Malware Analysis Report

2024-12-07 15:14

Sample ID 241113-ysyycs1rbl
Target https://gofile.io/d/xXLSGv
Tags
discovery evasion execution persistence privilege_escalation upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://gofile.io/d/xXLSGv was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution persistence privilege_escalation upx

Enumerates VirtualBox DLL files

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Sets file to hidden

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks computer location settings

Modifies system executable filetype association

Adds Run key to start application

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

UPX packed file

Checks system information in the registry

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Views/modifies file attributes

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Checks processor information in registry

Modifies Internet Explorer settings

Delays execution with timeout.exe

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 20:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 20:03

Reported

2024-11-13 20:10

Platform

win10v2004-20241007-en

Max time kernel

373s

Max time network

364s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/xXLSGv

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\System\System.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\System\System.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\System\System.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\System\System.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Desktop.scr N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemS = "C:\\Users\\Admin\\System\\System.exe" C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\FileSyncConfig.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\FileSyncConfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760018551989249" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\ = "ILaunchUXInterface" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\ContextMenuOptIn C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\TypeLib\{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\20.084.0426.0007" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\FileSyncClient.FileSyncClient\CLSID\ = "{7B37E4E2-C62F-4914-9620-8FB5062718CC}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{c1439245-96b4-47fc-b391-679386c5d40f} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\Programmable C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_CLASSES\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\BannerNotificationHandler.BannerNotificationHandler\CurVer\ = "BannerNotificationHandler.AutoBannerNotificationHandlerPlayHandler.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_CLASSES\WOW6432NODE\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\PROGID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\BannerNotificationHandler.BannerNotificationHandler.1\ = "BannerNotificationHandler Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\ = "UpToDateCloudOverlayHandler Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_CLASSES\WOW6432NODE\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\VERSIONINDEPENDENTPROGID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\Programmable C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\FileSyncClient.FileSyncClient\CLSID\ = "{7B37E4E2-C62F-4914-9620-8FB5062718CC}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_CLASSES\INTERFACE\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_CLASSES\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\ProgID\ = "FileSyncClient.AutoPlayHandler.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603}\ = "ISyncEngineHoldFile" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\FileSyncConfig.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ = "ISyncEngineBandwidthLimiter" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\TypeLib\ = "{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_CLASSES\INTERFACE\{9D613F8A-B30E-4938-8490-CB5677701EBF}\PROXYSTUBCLSID32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy\CLSID\ = "{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\TypeLib\{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}\1.0\0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\SyncEngineCOMServer.SyncEngineCOMServer.1 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_CLASSES\SYNCENGINESTORAGEPROVIDERHANDLERPROXY.SYNCENGINESTORAGEPROVIDERHANDLERPROXY\CURVER C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\WOW6432Node\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider\CurVer\ = "SyncEngineFileInfoProvider.SyncEngineFileInfoProvider.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\ = "ISetSelectiveSyncInformationCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\System\System.exe N/A
N/A N/A C:\Users\Admin\System\System.exe N/A
N/A N/A C:\Users\Admin\System\System.exe N/A
N/A N/A C:\Users\Admin\System\System.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\System\System.exe N/A
N/A N/A C:\Users\Admin\System\System.exe N/A
N/A N/A C:\Users\Admin\System\System.exe N/A
N/A N/A C:\Users\Admin\System\System.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\System\System.exe N/A
N/A N/A C:\Users\Admin\System\System.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1524 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 1520 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 1520 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1524 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/xXLSGv

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbbcbbcc40,0x7ffbbcbbcc4c,0x7ffbbcbbcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,7422438210819790956,3573104414599933892,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,7422438210819790956,3573104414599933892,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2032 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,7422438210819790956,3573104414599933892,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2268 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,7422438210819790956,3573104414599933892,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,7422438210819790956,3573104414599933892,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,7422438210819790956,3573104414599933892,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3680 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3384,i,7422438210819790956,3573104414599933892,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3360 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4944,i,7422438210819790956,3573104414599933892,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3764,i,7422438210819790956,3573104414599933892,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8

C:\Users\Admin\Downloads\Desktop.scr

"C:\Users\Admin\Downloads\Desktop.scr" /S

C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\FreeNitro2024.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x468 0x150

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\System\""

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\System\activate.bat

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\System\System.exe

"System.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "FreeNitro2024.exe"

C:\Users\Admin\System\System.exe

"System.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\System\""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\System\ss.png"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4752,i,7422438210819790956,3573104414599933892,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start "" "C:/Users/Admin/System/System.exe""

C:\Users\Admin\System\System.exe

"C:/Users/Admin/System/System.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del ss.png"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\System\""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\System\ss.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\implode.bat

C:\Windows\system32\attrib.exe

attrib -s -h "C:\Users\Admin\System"

C:\Windows\system32\taskkill.exe

taskkill /f /im "System.exe"

C:\Windows\system32\timeout.exe

timeout /t 3 /nobreak

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /enableExtractCabV2

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\FileSyncConfig.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

/updateInstalled /background

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:443 gofile.io tcp
US 8.8.8.8:53 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 126.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 store4.gofile.io udp
FR 31.14.70.245:443 store4.gofile.io tcp
FR 31.14.70.245:443 store4.gofile.io tcp
US 8.8.8.8:53 245.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.136.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
N/A 127.0.0.1:64429 tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 102.144.22.2.in-addr.arpa udp
US 162.159.136.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
N/A 127.0.0.1:65257 tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 92.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 23.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 132.194.113.52.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp

Files

\??\pipe\crashpad_1524_HCHXHNLKSQMPGALY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d7beb5cfccb265748c4fce20a5113ad3
SHA1 86e3f66e986b7de8f92d5f6f5b46edb8d3c163c7
SHA256 b43d520f9c144eb8afff3a793ebe83b390cde997ac5fa4cb16b7c5cd50f5c26a
SHA512 1e2993fc697787dbc7c6ea87d26336153d7b26a8b8bfec747ac061ca5e10fab18c38c851caafb6d08bc413fec9704e8d5a3d6e4d4285663f794fd89d0df5721d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7259131b87eed889c0af16e77d1f1fe1
SHA1 620ebe885e7a339b2df2b2debaa2b9731527674f
SHA256 90aa06be3145bf16b1aeb823282e986515f5e9ad33db1fdb5104c37e39eb5b88
SHA512 7c256c0472f36a01dd20ea059208a07d41ec028e73fc8012c495ded336db02aecac8c1cd77cf47043e5292a485f02454ddaecdc077661f315791206a3cf9a630

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3ad243a53f3a9139178e9a1e778a874
SHA1 2e811f8bd0046f4f55b40de887bbf74678bb7f92
SHA256 7d79d52f72307b964643ff74f10b5d7bc079534c25f03dfdf2e9bdcb23ffab2e
SHA512 a59173d90e66ee0e4661c983f5d63742c4d9a7bbca77103baac50d14b5a32aefc9d2f4d6837c1e36445c27e1aa83e23d1d029f811bc50ff74d266e8573bc7095

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a904fe2024c294d78087addef537d216
SHA1 0ed30f3386dc37fc6798061d26cc187838aa6dad
SHA256 26d2588b4f679c35414099c2e143c73986a095a5b4b2df995cc6280998f11475
SHA512 864c795aa904957c36519e15d83ba60993863d3deb3f09e98f4fa664c1c9a10eba7694aa89dfaadedde16b39af47db8c3c12fb5bed8f43d2e58011c78b8364a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f9d825d429da34275f17d77adff8038
SHA1 c62062a87420038ae170a40a0282eff5fe2c22f8
SHA256 fd2329e8b09948c09b9a2a598b871c918be62446c47a538916b27376c6cc3b5a
SHA512 26123ed89ecda8fcefe3348fc23ae4ed69050a178f47db461d0c750e8e12659712e40eac5fc55dc2b87300ea0069eb506bf9a241912f64ad21cff3cb2e0079a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9fb06d70c8c01af06a8f845922bf5123
SHA1 aecc6425001ecd3be2a143e0c4257ec8fd163c6f
SHA256 e9ed3e4939b9fe1f5e51de3c867bf1b75e16f7a9986c59a30212617b876eaa92
SHA512 66bd335b0e630d50ec91dcda728f806a055300a1459299d775810dea7d0c0cd7ca59f4e81a49760f11b02a829ef86de5177d2d06c32d5338d46ff4a6debf3fab

C:\Users\Admin\AppData\Local\Temp\_MEI36402\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI36402\python311.dll

MD5 87b5d21226d74f069b5ae8fb74743236
SHA1 153651a542db095d0f9088a97351b90d02b307ac
SHA256 3cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194
SHA512 788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6

memory/4236-1425-0x00007FFBA9280000-0x00007FFBA9868000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI36402\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Users\Admin\AppData\Local\Temp\_MEI36402\base_library.zip

MD5 2a138e2ee499d3ba2fc4afaef93b7caa
SHA1 508c733341845e94fce7c24b901fc683108df2a8
SHA256 130e506ead01b91b60d6d56072c468aeb5457dd0f2ecd6ce17dfcbb7d51a1f8c
SHA512 1f61a0fda5676e8ed8d10dfee78267f6d785f9c131f5caf2dd984e18ca9e5866b7658ab7edb2ffd74920a40ffea5cd55c0419f5e9ee57a043105e729e10d820b

C:\Users\Admin\AppData\Local\Temp\_MEI36402\python3.dll

MD5 34e49bb1dfddf6037f0001d9aefe7d61
SHA1 a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA256 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512 edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

memory/4236-1433-0x00007FFBB9180000-0x00007FFBB91A4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI36402\libffi-8.dll

MD5 77199701fe2d585080e44c70ea5aed4c
SHA1 34c8b0ce03a945351e30fb704a00d5257e2a6132
SHA256 4eb41bcf5e54017c4d8c6a7184f4633d9e6c10ca8f52ad21e3b752edd745d4ee
SHA512 d325f517a3eb831f3f5853c5471295244716a666507aa4e4b262e0842f1bfad0c9648a6711fbce514193e411cfcdbb9afe86764e740355cd06895dfcc623fe34

memory/4236-1435-0x00007FFBBE0B0000-0x00007FFBBE0BF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI36402\_ctypes.pyd

MD5 e7ec734581f37a065e54b55515222897
SHA1 9205e3030ea43027cba202b4c968447927d3dc0d
SHA256 9e619adf436228c1c87e7909ca58575a02ef069d71045785b102e2a0f833b6a3
SHA512 281a16075a10ab4465ff1ab49c5639e982961b5029dc36f4b9657f32b9c29ff1bd39c2d6a3f793d7f93fd10802f5d1356bee9e54fa6eb67780a6275094e4fef3

C:\Users\Admin\AppData\Local\Temp\_MEI36402\_lzma.pyd

MD5 49a6a6127ad0a70a2d60f193254ba710
SHA1 eb9f1f5a0b264d6c2c477562b9331a798b9a1909
SHA256 4ad51dac78f9192831ee9c6959ad3d67e0f66869bded3a91688b08c4ff2103f7
SHA512 e5064d0536361fd193b1855fcb4173cace51094d8c8827dfca893d49734200156847987124ded14d75aa0c61f1204cc00eaf4ee81d84406e17ad216bf17003ca

C:\Users\Admin\AppData\Local\Temp\_MEI36402\_bz2.pyd

MD5 c33370fc6631725aec3102b955b5e4bf
SHA1 0fce43642e54cd9db1eb48bbfd7661b8a4613e0d
SHA256 6c41a618b4dec812f5cd434375f33052daada9f49c6d472e82bdec27c407cfc5
SHA512 1de939ccb2b6349eaefcf12f37fb00b2b5dafff07930d52bfededcdfe6a234c0da75030596f544adfea09c786dc576fc5a88056ec614d2059a1a9e182925a021

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 075419431d46dc67932b04a8b91a772f
SHA1 db2af49ee7b6bec379499b5a80be39310c6c8425
SHA256 3a4b66e65a5ee311afc37157a8101aba6017ff7a4355b4dd6e6c71d5b7223560
SHA512 76287e0003a396cda84ce6b206986476f85e927a389787d1d273684167327c41fc0fe5e947175c0deb382c5accf785f867d9fce1fea4abd7d99b201e277d1704

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-crt-math-l1-1-0.dll

MD5 b8f0210c47847fc6ec9fbe2a1ad4debb
SHA1 e99d833ae730be1fedc826bf1569c26f30da0d17
SHA256 1c4a70a73096b64b536be8132ed402bcfb182c01b8a451bff452efe36ddf76e7
SHA512 992d790e18ac7ae33958f53d458d15bff522a3c11a6bd7ee2f784ac16399de8b9f0a7ee896d9f2c96d1e2c8829b2f35ff11fc5d8d1b14c77e22d859a1387797c

memory/4236-1476-0x00007FFBA8F00000-0x00007FFBA9275000-memory.dmp

memory/4236-1475-0x00007FFBB7B00000-0x00007FFBB7B14000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-crt-locale-l1-1-0.dll

MD5 650435e39d38160abc3973514d6c6640
SHA1 9a5591c29e4d91eaa0f12ad603af05bb49708a2d
SHA256 551a34c400522957063a2d71fa5aba1cd78cc4f61f0ace1cd42cc72118c500c0
SHA512 7b4a8f86d583562956593d27b7ecb695cb24ab7192a94361f994fadba7a488375217755e7ed5071de1d0960f60f255aa305e9dd477c38b7bb70ac545082c9d5e

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-crt-heap-l1-1-0.dll

MD5 d5d77669bd8d382ec474be0608afd03f
SHA1 1558f5a0f5facc79d3957ff1e72a608766e11a64
SHA256 8dd9218998b4c4c9e8d8b0f8b9611d49419b3c80daa2f437cbf15bcfd4c0b3b8
SHA512 8defa71772105fd9128a669f6ff19b6fe47745a0305beb9a8cadb672ed087077f7538cd56e39329f7daa37797a96469eae7cd5e4cca57c9a183b35bdc44182f3

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 5107487b726bdcc7b9f7e4c2ff7f907c
SHA1 ebc46221d3c81a409fab9815c4215ad5da62449c
SHA256 94a86e28e829276974e01f8a15787fde6ed699c8b9dc26f16a51765c86c3eade
SHA512 a0009b80ad6a928580f2b476c1bdf4352b0611bb3a180418f2a42cfa7a03b9f0575ed75ec855d30b26e0cca96a6da8affb54862b6b9aff33710d2f3129283faa

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-crt-environment-l1-1-0.dll

MD5 f9235935dd3ba2aa66d3aa3412accfbf
SHA1 281e548b526411bcb3813eb98462f48ffaf4b3eb
SHA256 2f6bd6c235e044755d5707bd560a6afc0ba712437530f76d11079d67c0cf3200
SHA512 ad0c0a7891fb8328f6f0cf1ddc97523a317d727c15d15498afa53c07610210d2610db4bc9bd25958d47adc1af829ad4d7cf8aabcab3625c783177ccdb7714246

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-crt-convert-l1-1-0.dll

MD5 edf71c5c232f5f6ef3849450f2100b54
SHA1 ed46da7d59811b566dd438fa1d09c20f5dc493ce
SHA256 b987ab40cdd950ebe7a9a9176b80b8fffc005ccd370bb1cbbcad078c1a506bdc
SHA512 481a3c8dc5bef793ee78ce85ec0f193e3e9f6cd57868b813965b312bd0fadeb5f4419707cd3004fbdb407652101d52e061ef84317e8bd458979443e9f8e4079a

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-crt-conio-l1-1-0.dll

MD5 d4fba5a92d68916ec17104e09d1d9d12
SHA1 247dbc625b72ffb0bf546b17fb4de10cad38d495
SHA256 93619259328a264287aee7c5b88f7f0ee32425d7323ce5dc5a2ef4fe3bed90d5
SHA512 d5a535f881c09f37e0adf3b58d41e123f527d081a1ebecd9a927664582ae268341771728dc967c30908e502b49f6f853eeaebb56580b947a629edc6bce2340d8

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-util-l1-1-0.dll

MD5 0f129611a4f1e7752f3671c9aa6ea736
SHA1 40c07a94045b17dae8a02c1d2b49301fad231152
SHA256 2e1f090aba941b9d2d503e4cd735c958df7bb68f1e9bdc3f47692e1571aaac2f
SHA512 6abc0f4878bb302713755a188f662c6fe162ea6267e5e1c497c9ba9fddbdaea4db050e322cb1c77d6638ecf1dad940b9ebc92c43acaa594040ee58d313cbcfae

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-timezone-l1-1-0.dll

MD5 d12403ee11359259ba2b0706e5e5111c
SHA1 03cc7827a30fd1dee38665c0cc993b4b533ac138
SHA256 f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781
SHA512 9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 fd46c3f6361e79b8616f56b22d935a53
SHA1 107f488ad966633579d8ec5eb1919541f07532ce
SHA256 0dc92e8830bc84337dcae19ef03a84ef5279cf7d4fdc2442c1bc25320369f9df
SHA512 3360b2e2a25d545ccd969f305c4668c6cda443bbdbd8a8356ffe9fbc2f70d90cf4540f2f28c9ed3eea6c9074f94e69746e7705e6254827e6a4f158a75d81065b

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-synch-l1-2-0.dll

MD5 1281e9d1750431d2fe3b480a8175d45c
SHA1 bc982d1c750b88dcb4410739e057a86ff02d07ef
SHA256 433bd8ddc4f79aee65ca94a54286d75e7d92b019853a883e51c2b938d2469baa
SHA512 a954e6ce76f1375a8beac51d751b575bbc0b0b8ba6aa793402b26404e45718165199c2c00ccbcba3783c16bdd96f0b2c17addcc619c39c8031becebef428ce77

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-synch-l1-1-0.dll

MD5 225d9f80f669ce452ca35e47af94893f
SHA1 37bd0ffc8e820247bd4db1c36c3b9f9f686bbd50
SHA256 61c0ebe60ce6ebabcb927ddff837a9bf17e14cd4b4c762ab709e630576ec7232
SHA512 2f71a3471a9868f4d026c01e4258aff7192872590f5e5c66aabd3c088644d28629ba8835f3a4a23825631004b1afd440efe7161bb9fc7d7c69e0ee204813ca7b

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-string-l1-1-0.dll

MD5 2666581584ba60d48716420a6080abda
SHA1 c103f0ea32ebbc50f4c494bce7595f2b721cb5ad
SHA256 27e9d3e7c8756e4512932d674a738bf4c2969f834d65b2b79c342a22f662f328
SHA512 befed15f11a0550d2859094cc15526b791dadea12c2e7ceb35916983fb7a100d89d638fb1704975464302fae1e1a37f36e01e4bef5bc4924ab8f3fd41e60bd0c

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 a0c2dbe0f5e18d1add0d1ba22580893b
SHA1 29624df37151905467a223486500ed75617a1dfd
SHA256 3c29730df2b28985a30d9c82092a1faa0ceb7ffc1bd857d1ef6324cf5524802f
SHA512 3e627f111196009380d1687e024e6ffb1c0dcf4dcb27f8940f17fec7efdd8152ff365b43cb7fdb31de300955d6c15e40a2c8fb6650a91706d7ea1c5d89319b12

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-profile-l1-1-0.dll

MD5 f3ff2d544f5cd9e66bfb8d170b661673
SHA1 9e18107cfcd89f1bbb7fdaf65234c1dc8e614add
SHA256 e1c5d8984a674925fa4afbfe58228be5323fe5123abcd17ec4160295875a625f
SHA512 184b09c77d079127580ef80eb34bded0f5e874cefbe1c5f851d86861e38967b995d859e8491fcc87508930dc06c6bbf02b649b3b489a1b138c51a7d4b4e7aaad

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-processthreads-l1-1-1.dll

MD5 517eb9e2cb671ae49f99173d7f7ce43f
SHA1 4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab
SHA256 57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54
SHA512 492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-processthreads-l1-1-0.dll

MD5 c3632083b312c184cbdd96551fed5519
SHA1 a93e8e0af42a144009727d2decb337f963a9312e
SHA256 be8d78978d81555554786e08ce474f6af1de96fcb7fa2f1ce4052bc80c6b2125
SHA512 8807c2444a044a3c02ef98cf56013285f07c4a1f7014200a21e20fcb995178ba835c30ac3889311e66bc61641d6226b1ff96331b019c83b6fcc7c87870cce8c4

memory/4236-1456-0x00007FFBB4160000-0x00007FFBB418D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 0462e22f779295446cd0b63e61142ca5
SHA1 616a325cd5b0971821571b880907ce1b181126ae
SHA256 0b6b598ec28a9e3d646f2bb37e1a57a3dda069a55fba86333727719585b1886e
SHA512 07b34dca6b3078f7d1e8ede5c639f697c71210dcf9f05212fd16eb181ab4ac62286bc4a7ce0d84832c17f5916d0224d1e8aab210ceeff811fc6724c8845a74fe

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 321a3ca50e80795018d55a19bf799197
SHA1 df2d3c95fb4cbb298d255d342f204121d9d7ef7f
SHA256 5476db3a4fecf532f96d48f9802c966fdef98ec8d89978a79540cb4db352c15f
SHA512 3ec20e1ac39a98cb5f726d8390c2ee3cd4cd0bf118fdda7271f7604a4946d78778713b675d19dd3e1ec1d6d4d097abe9cd6d0f76b3a7dff53ce8d6dbc146870a

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-memory-l1-1-0.dll

MD5 3c38aac78b7ce7f94f4916372800e242
SHA1 c793186bcf8fdb55a1b74568102b4e073f6971d6
SHA256 3f81a149ba3862776af307d5c7feef978f258196f0a1bf909da2d3f440ff954d
SHA512 c2746aa4342c6afffbd174819440e1bbf4371a7fed29738801c75b49e2f4f94fd6d013e002bad2aadafbc477171b8332c8c5579d624684ef1afbfde9384b8588

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-localization-l1-2-0.dll

MD5 724223109e49cb01d61d63a8be926b8f
SHA1 072a4d01e01dbbab7281d9bd3add76f9a3c8b23b
SHA256 4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210
SHA512 19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 1f2a00e72bc8fa2bd887bdb651ed6de5
SHA1 04d92e41ce002251cc09c297cf2b38c4263709ea
SHA256 9c8a08a7d40b6f697a21054770f1afa9ffb197f90ef1eee77c67751df28b7142
SHA512 8cf72df019f9fc9cd22ff77c37a563652becee0708ff5c6f1da87317f41037909e64dcbdcc43e890c5777e6bcfa4035a27afc1aeeb0f5deba878e3e9aef7b02a

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-interlocked-l1-1-0.dll

MD5 c6024cc04201312f7688a021d25b056d
SHA1 48a1d01ae8bc90f889fb5f09c0d2a0602ee4b0fd
SHA256 8751d30df554af08ef42d2faa0a71abcf8c7d17ce9e9ff2ea68a4662603ec500
SHA512 d86c773416b332945acbb95cbe90e16730ef8e16b7f3ccd459d7131485760c2f07e95951aeb47c1cf29de76affeb1c21bdf6d8260845e32205fe8411ed5efa47

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-heap-l1-1-0.dll

MD5 accc640d1b06fb8552fe02f823126ff5
SHA1 82ccc763d62660bfa8b8a09e566120d469f6ab67
SHA256 332ba469ae84aa72ec8cce2b33781db1ab81a42ece5863f7a3cb5a990059594f
SHA512 6382302fb7158fc9f2be790811e5c459c5c441f8caee63df1e09b203b8077a27e023c4c01957b252ac8ac288f8310bcee5b4dcc1f7fc691458b90cdfaa36dcbe

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-handle-l1-1-0.dll

MD5 e89cdcd4d95cda04e4abba8193a5b492
SHA1 5c0aee81f32d7f9ec9f0650239ee58880c9b0337
SHA256 1a489e0606484bd71a0d9cb37a1dc6ca8437777b3d67bfc8c0075d0cc59e6238
SHA512 55d01e68c8c899e99a3c62c2c36d6bcb1a66ff6ecd2636d2d0157409a1f53a84ce5d6f0c703d5ed47f8e9e2d1c9d2d87cc52585ee624a23d92183062c999b97e

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l2-1-0.dll

MD5 bfffa7117fd9b1622c66d949bac3f1d7
SHA1 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
SHA256 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
SHA512 b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l1-2-0.dll

MD5 1c58526d681efe507deb8f1935c75487
SHA1 0e6d328faf3563f2aae029bc5f2272fb7a742672
SHA256 ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2
SHA512 8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l1-1-0.dll

MD5 efad0ee0136532e8e8402770a64c71f9
SHA1 cda3774fe9781400792d8605869f4e6b08153e55
SHA256 3d2c55902385381869db850b526261ddeb4628b83e690a32b67d2e0936b2c6ed
SHA512 69d25edf0f4c8ac5d77cb5815dfb53eac7f403dc8d11bfe336a545c19a19ffde1031fa59019507d119e4570da0d79b95351eac697f46024b4e558a0ff6349852

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 eb0978a9213e7f6fdd63b2967f02d999
SHA1 9833f4134f7ac4766991c918aece900acfbf969f
SHA256 ab25a1fe836fc68bcb199f1fe565c27d26af0c390a38da158e0d8815efe1103e
SHA512 6f268148f959693ee213db7d3db136b8e3ad1f80267d8cbd7d5429c021adaccc9c14424c09d527e181b9c9b5ea41765aff568b9630e4eb83bfc532e56dfe5b63

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-debug-l1-1-0.dll

MD5 33bbece432f8da57f17bf2e396ebaa58
SHA1 890df2dddfdf3eeccc698312d32407f3e2ec7eb1
SHA256 7cf0944901f7f7e0d0b9ad62753fc2fe380461b1cce8cdc7e9c9867c980e3b0e
SHA512 619b684e83546d97fc1d1bc7181ad09c083e880629726ee3af138a9e4791a6dcf675a8df65dc20edbe6465b5f4eac92a64265df37e53a5f34f6be93a5c2a7ae5

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-datetime-l1-1-0.dll

MD5 cfe0c1dfde224ea5fed9bd5ff778a6e0
SHA1 5150e7edd1293e29d2e4d6bb68067374b8a07ce6
SHA256 0d0f80cbf476af5b1c9fd3775e086ed0dfdb510cd0cc208ec1ccb04572396e3e
SHA512 b0e02e1f19cfa7de3693d4d63e404bdb9d15527ac85a6d492db1128bb695bffd11bec33d32f317a7615cb9a820cd14f9f8b182469d65af2430ffcdbad4bd7000

memory/4236-1441-0x00007FFBB7B20000-0x00007FFBB7B39000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI36402\api-ms-win-core-console-l1-1-0.dll

MD5 e8b9d74bfd1f6d1cc1d99b24f44da796
SHA1 a312cfc6a7ed7bf1b786e5b3fd842a7eeb683452
SHA256 b1b3fd40ab437a43c8db4994ccffc7f88000cc8bb6e34a2bcbff8e2464930c59
SHA512 b74d9b12b69db81a96fc5a001fd88c1e62ee8299ba435e242c5cb2ce446740ed3d8a623e1924c2bc07bfd9aef7b2577c9ec8264e53e5be625f4379119bafcc27

memory/4236-1477-0x00007FFBB3AB0000-0x00007FFBB3AC9000-memory.dmp

memory/4236-1481-0x00007FFBA8E40000-0x00007FFBA8EF8000-memory.dmp

memory/4236-1480-0x00007FFBA9280000-0x00007FFBA9868000-memory.dmp

memory/4236-1479-0x00007FFBAE1C0000-0x00007FFBAE1EE000-memory.dmp

memory/4236-1478-0x00007FFBBD8C0000-0x00007FFBBD8CD000-memory.dmp

memory/4236-1484-0x00007FFBBC0B0000-0x00007FFBBC0BB000-memory.dmp

memory/4236-1483-0x00007FFBBD6F0000-0x00007FFBBD6FD000-memory.dmp

memory/4236-1482-0x00007FFBB9180000-0x00007FFBB91A4000-memory.dmp

memory/4236-1485-0x00007FFBAE190000-0x00007FFBAE1B7000-memory.dmp

memory/4236-1486-0x00007FFBA8D20000-0x00007FFBA8E3C000-memory.dmp

memory/4236-1487-0x00007FFBB7B00000-0x00007FFBB7B14000-memory.dmp

memory/4236-1488-0x00007FFBA8F00000-0x00007FFBA9275000-memory.dmp

memory/4236-1491-0x00007FFBBA160000-0x00007FFBBA16B000-memory.dmp

memory/4236-1507-0x00007FFBA8CD0000-0x00007FFBA8CDC000-memory.dmp

memory/4236-1506-0x00007FFBA8CE0000-0x00007FFBA8CF2000-memory.dmp

memory/4236-1505-0x00007FFBA8D00000-0x00007FFBA8D0D000-memory.dmp

memory/4236-1504-0x00007FFBA8D10000-0x00007FFBA8D1B000-memory.dmp

memory/4236-1503-0x00007FFBA9FF0000-0x00007FFBA9FFC000-memory.dmp

memory/4236-1502-0x00007FFBAA000000-0x00007FFBAA00B000-memory.dmp

memory/4236-1501-0x00007FFBAA800000-0x00007FFBAA80B000-memory.dmp

memory/4236-1509-0x00007FFBA8CB0000-0x00007FFBA8CC5000-memory.dmp

memory/4236-1508-0x00007FFBAE1C0000-0x00007FFBAE1EE000-memory.dmp

memory/4236-1500-0x00007FFBAA810000-0x00007FFBAA81C000-memory.dmp

memory/4236-1499-0x00007FFBAA820000-0x00007FFBAA82E000-memory.dmp

memory/4236-1498-0x00007FFBAAB70000-0x00007FFBAAB7D000-memory.dmp

memory/4236-1497-0x00007FFBAE030000-0x00007FFBAE03C000-memory.dmp

memory/4236-1496-0x00007FFBAE040000-0x00007FFBAE04B000-memory.dmp

memory/4236-1495-0x00007FFBAE050000-0x00007FFBAE05C000-memory.dmp

memory/4236-1494-0x00007FFBB61E0000-0x00007FFBB61EB000-memory.dmp

memory/4236-1493-0x00007FFBB9C30000-0x00007FFBB9C3C000-memory.dmp

memory/4236-1492-0x00007FFBB3AB0000-0x00007FFBB3AC9000-memory.dmp

memory/4236-1490-0x00007FFBBAB80000-0x00007FFBBAB8B000-memory.dmp

memory/4236-1489-0x00007FFBAA010000-0x00007FFBAA047000-memory.dmp

memory/4236-1511-0x00007FFBA8C90000-0x00007FFBA8CA2000-memory.dmp

memory/4236-1510-0x00007FFBA8E40000-0x00007FFBA8EF8000-memory.dmp

memory/4236-1512-0x00007FFBA8C70000-0x00007FFBA8C84000-memory.dmp

memory/4236-1513-0x00007FFBA8C40000-0x00007FFBA8C62000-memory.dmp

memory/4236-1515-0x00007FFBA8C20000-0x00007FFBA8C3B000-memory.dmp

memory/4236-1514-0x00007FFBAE190000-0x00007FFBAE1B7000-memory.dmp

memory/4236-1518-0x00007FFBA8C00000-0x00007FFBA8C16000-memory.dmp

memory/4236-1516-0x00007FFBA8D20000-0x00007FFBA8E3C000-memory.dmp

memory/4236-1517-0x00007FFBAA010000-0x00007FFBAA047000-memory.dmp

memory/4236-1519-0x00007FFBA8BE0000-0x00007FFBA8BF9000-memory.dmp

memory/4236-1520-0x00007FFBA8B90000-0x00007FFBA8BDD000-memory.dmp

memory/4236-1522-0x00007FFBA8B60000-0x00007FFBA8B6A000-memory.dmp

memory/4236-1521-0x00007FFBA8B70000-0x00007FFBA8B81000-memory.dmp

memory/4236-1524-0x00007FFBA8B40000-0x00007FFBA8B5E000-memory.dmp

memory/4236-1523-0x00007FFBA8CB0000-0x00007FFBA8CC5000-memory.dmp

memory/4236-1525-0x00007FFBA8AE0000-0x00007FFBA8B3D000-memory.dmp

memory/4236-1526-0x00007FFBA8AB0000-0x00007FFBA8AD9000-memory.dmp

memory/4236-1528-0x00007FFBA8A70000-0x00007FFBA8A9E000-memory.dmp

memory/4236-1527-0x00007FFBA8C40000-0x00007FFBA8C62000-memory.dmp

memory/4236-1529-0x00007FFBA8A40000-0x00007FFBA8A63000-memory.dmp

memory/4236-1530-0x00007FFBA8C00000-0x00007FFBA8C16000-memory.dmp

memory/4236-1531-0x00007FFBA88C0000-0x00007FFBA8A33000-memory.dmp

memory/4236-1532-0x00007FFBA88A0000-0x00007FFBA88B8000-memory.dmp

memory/4236-1534-0x00007FFBA8890000-0x00007FFBA889B000-memory.dmp

memory/4236-1533-0x00007FFBA8B90000-0x00007FFBA8BDD000-memory.dmp

memory/4236-1535-0x00007FFBA8880000-0x00007FFBA888B000-memory.dmp

memory/4236-1536-0x00007FFBA8870000-0x00007FFBA887C000-memory.dmp

memory/4236-1537-0x00007FFBA8860000-0x00007FFBA886B000-memory.dmp

memory/4236-1539-0x00007FFBA8850000-0x00007FFBA885C000-memory.dmp

memory/4236-1538-0x00007FFBA8AE0000-0x00007FFBA8B3D000-memory.dmp

memory/4236-1541-0x00007FFBA8840000-0x00007FFBA884B000-memory.dmp

memory/4236-1540-0x00007FFBA8AB0000-0x00007FFBA8AD9000-memory.dmp

memory/4236-1543-0x00007FFBA8830000-0x00007FFBA883C000-memory.dmp

memory/4236-1542-0x00007FFBA8A70000-0x00007FFBA8A9E000-memory.dmp

memory/4236-1545-0x00007FFBA8820000-0x00007FFBA882D000-memory.dmp

memory/4236-1544-0x00007FFBA8A40000-0x00007FFBA8A63000-memory.dmp

memory/4236-1548-0x00007FFBA8800000-0x00007FFBA880C000-memory.dmp

memory/4236-1549-0x00007FFBA87F0000-0x00007FFBA87FB000-memory.dmp

memory/4236-1547-0x00007FFBA8810000-0x00007FFBA881E000-memory.dmp

memory/4236-1546-0x00007FFBA88C0000-0x00007FFBA8A33000-memory.dmp

memory/4236-1554-0x00007FFBA8790000-0x00007FFBA87A2000-memory.dmp

memory/4236-1556-0x00007FFBA8870000-0x00007FFBA887C000-memory.dmp

memory/4236-1555-0x00007FFBA8780000-0x00007FFBA878C000-memory.dmp

memory/4236-1553-0x00007FFBA87B0000-0x00007FFBA87BD000-memory.dmp

memory/4236-1552-0x00007FFBA87C0000-0x00007FFBA87CB000-memory.dmp

memory/4236-1551-0x00007FFBA87D0000-0x00007FFBA87DC000-memory.dmp

memory/4236-1550-0x00007FFBA87E0000-0x00007FFBA87EB000-memory.dmp

memory/4236-1557-0x00007FFBA8860000-0x00007FFBA886B000-memory.dmp

memory/4236-1558-0x00007FFBA8740000-0x00007FFBA8775000-memory.dmp

memory/4236-1559-0x00007FFBA8680000-0x00007FFBA873C000-memory.dmp

memory/4236-1560-0x00007FFBA8650000-0x00007FFBA867B000-memory.dmp

memory/4236-1561-0x00007FFBA8400000-0x00007FFBA8649000-memory.dmp

memory/4236-1562-0x00007FFBA8820000-0x00007FFBA882D000-memory.dmp

memory/4236-1563-0x00007FFBA7C70000-0x00007FFBA83FA000-memory.dmp

memory/4236-1564-0x00007FFBA7C10000-0x00007FFBA7C65000-memory.dmp

memory/4236-1565-0x00007FFBA7930000-0x00007FFBA7C0F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lj10gfzh.dp3.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4236-1609-0x00007FFBA9280000-0x00007FFBA9868000-memory.dmp

memory/4236-1634-0x00007FFBA3670000-0x00007FFBA36E5000-memory.dmp

memory/4236-1633-0x00007FFBA8B70000-0x00007FFBA8B81000-memory.dmp

memory/4236-1632-0x00007FFBA8B90000-0x00007FFBA8BDD000-memory.dmp

memory/4236-1631-0x00007FFBA8BE0000-0x00007FFBA8BF9000-memory.dmp

memory/4236-1630-0x00007FFBA8C00000-0x00007FFBA8C16000-memory.dmp

memory/4236-1629-0x00007FFBA8C20000-0x00007FFBA8C3B000-memory.dmp

memory/4236-1628-0x00007FFBA8C40000-0x00007FFBA8C62000-memory.dmp

memory/4236-1627-0x00007FFBA8C70000-0x00007FFBA8C84000-memory.dmp

memory/4236-1626-0x00007FFBA8C90000-0x00007FFBA8CA2000-memory.dmp

memory/4236-1625-0x00007FFBA8CB0000-0x00007FFBA8CC5000-memory.dmp

memory/4236-1624-0x00007FFBAA010000-0x00007FFBAA047000-memory.dmp

memory/4236-1622-0x00007FFBAE190000-0x00007FFBAE1B7000-memory.dmp

memory/4236-1621-0x00007FFBBC0B0000-0x00007FFBBC0BB000-memory.dmp

memory/4236-1615-0x00007FFBA8F00000-0x00007FFBA9275000-memory.dmp

memory/4236-1623-0x00007FFBA8D20000-0x00007FFBA8E3C000-memory.dmp

memory/4236-1620-0x00007FFBBD6F0000-0x00007FFBBD6FD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI24122\cryptography-43.0.3.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3555360f2262f4d980285241f0fcabd7
SHA1 1c609d111691fb8a9d593ced67e505b953be8f48
SHA256 1fc153816a1b8c70f403e124f4a1077d35f2d4413da7ad5f2f5309efcb244e64
SHA512 1591b53fc6b9086dccc92766f926c13ac13beb3f89dafc53ef305f369886e9b46d47d7da8ee8b19853e6220494dd59cc0480663df71a95eb0e0b492e61acf4d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d72c8f1d5e4a4a60fd56ba1db2ddae04
SHA1 6be6ab29843d4efa0ef07db39748e562ab640d76
SHA256 2ab28b1ad7edf2a2d0f51b6ca88f9fc5be1a7e3789ba2ef4e400b2223ec74203
SHA512 aa3dceb9d3363e1401e5e96699ed39ac067981b57398671add51b2ba09141f8e351d8910439b22e0452a8131e4741d2d0a30c05ba15fc97aabbb29d965d419b3

memory/5660-4110-0x00007FFBA8F00000-0x00007FFBA9275000-memory.dmp

memory/5660-4103-0x00007FFBA9280000-0x00007FFBA9868000-memory.dmp

memory/5660-4141-0x00007FFBA8D00000-0x00007FFBA8D1B000-memory.dmp

memory/5660-4140-0x00007FFBAA000000-0x00007FFBAA022000-memory.dmp

memory/5660-4139-0x00007FFBAA030000-0x00007FFBAA044000-memory.dmp

memory/5660-4138-0x00007FFBAA1B0000-0x00007FFBAA1C2000-memory.dmp

memory/5660-4137-0x00007FFBAA1D0000-0x00007FFBAA1E5000-memory.dmp

memory/5660-4136-0x00007FFBAA1F0000-0x00007FFBAA1FC000-memory.dmp

memory/5660-4135-0x00007FFBAA800000-0x00007FFBAA812000-memory.dmp

memory/5660-4134-0x00007FFBAA820000-0x00007FFBAA82D000-memory.dmp

memory/5660-4133-0x00007FFBAAB70000-0x00007FFBAAB7B000-memory.dmp

memory/5660-4132-0x00007FFBAE030000-0x00007FFBAE03C000-memory.dmp

memory/5660-4131-0x00007FFBAE040000-0x00007FFBAE04B000-memory.dmp

memory/5660-4130-0x00007FFBAE050000-0x00007FFBAE05B000-memory.dmp

memory/5660-4129-0x00007FFBAE190000-0x00007FFBAE19C000-memory.dmp

memory/5660-4128-0x00007FFBAE1A0000-0x00007FFBAE1AE000-memory.dmp

memory/5660-4127-0x00007FFBAE1B0000-0x00007FFBAE1BD000-memory.dmp

memory/5660-4126-0x00007FFBAE840000-0x00007FFBAE84C000-memory.dmp

memory/5660-4125-0x00007FFBB4160000-0x00007FFBB416B000-memory.dmp

memory/5660-4124-0x00007FFBB61E0000-0x00007FFBB61EC000-memory.dmp

memory/5660-4123-0x00007FFBB7B00000-0x00007FFBB7B0B000-memory.dmp

memory/5660-4122-0x00007FFBB9C30000-0x00007FFBB9C3C000-memory.dmp

memory/5660-4121-0x00007FFBBA160000-0x00007FFBBA16B000-memory.dmp

memory/5660-4120-0x00007FFBBAB80000-0x00007FFBBAB8B000-memory.dmp

memory/5660-4119-0x00007FFBAA200000-0x00007FFBAA237000-memory.dmp

memory/5660-4118-0x00007FFBA8D20000-0x00007FFBA8E3C000-memory.dmp

memory/5660-4117-0x00007FFBAE1C0000-0x00007FFBAE1E7000-memory.dmp

memory/5660-4116-0x00007FFBBC0B0000-0x00007FFBBC0BB000-memory.dmp

memory/5660-4115-0x00007FFBBD6F0000-0x00007FFBBD6FD000-memory.dmp

memory/5660-4114-0x00007FFBA8E40000-0x00007FFBA8EF8000-memory.dmp

memory/5660-4113-0x00007FFBAE850000-0x00007FFBAE87E000-memory.dmp

memory/5660-4112-0x00007FFBBD8C0000-0x00007FFBBD8CD000-memory.dmp

memory/5660-4111-0x00007FFBB3AB0000-0x00007FFBB3AC9000-memory.dmp

memory/5660-4109-0x00007FFBB4170000-0x00007FFBB4184000-memory.dmp

memory/5660-4108-0x00007FFBB7B10000-0x00007FFBB7B3D000-memory.dmp

memory/5660-4107-0x00007FFBB9A50000-0x00007FFBB9A69000-memory.dmp

memory/5660-4106-0x00007FFBBE0B0000-0x00007FFBBE0BF000-memory.dmp

memory/5660-4105-0x00007FFBB9180000-0x00007FFBB91A4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e3aa653f32fa239a3e53de7ff77cae3
SHA1 fc3db3ebdfb8e9b5fce1f06afe656ccf2911f245
SHA256 defc772adcbd3cda00f4ef19cfcd98b674c3806c0c1b22bb2d2bff1da663d1c4
SHA512 7191f1a056a35a65623cd0dae1c67c6bbef0fc753f727d5e32d20039769c3b1e9104931da7aba5ae5b095aa02300b0955d3d188bc235439dea93d682dd0b1854

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5b26f1e7bf4d16319f2fcae515589860
SHA1 ccf81a03f453219e4bdcc5308c2b2fa6b925981e
SHA256 50d16be58f1aba6eda4eb461ee2a9dab9384bda2e05f3aad160cb723651a4767
SHA512 98806d39ac40bcbb6327cc34a8db40a80995077f009fd69bc0227cadea42987b2d993bf86df9e94f870949bb8551918a7cda21d5f7226f5bdab911b64803dabe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 301f1227d41e677c84049578b114e2a3
SHA1 41532161ab242e93bb05bde34457218f3f261ee9
SHA256 ddd79e39ee5a4aa3ea884e987abc239ed793b29e074ca900e4ff45785eb234fa
SHA512 d3661d8f84189935d4cc92d960ed37a60f37345c6a7502f34bd1022829edfe015a30f60b3101bba3e5fcd777e9bed290e920b6b2e0e2f86f96d62d6e4d83d3d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 042321bf216c6bb47799daec43f319ca
SHA1 4f1d768bdf91e15aec0fc844098d37bb09327393
SHA256 09f1a6945aeed77a50424160655c04be71646dbf14b8b04a153103f31a53e661
SHA512 f6bf352a31efdf7d5ab326406935ad45bc191a7aed3ec643173067ace0654407ca2f1640a20ec8101a0d05b77900933ef250d2ca738bcb3d06105f334dc3298f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c784bb9e2776b8ecc3eba2f136a432d3
SHA1 bd0cc7d67179502535c8ab927bb7678a9a515dfb
SHA256 2cc6bb47cde5c0ca91f7a1f582c192f2ba38df02957c2777a237cdbe10a0fb87
SHA512 2d20bf52a22e2002d2f6c9db910dd2f366631a00a58bf77162f9ae91bdb1bfb220069eb41de42f6e0f41ceb0aa991a25f6cc7b405b51083c4c4c2c1f4b0f30a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 01a876c03c0b2f56c1a4fff78f0d62f1
SHA1 57bcd3687f56f41d59cd535dd3f48468ba027c96
SHA256 a192ba8197d181e10a5fa7f7a6ac21137050d53f0aac20146530f728b5b493fa
SHA512 00f8c6516bc093c9241ae69ccbbe53a8c04912dcce2b252f41abf70a79ad4357de3a5c10cd1da7c65dc66e53e8d285bf7859650dba1545876160d7d46e6fd45f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7abe0ef31d416d523423a720d1588f1f
SHA1 ea4dbb28a9d8b8d3bc8fa95eb7893a29f54014cc
SHA256 55725c65f9feca0a6c9e1c7b700ab7fc765b67f61d67fe58812f24e61f72807a
SHA512 0f0fd65702d7795137269e859e5481387e15bf48f7c5e3f87fa11efc3c7127a96d36dfc3f9b993790273d2664ed5b86dc34f039b6aa3a03998e646ade3754687

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 10d54c8dbdde1b96c3aa67365d1b0ccc
SHA1 b00ee747398bec2295fc2f55fd6deebfab37568f
SHA256 a3192eba6c6f4ceb9e0184a793732271ec04856f1347b53cc699b1c275c3f629
SHA512 bd64e257ff216e9ebf9b98672e12d9e045c16a4f17b7942b9c8e717ba05e406b0dc00aeb39001f315db8ae28b4c2d2d9e2d7ffda5c13c20580b4666be8611c37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0c3689cf6f72173f6bc82faaf922dd4f
SHA1 5af5614f6f2a0f80d01e189e379ae6ae9d4bca31
SHA256 3d247874028cf8d9ea34ea8ad3bdb3cc7ceb50222bdb0f05408fb2eff14b3336
SHA512 4c684deebd62e39fc8dbf0a9aefb08ecf8081a7aa44010b93d692e9ae5ab37a487d95b2e7ca377c23ee5b4d2767ea0c9b0e4c0e7ebbdf3fd8f800bbb78b3c8d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9a927122445b57abd25db77e85cf078
SHA1 10ddc88d610ed1feea25e171a28d4e1cbb6f92f1
SHA256 dd96131172f0cc38f3a092121184280357d030249d23aa3777b8cbbff31358c7
SHA512 598a220f17ab12a643d97a368bc5d61b34163d1bf84c992ad457df50c2a729ac3d9093381c52d42dd18411af4afdfd63fcd343538457988d0cbb7589efaab8de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee8edd7d9413bcff12bf9f4c54837fdf
SHA1 c6f32033d1d5dfae5b3d40ec932c5024d6016988
SHA256 55aeb72dd29ffa8bb8047fb058f04106ddda5b84d2a09b8507a6614f49ed6e83
SHA512 2919f261eda7812607ea9a3505b7830707af49e6357089e6d1a5e50480dae716f7d8a486a9a0469c7ec5187736440d3bef445c6e309fcea29fe0301829d25b37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5a74501512c5ea33c5ab5600595a5f93
SHA1 df254ec49e0c1e75235267a3bad94956693af1a4
SHA256 e02b5f721d5d82647435fc3cdc1d02e5cf14bf67d36678d89455c108b2a961f7
SHA512 018f44540215c5b64bcaf4396eafb859512f9b3a836928e3d82ef920b0fcd6697acb14b2b35a16e7178214cbb4b985336947d28d30bc5243546edbb1af1f8602

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8873daaf9f06114f6ec4006c233dc4d2
SHA1 241efa3b8abb28131ddedff686751e8c05ba9946
SHA256 07a47cc882710f253d007645ad037a82dc0aad0eda614b3c5b306b2b22f12285
SHA512 78a82c145d6f9115b3c0a029625b3639fc57ecbcba09cd472f1008fb6c87eb9c0fa6c3671d9a45970e91ca97bc3d17aaf3a960657cd202de5a046a5e594072f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 301d6cb9ac7f31d0195fcdb1a6da2213
SHA1 6456478c40a64e19f77d33ecacfce08194008636
SHA256 4f7315eb9f1390c9c27572601a4b7a19b21adb7922eca1ea5ebf0563ef3b036f
SHA512 1eb2df3c578452c062a86be663a2936b2430eb37f3bdd4613377e158c139d94d0dc220564c89df7cec0bde97fdd9e7cbe10dfe10f298fd6256f004573a47cc74

C:\Users\Admin\System\PySilon.key

MD5 b08504dfc8443519e06f595dc6e3441c
SHA1 ec468b9e53e5f95db6842bb2525e46fba53c98a8
SHA256 2c33e4ded821bb04a5629fe48dbfcd33027a0215090d51110a3ae54eaa4d924d
SHA512 4bbaeabd01dc25ccd0fec6a23329d7a59b797b903004689ebeae801ddc6de50ba89cd1659babacd38cc6110ed5c2cae108ba9afd9b60c745be392f0f586e81c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a94c39b8ec7d290dccb77bc1a3bbf11c
SHA1 adf746a8c22d3f2f9de09a44ab4a652a286855ba
SHA256 7cf1cae5a697ac4ff8fae40e1cfdee1fedbae1be6f19b3d76914c008ad46f88c
SHA512 83763c9acc7b4982ae1b869653baa4d85610f846db0f5a3605da39de4b54874787c6182a80eccc2889b8b222bb586ac36efbd3dea48d3ba271b2609cc7f57060

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json

MD5 2b2619016d63eadf428aaa48129d1e74
SHA1 f9046f569a343d48848fa71255812fde212a5116
SHA256 b3d67f848c17ae14428dd09d6bd38dd283bff54b7ce0be9562fd550577531d86
SHA512 e10e92c3a0ac6f25964b4bdaddfb2fdc9eb249565327d2eaa85452974d2a994811d3c075439d9663b43bf2a51c7db7af51aae546f35be70d77338704260cc4a1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O4PTG2YB\update10[1].xml

MD5 2d156736d6d630d65a4a2ad8e06fc600
SHA1 c40dd8e844ccc0b4cc7e04e43e3bc019157941f7
SHA256 f23b17c73fd141c30d85161fb2ba6a331a7feb4cc8260fbb0c521e0f9e402000
SHA512 7bc72eacc6144cc1e262e04392787d0f0f75ef4fd2428ef81583ba8de3bebbe4a8ff59d942f2ca6dba00b8fb268aa756c1e01567fea1dcfb695ee1e3141c3564

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6d75f4451673eccd8f5783b42d34641
SHA1 bbbd733b540e7f1a3ef82d548420403b2bbde162
SHA256 83554ec2a46ec30a3a065d94ab3c80de57d1fef08ca975a6ecf91b75b2ee0df2
SHA512 0b9f0fc75e564aaee4b2437e8117a00d95a2a77d219a83d581648206af931964a3139e545ca832b34b97680bb3c2bf639bf77d5ad61d1caa8df546ee1efb1451

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

MD5 cffadaf3f1c6af1b98383eaf0ebd14cd
SHA1 5f09547561626287f4e7a15d996fd356f65299f5
SHA256 503970f46e781d48e2983518a7f985401b6e43860b9244bb1811ba50823df0ed
SHA512 aec26c8b90af331cdd15c47746ff61453fae70b13161e679be4d2091819fa8d553d59a4c1c894dc43579919a0630c46638889aea781f7cb510ddb5f754b35fb8

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini

MD5 01d8e4c7358bbde178b647a09cdfa057
SHA1 9350bea2c24229ad8408de55fbf9d730e19cb9fc
SHA256 1453a76b2b44c1f836f0a2b606a0b531bf808e3559b3b2faba5a61c43088b2aa
SHA512 7686bcfde4af4679be2dc366c961419595b6666fad6dfd98512a3fa32418022cd90d91545f4412aa28b50a642fdd9c3035f9254e605ff5a43f345ecb3bd6b535

C:\Users\Admin\AppData\Local\Temp\tmp87C5.tmp

MD5 5346e26855d9dc1195ca8628e0b493ac
SHA1 11928218082c5961c4ef4ebfca86162c758d3079
SHA256 1dedf8e677531c9829e9702396577e4ecd285ff38ebb09594ebd8649f08af2be
SHA512 5612af8381deefa5fef21484b82d99d94f12805ce8b3e5a3e79e4ef58309d5d30c521d049d7a0ad238594cff6ff518d2c49b38509a48ee93eaed0ed48f856460

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 cc04d6015cd4395c9b980b280254156e
SHA1 87b176f1330dc08d4ffabe3f7e77da4121c8e749
SHA256 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e
SHA512 d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\OneDrive.exe

MD5 405c563037b5dabd5584bb04aa76806a
SHA1 26ae234e0e3995101e6491fbc770bfc7b7a0416b
SHA256 b2c0c62043f419aa2ed1ed5c479ae8be4028d94bdda2da39178b3de6ca692bf4
SHA512 dc805fe0f100b762d5f43995932db440e84d3b2626752af8ba39cfe348c480cf6192565a3238ac0a5b84861d0e03cd5f5fb969c050a580c76a2ad3fa2f08ae1a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

MD5 b83ac69831fd735d5f3811cc214c7c43
SHA1 5b549067fdd64dcb425b88fabe1b1ca46a9a8124
SHA256 cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185
SHA512 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

MD5 e01cdbbd97eebc41c63a280f65db28e9
SHA1 1c2657880dd1ea10caf86bd08312cd832a967be1
SHA256 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f
SHA512 ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

MD5 19876b66df75a2c358c37be528f76991
SHA1 181cab3db89f416f343bae9699bf868920240c8b
SHA256 a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425
SHA512 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

MD5 09773d7bb374aeec469367708fcfe442
SHA1 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6
SHA256 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2
SHA512 f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

MD5 771bc7583fe704745a763cd3f46d75d2
SHA1 e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752
SHA256 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d
SHA512 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

MD5 72747c27b2f2a08700ece584c576af89
SHA1 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33
SHA256 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b
SHA512 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

MD5 de5ba8348a73164c66750f70f4b59663
SHA1 1d7a04b74bd36ecac2f5dae6921465fc27812fec
SHA256 a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73
SHA512 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

MD5 8347d6f79f819fcf91e0c9d3791d6861
SHA1 5591cf408f0adaa3b86a5a30b0112863ec3d6d28
SHA256 e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750
SHA512 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.scale-125.png

MD5 d03b7edafe4cb7889418f28af439c9c1
SHA1 16822a2ab6a15dda520f28472f6eeddb27f81178
SHA256 a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665
SHA512 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

MD5 3c29933ab3beda6803c4b704fba48c53
SHA1 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c
SHA256 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633
SHA512 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

MD5 22e17842b11cd1cb17b24aa743a74e67
SHA1 f230cb9e5a6cb027e6561fabf11a909aa3ba0207
SHA256 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42
SHA512 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

MD5 552b0304f2e25a1283709ad56c4b1a85
SHA1 92a9d0d795852ec45beae1d08f8327d02de8994e
SHA256 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535
SHA512 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

MD5 2c7a9e323a69409f4b13b1c3244074c4
SHA1 3c77c1b013691fa3bdff5677c3a31b355d3e2205
SHA256 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2
SHA512 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

MD5 f4e9f958ed6436aef6d16ee6868fa657
SHA1 b14bc7aaca388f29570825010ebc17ca577b292f
SHA256 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b
SHA512 cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.scale-400.png

MD5 e593676ee86a6183082112df974a4706
SHA1 c4e91440312dea1f89777c2856cb11e45d95fe55
SHA256 deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb
SHA512 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.scale-200.png

MD5 13e6baac125114e87f50c21017b9e010
SHA1 561c84f767537d71c901a23a061213cf03b27a58
SHA256 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e
SHA512 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.scale-150.png

MD5 a23c55ae34e1b8d81aa34514ea792540
SHA1 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf
SHA256 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd
SHA512 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.scale-100.png

MD5 57a6876000151c4303f99e9a05ab4265
SHA1 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794
SHA256 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4
SHA512 c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

MD5 adbbeb01272c8d8b14977481108400d6
SHA1 1cc6868eec36764b249de193f0ce44787ba9dd45
SHA256 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85
SHA512 c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

MD5 f1c75409c9a1b823e846cc746903e12c
SHA1 f0e1f0cf35369544d88d8a2785570f55f6024779
SHA256 fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6
SHA512 ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveSmallTile.scale-150.png

MD5 ed306d8b1c42995188866a80d6b761de
SHA1 eadc119bec9fad65019909e8229584cd6b7e0a2b
SHA256 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301
SHA512 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveSmallTile.scale-400.png

MD5 096d0e769212718b8de5237b3427aacc
SHA1 4b912a0f2192f44824057832d9bb08c1a2c76e72
SHA256 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef
SHA512 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\Resources.pri

MD5 7473be9c7899f2a2da99d09c596b2d6d
SHA1 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac
SHA256 e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3
SHA512 a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\OneDrive.VisualElementsManifest.xml

MD5 5ae2d05d894d1a55d9a1e4f593c68969
SHA1 a983584f58d68552e639601538af960a34fa1da7
SHA256 d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c
SHA512 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveSmallTile.scale-200.png

MD5 d9d00ecb4bb933cdbb0cd1b5d511dcf5
SHA1 4e41b1eda56c4ebe5534eb49e826289ebff99dd9
SHA256 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89
SHA512 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveSmallTile.scale-125.png

MD5 09f3f8485e79f57f0a34abd5a67898ca
SHA1 e68ae5685d5442c1b7acc567dc0b1939cad5f41a
SHA256 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3
SHA512 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\LogoImages\OneDriveSmallTile.scale-100.png

MD5 1f156044d43913efd88cad6aa6474d73
SHA1 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26
SHA256 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816
SHA512 df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\OneDriveStandaloneUpdater.exe

MD5 edf86dd22ffc3a0297cf3eff0c7dc1ab
SHA1 2dd9a9aeffd29fbcbe22a76049c8f3bf4718f214
SHA256 d949181e056270f58710f3baf1f398cbc786df2088a1b5b7600271900a1498e3
SHA512 30a3a63dd585cfce679739a3658da8c697d370c147735b3185c381cd64632f870a4d4c3f268812c27234b5a0d6e833f1ef61904b83d130f1662ca0760e1ef5d3

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\FileSyncConfig.exe

MD5 9129d704b8cdcd7bd4a778ccad71eeac
SHA1 e20170e5e02a9d7525d2afba6c55580db38f9e5c
SHA256 7c999b9effe600451b2e78ae3f69215326c49708beeca3450dea2cb6414ddd44
SHA512 34cf78d71dc5581475b3e3349c4bec4a4402853f41ecd11614fa989a4f4552791c5ae0949db9a67b97ec6089d0020717a2b18215020062a1f4ca54a3b3a00978

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f7b9457f67121fa3b3c869966530356
SHA1 1c6eee3b5a412a80243343eeea53b32df1db7119
SHA256 69332553fadcf31a13111a2da66363e4d9e58b58b0d5d8e32dfc7f7fa249891d
SHA512 19af147aebfaf9826737f3448f809e50d01058f508ecbe4a7258c375955371f3d769a1b58cdf7fc4036bca7bb307f4bf8c4dda6a598b032d973c3efb6fe288bc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 f17a5890135ff7bf35d50dcec7bb98dd
SHA1 c884223ae7cb81a6303e0feefc8011d48fd26e35
SHA256 ff99dfe0be0c8d58daf21fb1debd85de0a4a9dbecb6be6c20b1933b3282777fa
SHA512 d6ed03f80ea0de3dc8251a7ef4bf24afddc2b72077ff4c7cb7a8d0b45235141c920e411e317310700a1d97ba7a95573d9cff94ba47308cb8854b39da48aca6e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a2a8d6921dd280fb264cb65bf98cbbb
SHA1 bfcc0075b72996ad88873a16821dc54eb928757c
SHA256 8680f8bdfec801f78e823edf9b2496632ff2e5eb7d11b728118c25e7f91ba8bf
SHA512 7c47a6578b689737aa5014ed20f09c27f639f52fb5fe8d205caea43ae43516e384393bc04493ec286d0a645f2e5b35017eec2423dd9cb55cdec2bf192bb685c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 15061bc2a998aa8ad8446abbc11193ce
SHA1 0d1b353edba0359b667fa5eabb9a73ae34490a86
SHA256 799bb0fc3f76f5c168a62a0e0cf5c37c5accb17a4ea77428ba4c41d6ec1eb0dc
SHA512 ba72ae2087cfcb14e4a76620ef306b67e8ee0db8b2f1a03e891419851acb4b3e8a62087192c1d5c629a502382bbd519991819c3d67c5eed2466cfa57f096d0aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2b57096c2f792d771093721ee42f21b
SHA1 a17e51a35732f66f9ecf290033a2ab06d3209765
SHA256 319f8eb1de1e06e9ed72f5db223af5e829f6d7a0d8693839d42c5e7cc94e5bd1
SHA512 323f63b96f7b37251ff2c9e4bc943eb84ff13cc18d5dc8aaf1f43579e67f1692b735d8bb9a63983f1fea2efd6beecfdf72f542eb79496fa96f7167e330382a4d