SHA256
98e6897e79adc2faac4aef576a320636087e1b80f28960a97642d64faaac3468

SHA512
ddc7b5fd3c03398dcd514a5d1eb1ec65f14deef1c545f522ebd16fcd482e306fdb67c88d19d4029e2b9dc7ba6644a3ae77a6e2c2e58ee1dd3016bcc8f23c3108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\Telemetry.dll

Filesize
511KB

MD5
24cda4e1d91100810cf0d42f8d8c6534

SHA1
2a1268c85814eb4f87b5805dc3eee3c75129dfe9

SHA256
9c47367bf8fef455b252bc83e19020eb41372271942f840221e4e49d90b1e13d

SHA512
389c8bfe3d22f2816d7edf22247eeb9065f73333100e570803202cba0b6e329871fe015ac992d52e25e04b944e86a3e57435d337d862992c67cbb35439c3dc5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\WnsClientApi.dll

Filesize
475KB

MD5
3c5dae00549cb0c864a1a2a2495f31dd

SHA1
8c4e99a300a1c82ca55e32b59fd751b7572229aa

SHA256
2cf8de735b2e4257ff0460f94d3455dd284350a9cfdc7689aff793403c4146a8

SHA512
d7bdabfbf2b044ce2907deec97e4c5255d5454c3769b69a09724613ab089440d73b2d01e87831a9de48014c345b59dfaa6e5547c92d6dbedd6f3a2d564a12d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\en\SkyDrive.LocalizedResources.dll.mui

Filesize
28KB

MD5
eb5816e700351887eb38b60f13147952

SHA1
0adb402d5524a1ab7cd57b75ae2c062ff93bda4b

SHA256
07eda6d034cecbdb55cb0a47a4368ac11d5e4cea56f4c6d96720a85afa5dfea1

SHA512
474928f869f409480ba4b028a369f780033959dccb4d5ed7a7efa49a70add599d68093a3173ef6e6092a4cb78592d2356d4908d32b1be7e101e505836477dc84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\sqmapi.dll

Filesize
191KB

MD5
d475bbd6fef8db2dde0da7ccfd2c9042

SHA1
80887bdb64335762a3b1d78f7365c4ee9cfaeab5

SHA256
8e9d77a216d8dd2be2b304e60edf85ce825309e67262fcff1891aede63909599

SHA512
f760e02d4d336ac384a0125291b9deac88c24f457271be686b6d817f01ea046d286c73deddbf0476dcc2ade3b3f5329563abd8f2f1e40aee817fee1e3766d008

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9AFA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9B0C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7993.tmp

Filesize
4.0MB

MD5
77adb580cb498135d0a82cb549188b63

SHA1
3f34333dee14db56ef9e26b068aa910098942f4d

SHA256
bbef38f8e366fbe02d5e32a221dcec0aed2507a7b69c7bd862aa11c1cc754e49

SHA512
8c71d984e7efd06aeac65e35e7ee9ac5f6373b8be56447fe88e328ae84a301d74f7d2231efc9ca22801dfed29747ae69ffdc86f8d02aee019a9b0718cbc408d1

Download Submit
C:\Users\Admin\SkyDrive\desktop.ini

Filesize
96B

MD5
6b5a8d85f341857daef9d7e22fca7070

SHA1
e5f57f966bb2a42af24c0075757e16df4c6c6a3a

SHA256
783d72de685889ee953c109f7b82c92a5e8484c18fa65766513b9b805436ad7a

SHA512
3ecfaea6e48158fc6ebfc4f6d8903d5bdda646a2cf39d300fbb82deead41932146765ade9ebbd6f12ef9f49f519f31409e3020312b55efea0312f9b680d00be3

Download Submit
\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveClient.dll

Filesize
892KB

MD5
d1b88551772c865d673a9e133f3f2bf3

SHA1
f3a1bf1c52bc956393367596059a53e73cb1c6ef

SHA256
d78959317fbdd26f39e9b7f716a261c1913aaeb674b030aab88a04faa43732ca

SHA512
a6f310211c7e3474148cd448e375c20b847a63f0f2627438b165b0e0b570dbcd2d72612182f6de6a68973bec655f8259e79e0cf84070ff05447668aeeccda540

Download Submit
\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveConfig.exe

Filesize
64KB

MD5
18c8c55eb81f2ed8111dbcf5f404e991

SHA1
2e98030db805513f25f2cc735d4a3c2cd0e3ee08

SHA256
07b12c599f712e28cac3394ecfeb5c3490334be181a0d30019687a8b626023b9

SHA512
bd196777879778b67235bdeae4ce6bcb0522f9aebf90ca5808d05f65340ee6355ac8f88d12a7ca3d41955b34abcae4a34b128f4987fe7519aeafe8429c7d8725

Download Submit
\Users\Admin\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\logging.dll

Filesize
29KB

MD5
7ad6181041e79f86c982ad8998c1cccf

SHA1
cb3cb2cbedfae2062994970ee2cbe9bf52c1e439

SHA256
3a13368ac6c2028a75edb650097f4e573f052c4b32dbfaab7e906ac815aa0586

SHA512
a2a50fb65d742b97459be1f5f1f2125ed63c39653a6e6943280ab7188897755841d7df050884378959cbaa74cf0666b86d105dd21718f72e617dd6738596bdf2

Download Submit