Malware Analysis Report

2025-01-22 08:39

Sample ID 241027-s1z8haxjbw
Target https://download.clipgrab.org/clipgrab-3.9.10-portable.exe
Tags
discovery spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://download.clipgrab.org/clipgrab-3.9.10-portable.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery spyware stealer

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of WriteProcessMemory

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious behavior: AddClipboardFormatListener

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 15:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 15:36

Reported

2024-10-27 15:38

Platform

win10v2004-20241007-en

Max time kernel

138s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download.clipgrab.org/clipgrab-3.9.10-portable.exe

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\clipgrab-3.9.10-portable.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TPG7U.tmp\vc_redist.x86.exe N/A
N/A N/A C:\Windows\Temp\{19FD1EC9-1224-4BF6-9418-BF33CD7E7916}\.cr\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{19FD1EC9-1224-4BF6-9418-BF33CD7E7916}\.cr\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\ClipGrab\imageformats\qwebp.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\python\vcruntime140.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-CUMSP.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-IK3DJ.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-3O3QJ.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-NQ7RN.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\Qt5Positioning.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-15ER4.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\styles\is-T1RJD.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-0TG6P.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-4LEO5.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\python\libffi-7.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\platforms\is-804RV.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\resources\is-JL54T.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\resources\is-S4OSO.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-BS381.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\imageformats\is-5JSEV.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\python\libssl-1_1.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-34MAT.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-EKEBA.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-QCAAG.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-6KKTV.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\libssl-1_1.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\libEGL.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-8MC5R.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-RK2FC.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-4MDI3.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\imageformats\is-K3PHT.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-QQ3B6.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\platforms\qwindows.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-7O5R4.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\translations\qtwebengine_locales\is-2N1S1.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-9IHI9.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\imageformats\qjpeg.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\Qt5Network.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-I4VJA.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-Q8MIS.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-3KJ2V.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\imageformats\is-D65VD.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-8F2OB.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\Qt5Qml.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\Qt5PrintSupport.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\Qt5WebEngineCore.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\styles\qwindowsvistastyle.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-67QEF.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\iconengines\is-8J4RA.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\imageformats\is-HMDSU.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-IE5IG.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\python\python3.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\imageformats\qgif.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\python\libcrypto-1_1.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\imageformats\is-N8MKR.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-RLCKT.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\libcrypto-1_1.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\Qt5Svg.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\bearer\is-7JNCF.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-INC52.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\position\qtposition_serialnmea.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\iconengines\qsvgicon.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\is-S3B3M.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-ANNS3.tmp C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\clipgrab.exe C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
File opened for modification C:\Program Files (x86)\ClipGrab\libGLESV2.dll C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-TPG7U.tmp\vc_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\clipgrab-3.9.10-portable.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{19FD1EC9-1224-4BF6-9418-BF33CD7E7916}\.cr\vc_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 040000000100000010000000d63981c6527e9669fcfcca66ed05f2960f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b050b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900200013202000470032000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c06200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f51400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b271d000000010000001000000054e2cd85ba79cda018fed9e6a863aa46030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e19000000010000001000000060e2dc65295f1062e558f3fef235ed3c2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 5c00000001000000040000000008000019000000010000001000000060e2dc65295f1062e558f3fef235ed3c030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e1d000000010000001000000054e2cd85ba79cda018fed9e6a863aa461400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b276200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f553000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000132020004700320000000f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b05040000000100000010000000d63981c6527e9669fcfcca66ed05f2962000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 165493.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ClipGrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5032 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download.clipgrab.org/clipgrab-3.9.10-portable.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa5c046f8,0x7fffa5c04708,0x7fffa5c04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 /prefetch:8

C:\Users\Admin\Downloads\clipgrab-3.9.10-portable.exe

"C:\Users\Admin\Downloads\clipgrab-3.9.10-portable.exe"

C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp

"C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp" /SL5="$1A004C,73456979,791040,C:\Users\Admin\Downloads\clipgrab-3.9.10-portable.exe"

C:\Users\Admin\AppData\Local\Temp\is-TPG7U.tmp\vc_redist.x86.exe

"C:\Users\Admin\AppData\Local\Temp\is-TPG7U.tmp\vc_redist.x86.exe" /install /passive /silent /norestart

C:\Windows\Temp\{19FD1EC9-1224-4BF6-9418-BF33CD7E7916}\.cr\vc_redist.x86.exe

"C:\Windows\Temp\{19FD1EC9-1224-4BF6-9418-BF33CD7E7916}\.cr\vc_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-TPG7U.tmp\vc_redist.x86.exe" -burn.filehandle.attached=560 -burn.filehandle.self=720 /install /passive /silent /norestart

C:\Program Files (x86)\ClipGrab\ClipGrab.exe

"C:\Program Files (x86)\ClipGrab\ClipGrab.exe"

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -v quiet

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -formats

C:\Program Files (x86)\ClipGrab\clipgrab.exe

"C:\Program Files (x86)\ClipGrab\clipgrab.exe"

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -v quiet

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -formats

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=4931754503517881764 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=4931754503517881764 --renderer-client-id=2 --mojo-platform-channel-handle=2356 /prefetch:1

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=14931203525169050237 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=14931203525169050237 --renderer-client-id=2 --mojo-platform-channel-handle=2440 /prefetch:1

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=4973212161528295794 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=4973212161528295794 --renderer-client-id=3 --mojo-platform-channel-handle=2768 /prefetch:1

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=8444338484857385097 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8444338484857385097 --renderer-client-id=4 --mojo-platform-channel-handle=2792 /prefetch:1

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp --version

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=17924266753938772656 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=17924266753938772656 --renderer-client-id=3 --mojo-platform-channel-handle=2936 /prefetch:1

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" --version

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=14954483942195490584 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=14954483942195490584 --renderer-client-id=4 --mojo-platform-channel-handle=3004 /prefetch:1

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=5394576781124635466 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=5394576781124635466 --renderer-client-id=5 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp -J ytsearch16:\"amogus\" --yes-playlist --flat-playlist

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=15151508040423531144 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=15151508040423531144 --renderer-client-id=6 --mojo-platform-channel-handle=3712 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4412191189656557368,5486309955465917894,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp -J --no-playlist https://www.youtube.com/watch?v=xSeXZRJOX54

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -bsfs

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 download.clipgrab.org udp
DE 92.205.197.54:443 download.clipgrab.org tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 54.197.205.92.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 clipgrab.org udp
DE 92.205.197.54:443 clipgrab.org tcp
DE 92.205.197.54:443 clipgrab.org tcp
US 8.8.8.8:53 clipgrab.org udp
DE 92.205.197.54:443 clipgrab.org tcp
US 8.8.8.8:53 tracking.vanbittern.com udp
DE 195.201.99.9:443 tracking.vanbittern.com tcp
US 8.8.8.8:53 9.99.201.195.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 8.8.8.8:53 manifest.googlevideo.com udp
GB 142.250.179.238:443 manifest.googlevideo.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_5032_KHRDRNOHZLACXPYX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 800c0384dd90375870088fac3bcc65b9
SHA1 c51bcd7019cbe88582a86d2019c77f5e115bb3b2
SHA256 ce0ad5806e7abf2ece5f1fdde5a8e32b64cabf594a626a7f1390676bf6a6a184
SHA512 de0c1a448328fb46dded9ff9410f883bcfe6ce8063c67758d30bcab1cfb88539d64e0303d544dabdb0b90396dfbb131c83d1d2e3ad3917a8d6e476936d9e57d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 51dc57d7dffc4d8d795d48bd8f779bdf
SHA1 eb52e3cae344ff0b7e4e4a22daa1b57cfc89bdc0
SHA256 a0dc03097d2ba9b4ac4e017c365cd216d459e6b81aa80c1f7cbb52b4a12d341c
SHA512 ceaab9f886615582c3d330685fb972599abb0594f379bcb3c527fac43ecbed66a7fec17b8ee0537e267c4c5891953f1ff44321722961febcab77960b2cabaedf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae723117cc9a776aca6d2fa6ad383012
SHA1 55f30fa90b03cdbdbf8d3bc1d11c22991a2980b8
SHA256 992351b69df76327fdf3db709c4ee62bea15767e97359ae9a7666538e20ff706
SHA512 167fe7fee7121e785daa0f78294e8ebc8ed0d451c6aef580a8fb57b6977e4d56f592ee84da02a0ea4a1de2586267fae70044123bb775f23b8f964773e1dc4696

memory/5880-100-0x0000000000400000-0x00000000004CE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-IMLDK.tmp\clipgrab-3.9.10-portable.tmp

MD5 8dcfbb299a19324bf353d70d7076bcbe
SHA1 aa8dd54f42f053ebe93785ba61f6a387f8afc56b
SHA256 1d71e2022fa2abae4c1e63dc7df8d65d0c1193516bca28c5eaf3817284182e30
SHA512 29bf4c7d28caa4dea9c5eea903484c951f7dbd3853afc9276553d389f65f5a470a71e4d800564d1008442b768da6fe614bf5cfd8a36546e77eb6181b782015d3

memory/5880-116-0x0000000000400000-0x00000000004CE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 931f901920b942d38f719d43ffbd1d84
SHA1 8bb18731aea79f3e45b572c14cd50418615c88c7
SHA256 54d25bb34d8b080def34b073fa9f05863de3075331781e5455933417c0edf650
SHA512 b9813f999090627dc4a6ee4399995c124f79cf7d52662c5eafdfa5f8f7f22dcc5e48573796f2078b5d471a2b2bf0eaf4dbce1d3900b8d0abce0ce1babe68fbe7

memory/5984-126-0x0000000000400000-0x0000000000685000-memory.dmp

memory/5984-128-0x0000000000400000-0x0000000000685000-memory.dmp

C:\Program Files (x86)\ClipGrab\clipgrab.exe

MD5 2fb391076899d2e446037f04139188da
SHA1 6df3ba9fd3356e82ad89e1fc05469c4190ac8d94
SHA256 47c6eecee0aca421478ef6ba8d245e0cf37997061540644c0d0720da36e20f38
SHA512 ab2edcf28a74370eb1eb1d01035622bb4e500b58bc4fdd556802099707b049ff8ce50003d362054a31363093b244a2dcf01c5746dd781105104416a77469b565

C:\Users\Admin\AppData\Local\Temp\is-TPG7U.tmp\vc_redist.x86.exe

MD5 310f8aadd8055f8b8eba1a6528be7d10
SHA1 3ee9622151e4b50837fcdfac1b085430f0181f4e
SHA256 54ad46ae80984aa48cae6361213692c96b3639e322730d28c7fb93b183c761da
SHA512 2872a30939f7ee20b494806574cf5b8b5a0976f8fe69bdbd77dde2483ce2a9e5458ff3636147e49a449e941a44ca2d79239e3da62fddb69fc5bced8ee1004ee5

C:\Windows\Temp\{19FD1EC9-1224-4BF6-9418-BF33CD7E7916}\.cr\vc_redist.x86.exe

MD5 9df0848b2753e9255f1a6b4cdc9a5a3e
SHA1 051469cd9e786b720ef6b70c35a1e184a643f520
SHA256 59089badd61acb47a07748c9018d3a959cf58f07de9902b0c45dffae3e566090
SHA512 518a78e77515b2fb21c5f66a760473a1f8ab5050e9bc65a4715ab178e568079f11f65fc173db59dd021b69fe0b606c42e50bf5f09a34ba2009a7b71e88033452

C:\Windows\Temp\{C105AD9B-4E48-416F-8D43-D14E1CA1CB43}\.ba\1055\license.rtf

MD5 f1a281f74d3e91d16dd26d1f313cd8a9
SHA1 ddb2ca9032c5a9c091eac53b679f6ba428077b00
SHA256 f79108a254f876e0f6bbcb05a9effbe25dc252e7ea256bfe3fd28ceb79737f25
SHA512 484c5ca26275427e1fb74d3217a22a0e4aac409aba973e78d7ad68834e7ad1d86c7855d34b227925200f941d288dfc09477b2d7dfe0856810c6c847297b8d625

C:\Windows\Temp\{C105AD9B-4E48-416F-8D43-D14E1CA1CB43}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{C105AD9B-4E48-416F-8D43-D14E1CA1CB43}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Program Files (x86)\ClipGrab\Qt5Network.dll

MD5 08b5fcf0369a4923befb05a3e7b91998
SHA1 4d44449f027120d59bd0c9725dcfe02102acc82e
SHA256 de3ef3d9ac16b03a6da9cc076bba081142ccd4a306777b6d1bbaa60980e20723
SHA512 629a3c3b3fd6c36a0a9ec93bbd325bd78e5044279720a32eb79041b08989f575c99992f352d710c167b79c19498fa002ae85afbb080302fb001ed0b44465eb06

C:\Program Files (x86)\ClipGrab\Qt5Gui.dll

MD5 c8bb97d7265ae7327eab7432c6496cf3
SHA1 c8ecab5cc7872a08ebb81edd00e95db85d56d6b5
SHA256 bd149755a4b0b7d721f9a355717855f488b16d8cbe177d0d88d9990359f5d4d5
SHA512 ec8c71336ff97e54252b3f8558a0471f8a14821ae91f90a32f1e9284eddfba6106d85eff25d5cf19d5273acaedb9ec23daf84e273ec0d6939e3c694e5da47085

C:\Program Files (x86)\ClipGrab\Qt5Core.dll

MD5 357cf7f517757f0689030f196dd7edc0
SHA1 248ae43e160e80c81718a9f26544be4e535cf20a
SHA256 fd3dd9dcc286e6d36cb7b3fc90c8f7f683d2e9eb449e0433af70118e726d3fe1
SHA512 f938d4e81c46bb2d4cea587a9040e6a9eac44942654e07f6b17b3e4d27d31d03b3b5226004a2e981e6c9eaf0c2faf42957607f278c9978f6033c901c93217b7f

C:\Program Files (x86)\ClipGrab\Qt5Xml.dll

MD5 fd0f95e872b99b61f0b7276e0ff76c28
SHA1 a90b20be2f436362782ac18182637f8dca1e9719
SHA256 9150d32aa158f9c555cc3b845fc8f776684f11ec014b47a96d498faad67e7a31
SHA512 25a4e5d74315f64171c16929da0fa049db9dd835cb912e2909bf442fc6383a424cdd52aec58c6eb6d335697651deff16f688ecac8c11310a1fe7383996bdcd94

C:\Program Files (x86)\ClipGrab\Qt5QuickWidgets.dll

MD5 42ce360f532e7e835ee94ee1226e1c19
SHA1 6c596c32575f081c86524742fcb11aa5e44ad213
SHA256 6b12b555d3bc465e106a26603b4bead895134ecd90b3201773415eab64cc69ac
SHA512 8f2772be5a6e375f06439f58c4b26277f93b8b777c950640c4699de6e0b0a99f7f33ebc6eac4b3a87a1e1b644c573b7ae5de9289d399fa41d732867c1bf95508

C:\Program Files (x86)\ClipGrab\Qt5Qml.dll

MD5 b92764b31b080972ad0682a0ba794db1
SHA1 a4b3b253da4078a0b9d536873a6e79a4ba070ad2
SHA256 4706a5ef8f1092da9d60af8722546ce8f23c98db7450c3f72521d4651aeb2a52
SHA512 077c7c285c038cec271fe21a2b77eaadf3ec7d6a288d24234d6e351bead294b7bb903ea2759cb852d8e3d0354fbac926292639375d82d4dbeb85e4c515ef4369

C:\Program Files (x86)\ClipGrab\Qt5Positioning.dll

MD5 92aa5c44793603758874f87ecc5c88ce
SHA1 f368193467f61e0edb4864422085e70770c88d76
SHA256 798cc99af70288093bfd09a5addfd55a80f9652e7dc79f0b51f7760c47de2c9e
SHA512 459b97983c236ad76438615dad7174aa64561c9a0d9fcda7f290411237d97411f503d2dbb2d90f0c61fc229a872971a96ab61bf7b9bfb8b1ea840f4621d10910

C:\Program Files (x86)\ClipGrab\Qt5WebChannel.dll

MD5 2a65f4f49a88417222bcf109b59247ef
SHA1 a165ff1b21ff45c11783b63f2f4e9f270f84f05e
SHA256 632a5d720f3f6371721f94e4665ac13988afde722d155aaa5364a27cbd46d3ac
SHA512 c260fdb3454994e15582feec31b63e8418c9b1d705ee06ac09aa4ac77782ac79f722c9c883714e462ef919834ddd569ea7fff2b7d616a2b210966013c8ad9add

C:\Program Files (x86)\ClipGrab\Qt5PrintSupport.dll

MD5 c9d5c7d715bbf74c31aab14893698778
SHA1 ee62edb71acb9eda4cb5f213a0b94940b972d7b3
SHA256 12717098b4d3f5f09ec19d091d1beb26d6df35e586bee511b9138be42d644e4a
SHA512 ee67880a737d1ec7c14cf84f20994bd34d8c8e39fc1763b634c311bc200ab6153f2f6760b217517a6190ccdf8076f4f9055062a011b3115c653c0ae4c5837330

C:\Program Files (x86)\ClipGrab\Qt5Quick.dll

MD5 7a517d5ee706c979876b97c789be8968
SHA1 7efc77f592389f94aa6980ecd3da7d39c960765f
SHA256 beb08a06b24ae1668441d47fbd434daa40ef6c4c45963351a0a6acdcd550bc31
SHA512 2656d980b31c5f6c34fae8b9ea719c06481195af6ff8b93a6297cae74783a2eaf6b808d539add7a1490e159ee19d2889308adb48491d719097d5459a7f798287

C:\Program Files (x86)\ClipGrab\Qt5Widgets.dll

MD5 db7034b133d238447a6f3704b65bbceb
SHA1 c834d45162f38f461a8eafe737301eb22056e913
SHA256 53d9f928141382a5ef60039562b200e03d18e8720f16fb0ee8072b45e94202a7
SHA512 837b7e675b752c372973ecb4a53de568fc087e5f3896916614d504405a0a1ae78d1be59f173c2a0b28b4b139924736208de2eb6ee767c78894b7834fae9bf9f1

C:\Program Files (x86)\ClipGrab\Qt5WebEngineWidgets.dll

MD5 9c30ad3a2ba28362ac506f50221e881d
SHA1 02497e8d0544d91318a2b6619b7c154cebee1073
SHA256 ce773742d6d80df75e9e462bd38bf237508541b3243dad57c48b4eb24f4ff3f1
SHA512 50bb8ac0f02bebe6aaa09554bfe8dd575681810239edeeb696b8170a8f4c3457a4ff3bf2e7ad9ed1b6a6c54f81201988c8e347f1fbff4e2ea2d348a72ca9aa70

memory/5984-422-0x0000000000400000-0x0000000000685000-memory.dmp

C:\Program Files (x86)\ClipGrab\platforms\qwindows.dll

MD5 b190c721612ac9d169f8b3a8f8b48a29
SHA1 206442dd161e878f1a6f83f3ebdb9208b56abfff
SHA256 ccb562f817d7015c78da4098bc576e7eaf3df1ebd55afb58d75f12dace9c761f
SHA512 951bc91302fcb1a28b7093f6867b379a90188733cec329efedb465ae27ae1a526a2d5f997816b26ed123d2401a9aa2854d26a003a65318f50e3a695d7948f6b7

memory/5984-425-0x0000000000400000-0x0000000000685000-memory.dmp

memory/5880-426-0x0000000000400000-0x00000000004CE000-memory.dmp

C:\Program Files (x86)\ClipGrab\libGLESv2.dll

MD5 02c59344a65e9893d7d2d0d79b570429
SHA1 d07d73aab1beaeeef57c03330add64afa5f20160
SHA256 adba2649650fa580fb301b69a74aa4ad0b8796a6b35179ff0a938be510db1b7d
SHA512 222ffdb94f4df18d25e5d77cb76ff95c0704dbd696796880bdc7c23c930546435ac5060233f3be9a5b2c058a721c15ffc542b9ba84aafe28dfc77498037f21df

C:\Program Files (x86)\ClipGrab\libEGL.dll

MD5 55813372944c5acaca0e38c22902a6e6
SHA1 8c3fbdcacecc971aac8823a52eb83082669220a3
SHA256 fc219ad27720cfb1b223d748c1b5bdd78886235f4254bfe8e0adaf168c7e9849
SHA512 73f504a1f7cda4082f370387304db701672d95409886362dd70f8599fc17a5b577d2b37dd8f012cecb6d6dffe4321906c2a07cdd7e12e2d31bb9df0fb2e97a7f

C:\Program Files (x86)\ClipGrab\styles\qwindowsvistastyle.dll

MD5 c1cc204987a532be5e7f22b2bec82815
SHA1 03ea72517453ab137c3b85194cbf8bf08c05d032
SHA256 f08b95bac860f6292342e5e2e3e506a603cd8d7f4a0e4a1b5d8fafa7c30cd65d
SHA512 684d653a777361d732b7383a7b699809e8c1e74bb04eff2b74a92ec860c305290014f5627eb56597ea1f3d1d5ed0e4167c0c62778e176d2d8615fe07404290af

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

MD5 bf955dfb106a42076aed62fc99ae73d9
SHA1 026353b9f9a1d4fd365bdf0890a16c1d6f2a64c6
SHA256 e79d9b4bd7b0420b974eb58eb15d6f072ee939f98acc93314a4cc750c6b7099d
SHA512 c86c8027087fecc0317bfdd6db9bccdf6bd42fc1eac77da400cfefe7f9aed9bf06ed5817f2dad02e423e4f33b6bd522598a3eb52e56c2a31bf58d811e26b952f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8542843ee5facf8cf96486bb86bed50b
SHA1 913a49802ccd3ce0265c3b0aacfd0c93950890dd
SHA256 1e25e4acd9f2a4786f57f5418b66869c712e89fe520833be0096f992b540bfc8
SHA512 66a7fe2c7fae381ede419b2f1d3b2ec23bb380a8a2d912c1d250508e1e99e217776b00c1dfec0a0efe535317f78c2b27538252fd7488b9c4e9744ddb632b650f

memory/3228-438-0x0000000000F60000-0x0000000004BBC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1a0c0ec4f9931a54b49eb975121f3bd7
SHA1 5f7ec205fbe4b2d5057359fbb8d62cc6f34d676c
SHA256 dbbfa2209195c55b19cfe2a5ff0167e462d7c93570f45e23ea002de8856321b5
SHA512 56300ab2175459426e89dc6ed8387852dea9d9ba857753b6917d24c11cddfd9c4447ca583b14f456e5302668c204dcdb423583c1a9412e4a4ff45131221036be

memory/5028-458-0x0000000000F60000-0x0000000004BBC000-memory.dmp

memory/5572-467-0x0000000000F60000-0x0000000004BBC000-memory.dmp

memory/5688-469-0x0000000000F60000-0x0000000004BBC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7bc611325ab0a7b249684cc410f17e8b
SHA1 8dccfb360701fafd641e00b6135592bebfff6f53
SHA256 41426c185f47ad916524966f5fb5c6ae27ba5e5fcdbef265c294d7575bd4ebc5
SHA512 9faad836aacde5972046254bef9419f67c3dcbdeee52191c37abe410b3cd7f8afa2b236a6fb9bfa8c1c8502db7cca6ce4b29bc4c1444cbd5e57098f1a4fcb338

memory/1572-544-0x0000000000F60000-0x0000000004BBC000-memory.dmp