Analysis Overview
Threat Level: Likely malicious
The file https://download.clipgrab.org/clipgrab-3.9.10-dotinstaller.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Checks computer location settings
Modifies system executable filetype association
Executes dropped EXE
Reads user/profile data of web browsers
Checks installed software on the system
Checks for any installed AV software in registry
Checks system information in the registry
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of SendNotifyMessage
Modifies system certificate store
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Script User-Agent
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
NTFS ADS
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-27 15:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 15:28
Reported
2024-10-27 15:31
Platform
win10v2004-20241007-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Program Files\McAfee\WebAdvisor\UIHost.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp | N/A |
Checks installed software on the system
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sr-Latn-CS.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ru-RU.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-FR.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sr-Latn-CS.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files (x86)\ClipGrab\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp | N/A |
| File created | C:\Program Files (x86)\ClipGrab\resources\is-PUG5I.tmp | C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hu-HU.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.css | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-it-IT.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ru-RU.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchsuggestcounter.luc | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\ClipGrab\imageformats\qico.dll | C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\minimize.png | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.css | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\taskmanager.dll | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\core\uiarbitratorhelper.luc | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-BR.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nl-NL.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\remapattributes.luc | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\ClipGrab\Qt5Widgets.dll | C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp | N/A |
| File created | C:\Program Files\McAfee\Temp1323362894\jslang\wa-res-shared-pt-PT.js | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-ES.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ru-RU.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\transport_ga.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\open_sideloaded_ext_alert_guide.png | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-PT.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-cs-CZ.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nb-NO.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-CN.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wsssetting.luc | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-CN.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-FR.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticshandleonnavigate.luc | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1323362894\jslang\wa-res-install-pl-PL.js | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-ES.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-CA.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sv-SE.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-it-IT.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticswpssetting.luc | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1323362894\logicscripts.cab | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close_icon.png | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp1323362894\jslang\eula-fi-FI.txt | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\amazon_upsell_handler.luc | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.html | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle-rebranding.html | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\ClipGrab\Qt5WebEngineCore.dll | C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp | N/A |
| File created | C:\Program Files (x86)\ClipGrab\python\is-LMU3I.tmp | C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-TW.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainmembership.luc | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files (x86)\ClipGrab\is-TCKOE.tmp | C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-it-IT.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_eng_observability.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendonping.luc | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\common.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-da-DK.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-sstoast-toggle-rebranding-step1.png | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ru-RU.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-US.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-1.png | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-en-US.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-TW.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-CA.js | C:\Program Files\McAfee\Temp1323362894\installer.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\ffmpeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\ffmpeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\clipgrab-3.9.10-dotinstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\ffmpeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\ffmpeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{F9B69CBD-FD6F-40FF-A630-43E9756E4C3B}\.cr\vc_redist.x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\ffmpeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\ffmpeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\clipgrab-3.9.10-portable.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\ffmpeg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\python\python.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\BannerNotificationHandler.BannerNotificationHandler.1 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\WOW6432NODE\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LOCALSERVER32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\CLSID = "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\ProgID\ = "FileSyncOutOfProcServices.FileSyncOutOfProcServices.1" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\WOW6432NODE\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\PROGID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\WOW6432NODE\INTERFACE\{E9DE26A1-51B2-47B4-B1BF-C87059CC02A7}\TYPELIB | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96" | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\FileSyncClient.FileSyncClient | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy.1\ = "SyncEngineStorageProviderHandlerProxy Class" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\ = "IFileSyncClient8" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ = "IOneDriveInfoProvider" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3" | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\ShellFolder\FolderValueFlags = "40" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\VersionIndependentProgID\ = "FileSyncClient.AutoPlayHandler" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\SYNCENGINECOMSERVER.SYNCENGINECOMSERVER\CLSID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}\TypeLib\ = "{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ = "ISyncEngineBandwidthLimiter" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\INTERFACE\{0776AE27-5AB9-4E18-9063-1836DA63117A}\TYPELIB | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\FileSyncClient.FileSyncClient\ = "FileSyncClient Class" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\INTERFACE\{C1439245-96B4-47FC-B391-679386C5D40F}\TYPELIB | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\ = "FileSyncEx" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\TypeLib\ = "{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByDirection = "1" | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\ = "IGetAllSharedFoldersCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\SyncEngineCOMServer.SyncEngineCOMServer.1 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\AppID\{EEABD3A3-784D-4334-AAFC-BB13234F17CF} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ = "PSFactoryBuffer" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 5c00000001000000040000000008000019000000010000001000000060e2dc65295f1062e558f3fef235ed3c030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e1d000000010000001000000054e2cd85ba79cda018fed9e6a863aa461400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b276200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f553000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000132020004700320000000f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b05040000000100000010000000d63981c6527e9669fcfcca66ed05f2962000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 040000000100000010000000d63981c6527e9669fcfcca66ed05f2960f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b050b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900200013202000470032000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c06200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f51400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b271d000000010000001000000054e2cd85ba79cda018fed9e6a863aa46030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e19000000010000001000000060e2dc65295f1062e558f3fef235ed3c2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 499418.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ClipGrab\clipgrab.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download.clipgrab.org/clipgrab-3.9.10-dotinstaller.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1d5946f8,0x7ffc1d594708,0x7ffc1d594718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8
C:\Users\Admin\Downloads\clipgrab-3.9.10-dotinstaller.exe
"C:\Users\Admin\Downloads\clipgrab-3.9.10-dotinstaller.exe"
C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp
"C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp" /SL5="$A0030,1870827,1112064,C:\Users\Admin\Downloads\clipgrab-3.9.10-dotinstaller.exe"
C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\clipgrab-3.9.10-portable.exe
"C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\clipgrab-3.9.10-portable.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp
"C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp" /SL5="$2027E,73456979,791040,C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\clipgrab-3.9.10-portable.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe" /install /passive /silent /norestart
C:\Windows\Temp\{F9B69CBD-FD6F-40FF-A630-43E9756E4C3B}\.cr\vc_redist.x86.exe
"C:\Windows\Temp\{F9B69CBD-FD6F-40FF-A630-43E9756E4C3B}\.cr\vc_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe" -burn.filehandle.attached=724 -burn.filehandle.self=676 /install /passive /silent /norestart
C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Program Files (x86)\ClipGrab\clipgrab.exe
"C:\Program Files (x86)\ClipGrab\clipgrab.exe"
C:\Program Files (x86)\ClipGrab\ffmpeg.exe
ffmpeg -v quiet
C:\Program Files (x86)\ClipGrab\ffmpeg.exe
ffmpeg -formats
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6000 -ip 6000
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 1900
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe
"C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6000 -ip 6000
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files\McAfee\Temp1323362894\installer.exe
"C:\Program Files\McAfee\Temp1323362894\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 992
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\clipgrab.exe
"C:\Program Files (x86)\ClipGrab\clipgrab.exe"
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\ffmpeg.exe
ffmpeg -v quiet
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\ffmpeg.exe
ffmpeg -formats
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=9868791293719838087 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=9868791293719838087 --renderer-client-id=2 --mojo-platform-channel-handle=2352 /prefetch:1
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=1275843910289792722 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=1275843910289792722 --renderer-client-id=3 --mojo-platform-channel-handle=2844 /prefetch:1
C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=10687016123077154597 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=10687016123077154597 --renderer-client-id=4 --mojo-platform-channel-handle=2908 /prefetch:1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=1297045078064382976 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=1297045078064382976 --renderer-client-id=2 --mojo-platform-channel-handle=2364 /prefetch:1
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp --version
C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=4695977709538547445 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=4695977709538547445 --renderer-client-id=3 --mojo-platform-channel-handle=2984 /prefetch:1
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp --version
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" --version
C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=8531023490097758893 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8531023490097758893 --renderer-client-id=4 --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=292854872331461388 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=292854872331461388 --renderer-client-id=5 --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp -J ytsearch16:\"creo\" --yes-playlist --flat-playlist
C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=12530503706022409873 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=12530503706022409873 --renderer-client-id=6 --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp -J --no-playlist https://www.youtube.com/watch?v=IDaP8LeYsrk
C:\Program Files (x86)\ClipGrab\ffmpeg.exe
ffmpeg -bsfs
C:\Program Files (x86)\ClipGrab\python\python.exe
"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp --newline --no-playlist --no-mtime -o C:/Users/Admin/AppData/Local/Temp/cg-youtube-dl-%(id)s-%(format_id)s.%(ext)s -f 270+140 https://www.youtube.com/watch?v=IDaP8LeYsrk
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\ClipGrab\ffmpeg.exe
ffmpeg -bsfs
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
C:\Program Files (x86)\ClipGrab\ffmpeg.exe
ffmpeg -y -loglevel repeat+info -i file:C:\Users\Admin\AppData\Local\Temp\cg-youtube-dl-IDaP8LeYsrk-270+140.f270.mp4 -i file:C:\Users\Admin\AppData\Local\Temp\cg-youtube-dl-IDaP8LeYsrk-270+140.f140.m4a -c copy -map 0:v:0 -map 1:a:0 -movflags +faststart file:C:\Users\Admin\AppData\Local\Temp\cg-youtube-dl-IDaP8LeYsrk-270+140.temp.mp4
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5872 /prefetch:2
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
/updateInstalled /background
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.clipgrab.org | udp |
| DE | 92.205.197.54:443 | download.clipgrab.org | tcp |
| US | 8.8.8.8:53 | 54.197.205.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1g2dvgwts5bro.cloudfront.net | udp |
| BE | 18.239.190.175:443 | d1g2dvgwts5bro.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 175.190.239.18.in-addr.arpa | udp |
| BE | 18.239.190.175:443 | d1g2dvgwts5bro.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 52.39.34.155:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 155.34.39.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 2.18.190.76:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 76.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| GB | 2.18.190.76:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | home.mcafee.com | udp |
| GB | 23.214.142.196:443 | home.mcafee.com | tcp |
| US | 8.8.8.8:53 | clipgrab.org | udp |
| DE | 92.205.197.54:443 | clipgrab.org | tcp |
| US | 52.39.34.155:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 196.142.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clipgrab.org | udp |
| DE | 92.205.197.54:443 | clipgrab.org | tcp |
| US | 8.8.8.8:53 | tracking.vanbittern.com | udp |
| DE | 195.201.99.9:443 | tracking.vanbittern.com | tcp |
| US | 8.8.8.8:53 | 9.99.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| DE | 92.205.197.54:443 | clipgrab.org | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 2.18.190.79:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | manifest.googlevideo.com | udp |
| GB | 142.250.179.238:443 | manifest.googlevideo.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | manifest.googlevideo.com | tcp |
| GB | 142.250.179.238:443 | manifest.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2---sn-aigzrn7z.googlevideo.com | udp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 103.135.194.173.in-addr.arpa | udp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 92.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.57.26.184.in-addr.arpa | udp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| GB | 173.194.135.103:443 | rr2---sn-aigzrn7z.googlevideo.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_3808_MBYWTJUYEVTDKLRD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc5414ddb0bf0d6abc1c51f07bd68606 |
| SHA1 | 9cecae9f9de61cf30b1baf3f267f69c555dfe483 |
| SHA256 | e5d6e8b7ac148d815d0c6b4a8dba32bd5c29cb8bdb47b9b48ad521b90204c51d |
| SHA512 | a5b0aa7b7263431cbd8f4e9a982ab648d7ff08aacafdf3740c1145cd2272ff33d7505ceaa767c5116b91075b26e492cb8ecbd7a258f403fbb02a27f36b680b85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\Downloads\Unconfirmed 499418.crdownload
| MD5 | d5351a9afa0356b886f609ff7f53603d |
| SHA1 | 7368de3db110e4398be3edd3afdd6bc48f7bb9fd |
| SHA256 | e92c5cf7509dd9792fac8202fb08295dfc9e5f18663db81bf07990de1bc85893 |
| SHA512 | 8c36c8ba6569eab077c25d2f7ec4da93eb660d7223fbc534b09aae663c858d4c4aa79d0b7cacec9da63f74daf3395e860eb22b2ae21df127a6c78b779bfd155f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d965041a086b0e600c9430e01b6d4cdc |
| SHA1 | 850adb002490af735d2a6eef0101c90499b0a8e2 |
| SHA256 | 1cb74b5adcf5969ee944db5ce5f7dd91f1470fbb0a74d753280a4de46684f732 |
| SHA512 | 2bd1112f69175779d2d573c593c438ba2ff564a8ee0270571636fe70499ac496ca3ed80858696c2127b7fff9c91cb4046361620f67cbe820e8b9da337a0aeae4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4370731b3df36fa6e21c16fed1fe2210 |
| SHA1 | 125b9e58de966a3a735bdf7862d82ac421cc3e81 |
| SHA256 | a54681a2ad00cf029f071e1577286345c29f1b6f7623307859a41c167996789d |
| SHA512 | 7c9f3a49ab9ce13ee7c2a1484986a38d500d51782f8aabf1163ad3cfbe78194006678b1842b44b53f17fd59f77ccbd7b73e816a1edbf1466b05206da4d90b1d0 |
memory/5888-98-0x0000000000400000-0x000000000051D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp
| MD5 | dfb84f0b32159220a4a1465628b5a751 |
| SHA1 | efe579c8abc58197846cc1cf236d0d47c63adcd8 |
| SHA256 | 527b0d6950701702b71588d925210bfa0abd545d64f4522771a0f6c57d90dbfe |
| SHA512 | e2eafd9c381ee644e01e5c2ae25a7e36d20843ccf87e6b5015aba7756e43dd4986cc394e741b1bfdc3e6ea6ff80ef947ef53fd7299dfbe61649db38f0d2d4e16 |
C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\zbShieldUtils.dll
| MD5 | b83f5833e96c2eb13f14dcca805d51a1 |
| SHA1 | 9976b0a6ef3dabeab064b188d77d870dcdaf086d |
| SHA256 | 00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401 |
| SHA512 | 8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb |
memory/6000-127-0x0000000004C80000-0x0000000004DC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\loader.gif
| MD5 | f23a523b82ad9103a9ac1dcc33eca72f |
| SHA1 | 5363bb6b51923441ef56638576307cc252f05a71 |
| SHA256 | 59853c413b0813ded6f1e557959768d6662f010f49884d36b62c13038fac739c |
| SHA512 | 514ec63f7ed80d0708f7e2355fad8a558b4dcf2d0122ff98fe7c3ca1f40e7cd04e8869ca7a3b95622c0848c0d99306d7e791b86ca69b9e240beae959ca6285be |
C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\WebAdvisor.png
| MD5 | 4cfff8dc30d353cd3d215fd3a5dbac24 |
| SHA1 | 0f4f73f0dddc75f3506e026ef53c45c6fafbc87e |
| SHA256 | 0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856 |
| SHA512 | 9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139 |
memory/6000-132-0x0000000004C80000-0x0000000004DC0000-memory.dmp
memory/5888-133-0x0000000000400000-0x000000000051D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b40ddce2da470f1f321b6935337a1efb |
| SHA1 | dd499013229ad0df8fd49ca622b35378600241af |
| SHA256 | 1d454015df3f05bcef7ac34c2c8e269dd973b2efc4be2a0056d09c9aa5e32b32 |
| SHA512 | aa06b052e0a90832d1d32ca1bbaaa538fe4e4419d0f8ac6d4173b739c0566118b448a9b4e52e315c139bfbc6e191dda58945b969ef7d089530f79d70323c815c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d5b33e16a8145a6e00b849f31eaee6b8 |
| SHA1 | 1f3060e3ba0450b09cfc6624cf5bf80367604bf7 |
| SHA256 | 06377d4607057f1011545165877b6496f96f46b296071ac2abe9862c4d60bbb9 |
| SHA512 | 300f84e4bedbebfbe4948ead9bd10f7aab45936f655028e866f286c5c3f793a255a93a01e514bbd9b1c101704873241775ea1314a32364e0169270d2dead0d78 |
memory/6000-152-0x0000000000400000-0x0000000000758000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\AVG_AV.png
| MD5 | aee8e80b35dcb3cf2a5733ba99231560 |
| SHA1 | 7bcf9feb3094b7d79d080597b56a18da5144ca7b |
| SHA256 | 35bbd8f390865173d65ba2f38320a04755541a0783e9f825fdb9862f80d97aa9 |
| SHA512 | dcd84221571bf809107f7aeaf94bab2f494ea0431b9dadb97feed63074322d1cf0446dbd52429a70186d3ecd631fb409102afcf7e11713e9c1041caacdb8b976 |
memory/6000-156-0x0000000004C80000-0x0000000004DC0000-memory.dmp
memory/5516-166-0x0000000000400000-0x00000000004CE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp
| MD5 | 8dcfbb299a19324bf353d70d7076bcbe |
| SHA1 | aa8dd54f42f053ebe93785ba61f6a387f8afc56b |
| SHA256 | 1d71e2022fa2abae4c1e63dc7df8d65d0c1193516bca28c5eaf3817284182e30 |
| SHA512 | 29bf4c7d28caa4dea9c5eea903484c951f7dbd3853afc9276553d389f65f5a470a71e4d800564d1008442b768da6fe614bf5cfd8a36546e77eb6181b782015d3 |
memory/6000-172-0x0000000000400000-0x0000000000758000-memory.dmp
C:\Program Files (x86)\ClipGrab\clipgrab.exe
| MD5 | 2fb391076899d2e446037f04139188da |
| SHA1 | 6df3ba9fd3356e82ad89e1fc05469c4190ac8d94 |
| SHA256 | 47c6eecee0aca421478ef6ba8d245e0cf37997061540644c0d0720da36e20f38 |
| SHA512 | ab2edcf28a74370eb1eb1d01035622bb4e500b58bc4fdd556802099707b049ff8ce50003d362054a31363093b244a2dcf01c5746dd781105104416a77469b565 |
C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe
| MD5 | 310f8aadd8055f8b8eba1a6528be7d10 |
| SHA1 | 3ee9622151e4b50837fcdfac1b085430f0181f4e |
| SHA256 | 54ad46ae80984aa48cae6361213692c96b3639e322730d28c7fb93b183c761da |
| SHA512 | 2872a30939f7ee20b494806574cf5b8b5a0976f8fe69bdbd77dde2483ce2a9e5458ff3636147e49a449e941a44ca2d79239e3da62fddb69fc5bced8ee1004ee5 |
C:\Windows\Temp\{F9B69CBD-FD6F-40FF-A630-43E9756E4C3B}\.cr\vc_redist.x86.exe
| MD5 | 9df0848b2753e9255f1a6b4cdc9a5a3e |
| SHA1 | 051469cd9e786b720ef6b70c35a1e184a643f520 |
| SHA256 | 59089badd61acb47a07748c9018d3a959cf58f07de9902b0c45dffae3e566090 |
| SHA512 | 518a78e77515b2fb21c5f66a760473a1f8ab5050e9bc65a4715ab178e568079f11f65fc173db59dd021b69fe0b606c42e50bf5f09a34ba2009a7b71e88033452 |
C:\Windows\Temp\{8E356B6B-3395-48F3-90E3-751B9BEE846B}\.ba\1055\license.rtf
| MD5 | f1a281f74d3e91d16dd26d1f313cd8a9 |
| SHA1 | ddb2ca9032c5a9c091eac53b679f6ba428077b00 |
| SHA256 | f79108a254f876e0f6bbcb05a9effbe25dc252e7ea256bfe3fd28ceb79737f25 |
| SHA512 | 484c5ca26275427e1fb74d3217a22a0e4aac409aba973e78d7ad68834e7ad1d86c7855d34b227925200f941d288dfc09477b2d7dfe0856810c6c847297b8d625 |
C:\Windows\Temp\{8E356B6B-3395-48F3-90E3-751B9BEE846B}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{8E356B6B-3395-48F3-90E3-751B9BEE846B}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
memory/5576-422-0x0000000000400000-0x0000000000685000-memory.dmp
memory/5516-423-0x0000000000400000-0x00000000004CE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0.zip
| MD5 | f68008b70822bd28c82d13a289deb418 |
| SHA1 | 06abbe109ba6dfd4153d76cd65bfffae129c41d8 |
| SHA256 | cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589 |
| SHA512 | fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253 |
C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
memory/6000-459-0x0000000004C80000-0x0000000004DC0000-memory.dmp
memory/6000-460-0x0000000000400000-0x0000000000758000-memory.dmp
C:\Program Files (x86)\ClipGrab\Qt5WebEngineWidgets.dll
| MD5 | 9c30ad3a2ba28362ac506f50221e881d |
| SHA1 | 02497e8d0544d91318a2b6619b7c154cebee1073 |
| SHA256 | ce773742d6d80df75e9e462bd38bf237508541b3243dad57c48b4eb24f4ff3f1 |
| SHA512 | 50bb8ac0f02bebe6aaa09554bfe8dd575681810239edeeb696b8170a8f4c3457a4ff3bf2e7ad9ed1b6a6c54f81201988c8e347f1fbff4e2ea2d348a72ca9aa70 |
C:\Program Files (x86)\ClipGrab\Qt5QuickWidgets.dll
| MD5 | 42ce360f532e7e835ee94ee1226e1c19 |
| SHA1 | 6c596c32575f081c86524742fcb11aa5e44ad213 |
| SHA256 | 6b12b555d3bc465e106a26603b4bead895134ecd90b3201773415eab64cc69ac |
| SHA512 | 8f2772be5a6e375f06439f58c4b26277f93b8b777c950640c4699de6e0b0a99f7f33ebc6eac4b3a87a1e1b644c573b7ae5de9289d399fa41d732867c1bf95508 |
C:\Program Files (x86)\ClipGrab\Qt5Positioning.dll
| MD5 | 92aa5c44793603758874f87ecc5c88ce |
| SHA1 | f368193467f61e0edb4864422085e70770c88d76 |
| SHA256 | 798cc99af70288093bfd09a5addfd55a80f9652e7dc79f0b51f7760c47de2c9e |
| SHA512 | 459b97983c236ad76438615dad7174aa64561c9a0d9fcda7f290411237d97411f503d2dbb2d90f0c61fc229a872971a96ab61bf7b9bfb8b1ea840f4621d10910 |
C:\Program Files (x86)\ClipGrab\Qt5Qml.dll
| MD5 | b92764b31b080972ad0682a0ba794db1 |
| SHA1 | a4b3b253da4078a0b9d536873a6e79a4ba070ad2 |
| SHA256 | 4706a5ef8f1092da9d60af8722546ce8f23c98db7450c3f72521d4651aeb2a52 |
| SHA512 | 077c7c285c038cec271fe21a2b77eaadf3ec7d6a288d24234d6e351bead294b7bb903ea2759cb852d8e3d0354fbac926292639375d82d4dbeb85e4c515ef4369 |
C:\Program Files (x86)\ClipGrab\Qt5Gui.dll
| MD5 | c8bb97d7265ae7327eab7432c6496cf3 |
| SHA1 | c8ecab5cc7872a08ebb81edd00e95db85d56d6b5 |
| SHA256 | bd149755a4b0b7d721f9a355717855f488b16d8cbe177d0d88d9990359f5d4d5 |
| SHA512 | ec8c71336ff97e54252b3f8558a0471f8a14821ae91f90a32f1e9284eddfba6106d85eff25d5cf19d5273acaedb9ec23daf84e273ec0d6939e3c694e5da47085 |
C:\Program Files (x86)\ClipGrab\libGLESV2.dll
| MD5 | 02c59344a65e9893d7d2d0d79b570429 |
| SHA1 | d07d73aab1beaeeef57c03330add64afa5f20160 |
| SHA256 | adba2649650fa580fb301b69a74aa4ad0b8796a6b35179ff0a938be510db1b7d |
| SHA512 | 222ffdb94f4df18d25e5d77cb76ff95c0704dbd696796880bdc7c23c930546435ac5060233f3be9a5b2c058a721c15ffc542b9ba84aafe28dfc77498037f21df |
C:\Program Files (x86)\ClipGrab\libEGL.dll
| MD5 | 55813372944c5acaca0e38c22902a6e6 |
| SHA1 | 8c3fbdcacecc971aac8823a52eb83082669220a3 |
| SHA256 | fc219ad27720cfb1b223d748c1b5bdd78886235f4254bfe8e0adaf168c7e9849 |
| SHA512 | 73f504a1f7cda4082f370387304db701672d95409886362dd70f8599fc17a5b577d2b37dd8f012cecb6d6dffe4321906c2a07cdd7e12e2d31bb9df0fb2e97a7f |
C:\Program Files (x86)\ClipGrab\platforms\qwindows.dll
| MD5 | b190c721612ac9d169f8b3a8f8b48a29 |
| SHA1 | 206442dd161e878f1a6f83f3ebdb9208b56abfff |
| SHA256 | ccb562f817d7015c78da4098bc576e7eaf3df1ebd55afb58d75f12dace9c761f |
| SHA512 | 951bc91302fcb1a28b7093f6867b379a90188733cec329efedb465ae27ae1a526a2d5f997816b26ed123d2401a9aa2854d26a003a65318f50e3a695d7948f6b7 |
C:\Program Files (x86)\ClipGrab\Qt5WebChannel.dll
| MD5 | 2a65f4f49a88417222bcf109b59247ef |
| SHA1 | a165ff1b21ff45c11783b63f2f4e9f270f84f05e |
| SHA256 | 632a5d720f3f6371721f94e4665ac13988afde722d155aaa5364a27cbd46d3ac |
| SHA512 | c260fdb3454994e15582feec31b63e8418c9b1d705ee06ac09aa4ac77782ac79f722c9c883714e462ef919834ddd569ea7fff2b7d616a2b210966013c8ad9add |
C:\Program Files (x86)\ClipGrab\Qt5Network.dll
| MD5 | 08b5fcf0369a4923befb05a3e7b91998 |
| SHA1 | 4d44449f027120d59bd0c9725dcfe02102acc82e |
| SHA256 | de3ef3d9ac16b03a6da9cc076bba081142ccd4a306777b6d1bbaa60980e20723 |
| SHA512 | 629a3c3b3fd6c36a0a9ec93bbd325bd78e5044279720a32eb79041b08989f575c99992f352d710c167b79c19498fa002ae85afbb080302fb001ed0b44465eb06 |
memory/1668-499-0x00000000008B0000-0x000000000450C000-memory.dmp
C:\Program Files (x86)\ClipGrab\Qt5Widgets.dll
| MD5 | db7034b133d238447a6f3704b65bbceb |
| SHA1 | c834d45162f38f461a8eafe737301eb22056e913 |
| SHA256 | 53d9f928141382a5ef60039562b200e03d18e8720f16fb0ee8072b45e94202a7 |
| SHA512 | 837b7e675b752c372973ecb4a53de568fc087e5f3896916614d504405a0a1ae78d1be59f173c2a0b28b4b139924736208de2eb6ee767c78894b7834fae9bf9f1 |
C:\Program Files (x86)\ClipGrab\Qt5Core.dll
| MD5 | 357cf7f517757f0689030f196dd7edc0 |
| SHA1 | 248ae43e160e80c81718a9f26544be4e535cf20a |
| SHA256 | fd3dd9dcc286e6d36cb7b3fc90c8f7f683d2e9eb449e0433af70118e726d3fe1 |
| SHA512 | f938d4e81c46bb2d4cea587a9040e6a9eac44942654e07f6b17b3e4d27d31d03b3b5226004a2e981e6c9eaf0c2faf42957607f278c9978f6033c901c93217b7f |
C:\Program Files (x86)\ClipGrab\Qt5PrintSupport.dll
| MD5 | c9d5c7d715bbf74c31aab14893698778 |
| SHA1 | ee62edb71acb9eda4cb5f213a0b94940b972d7b3 |
| SHA256 | 12717098b4d3f5f09ec19d091d1beb26d6df35e586bee511b9138be42d644e4a |
| SHA512 | ee67880a737d1ec7c14cf84f20994bd34d8c8e39fc1763b634c311bc200ab6153f2f6760b217517a6190ccdf8076f4f9055062a011b3115c653c0ae4c5837330 |
C:\Program Files (x86)\ClipGrab\Qt5Quick.dll
| MD5 | 7a517d5ee706c979876b97c789be8968 |
| SHA1 | 7efc77f592389f94aa6980ecd3da7d39c960765f |
| SHA256 | beb08a06b24ae1668441d47fbd434daa40ef6c4c45963351a0a6acdcd550bc31 |
| SHA512 | 2656d980b31c5f6c34fae8b9ea719c06481195af6ff8b93a6297cae74783a2eaf6b808d539add7a1490e159ee19d2889308adb48491d719097d5459a7f798287 |
C:\Program Files (x86)\ClipGrab\Qt5Xml.dll
| MD5 | fd0f95e872b99b61f0b7276e0ff76c28 |
| SHA1 | a90b20be2f436362782ac18182637f8dca1e9719 |
| SHA256 | 9150d32aa158f9c555cc3b845fc8f776684f11ec014b47a96d498faad67e7a31 |
| SHA512 | 25a4e5d74315f64171c16929da0fa049db9dd835cb912e2909bf442fc6383a424cdd52aec58c6eb6d335697651deff16f688ecac8c11310a1fe7383996bdcd94 |
memory/4748-506-0x00000000008B0000-0x000000000450C000-memory.dmp
memory/6000-523-0x0000000000400000-0x0000000000758000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe
| MD5 | f67236c6db8c7def8172b9cd9e3c9922 |
| SHA1 | e972b87c313496ea40d8719dfed4089d4334299f |
| SHA256 | 427ee14cd3271c7f06bb614e9f7e017c2d7406616be15bd0848ad7e45990fa9d |
| SHA512 | 29e3a906049640796a426dfab3e0671649d066728d2c9882cdc0b02e1dc906d62991e929736eca6268a71223a86ef228df9739494f70de3458641dc992a4364c |
memory/5188-680-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-679-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-678-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-677-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-681-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-683-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-682-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-684-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-685-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-687-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-686-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-689-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5888-695-0x0000000000400000-0x000000000051D000-memory.dmp
memory/5188-705-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-701-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-700-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-699-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-698-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-697-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-696-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-694-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-692-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-690-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-707-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-717-0x00007FF7F65B0000-0x00007FF7F65C0000-memory.dmp
memory/5188-708-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-710-0x00007FF82ADE0000-0x00007FF82ADF0000-memory.dmp
memory/5188-706-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-704-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-703-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-702-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp
memory/5188-747-0x00007FF817920000-0x00007FF817930000-memory.dmp
memory/5188-742-0x00007FF7CBB40000-0x00007FF7CBB50000-memory.dmp
memory/5188-726-0x00007FF7CBB40000-0x00007FF7CBB50000-memory.dmp
memory/5188-718-0x00007FF81C3E0000-0x00007FF81C3F0000-memory.dmp
memory/5188-810-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp
memory/5188-808-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp
memory/5188-802-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp
memory/5188-800-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp
memory/5188-790-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp
memory/5188-788-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp
memory/5188-776-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp
memory/5188-755-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 37bdff817971b6660f58af56788f0b1a |
| SHA1 | 31f2bbd305efe1cc5924b7e1d5fa88ccf174cd60 |
| SHA256 | 1b3e166ad57165a0c817880b70b3561084455136bf13397acbc0c909009d80cf |
| SHA512 | 17cfedb1ac07152fa4ecb20f893d22e755e190f2fa804a00938f3c0399951ad16a9b41bfe21b6830b272b24b54961af12ccb53933a45a13583d43fb85df4e3f6 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | f437d23f32f44c96619a11218010beae |
| SHA1 | d199488c276da865fb10b4c2916c319d72da1e33 |
| SHA256 | b5e823767f65a09cac9b911355aceb6eefd3e5dcdf0e478387c1b86b0412369a |
| SHA512 | 970803613d4ea7fc0a438b9087d9b6affcfa25ed2b91dd65f68c2d74b16f0a69e2c0628448de8eb2b04d423c02243c9eecd4c3dcb89b5c920a7e66b14d4056bf |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | 706883dc663c12dfa0f5aa1342671a73 |
| SHA1 | 5421f6e9705e2bc75d1341f38c69e42d05eeba0c |
| SHA256 | 48274896eded305fe3254f86dbb3f0f7322c9020462f4e07de090d2ab3559ed9 |
| SHA512 | 677f0cbef32e974c4e1768cff5e4279ff210c983501eca881d8228f3af0afa699388aa6e376bfabd305bca0788989673fc2d055f18899b324b389990deaa8782 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | f2aa1ca29a122342d0e8a0d2d706bf1d |
| SHA1 | c6c874d115634bd451a53092980ad531f35f0c4a |
| SHA256 | f20e6928534e5eeebbce2bfbbd23a2677bbc8f0b52d5d76d359d83ec1e08285b |
| SHA512 | b1ce47d67e78f13890bab7cd5d8b71f51ca515cbfac138ef1065c7e3e746382cf9c35e4531334cf24572da7be1c049eff1707bceafac870773e01b0b614f16fd |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | a98ca243087b9f38e1b74aa54149ec29 |
| SHA1 | 929d818ce6d66b9a26f528e17bccf09cb8f11a6c |
| SHA256 | a1bf8aebdb781933a37af2392a34972267aea8d047dfdc639d0b75180a8d5102 |
| SHA512 | 90d2b68534b6544f56f6ac96fea2edbc55a6d1e53fdecec0db5869b00a8ef6174ffdd029d391b4db1cfc4a6235ed54b20c9d1d7e9e0600612fa980388266643e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1a0c0ec4f9931a54b49eb975121f3bd7 |
| SHA1 | 5f7ec205fbe4b2d5057359fbb8d62cc6f34d676c |
| SHA256 | dbbfa2209195c55b19cfe2a5ff0167e462d7c93570f45e23ea002de8856321b5 |
| SHA512 | 56300ab2175459426e89dc6ed8387852dea9d9ba857753b6917d24c11cddfd9c4447ca583b14f456e5302668c204dcdb423583c1a9412e4a4ff45131221036be |
C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt
| MD5 | 23aa88af8728eac8919ef7d12a2f1aeb |
| SHA1 | eb27330c7d9eb4de42205a1913410c1647a68d72 |
| SHA256 | d1416b0c115d13bbd7bb9af192a45ef873848306198400913f4ba2e8f2dd9cbe |
| SHA512 | 5f540a0c3f1c8ae688bbc161e568c41c3f549ccc028a05f5d8dba079144b8c8bce3ee4416e084da4046528375cacb28941aa5ad7ba0ee2f0b4b944d00bc97897 |
C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt
| MD5 | 813095a1a85b1aed6a7a66a602abd34f |
| SHA1 | e0bcb72f922c6c006a9a4bd1d8213725694350d2 |
| SHA256 | d313d92bc808a886c57192ed96aeac94f82823fcbbdfaa6bfad5307e035c1b68 |
| SHA512 | 5744dc3059b0423864315e57ae92c80d78acb4a795050fda404fb17d5a8cfcf2d7d04e2b036dc819ddc4626f355c0cc54de19070b6737d19ff48c44a9aa1b8c9 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json
| MD5 | e516a60bc980095e8d156b1a99ab5eee |
| SHA1 | 238e243ffc12d4e012fd020c9822703109b987f6 |
| SHA256 | 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7 |
| SHA512 | 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPUS7TYC\update100[1].xml
| MD5 | 53244e542ddf6d280a2b03e28f0646b7 |
| SHA1 | d9925f810a95880c92974549deead18d56f19c37 |
| SHA256 | 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d |
| SHA512 | 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62 |
C:\Users\Admin\AppData\Local\Temp\cg-youtube-dl-IDaP8LeYsrk-270+140.f270.mp4.part
| MD5 | 33d3819f67b433ae81f68a05d833f1cc |
| SHA1 | e6d1da67ace6b38424f38e9d74b5b0378c05859a |
| SHA256 | a3e75b0a28801e8d7bf04a79ead21213fa3af7e58fcbf2571dbcb79581868d7c |
| SHA512 | 8edff9e150c72a786c6753ec18b53ef414bf4eacaf4e33a64d81ae7ccb8b8ee440a705a8bdedfd87dd35ff3e3076fe41bd3e7533567c4e07544a64f9868584b8 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 177ab9a20825884176aa5971a4af1e9e |
| SHA1 | bdf86bd55c008bba5bbe33d5de457e822e5a318e |
| SHA256 | 3427adb07b94350f0a86d02636b13cc4fb08b21b7d5d6ce9ec8c4de60a61d0f5 |
| SHA512 | 5c2a2f6c4eb3c629762dbc2019705387b2b2f81f97c8d90980b124ebc3c8f545008d4f6471e286b256be809ab6975375a99461e118ed6fd7f4a689ca2325201b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
| MD5 | fb4aa59c92c9b3263eb07e07b91568b5 |
| SHA1 | 6071a3e3c4338b90d892a8416b6a92fbfe25bb67 |
| SHA256 | e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9 |
| SHA512 | 60aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini
| MD5 | d503f91c0326e6a03310d06a67690ac6 |
| SHA1 | 4f0c48d527d35b2f6c09d936b88337b1cfede378 |
| SHA256 | 910d63e68cf3e97668dafd9f443c7dde80c6b8b4fe678f81d4ddcc27ac8a49f5 |
| SHA512 | 628ae169d6bbdd93c44f45abadbb2232b4d9678ca05fd4f7dec84c4f25ee73707b8eb5ba707fa1997d4dac262c7079a70ce670973f15880772fa2c3f736c1079 |
C:\Users\Admin\AppData\Local\Temp\tmp82B3.tmp
| MD5 | 5b16ef80abd2b4ace517c4e98f4ff551 |
| SHA1 | 438806a0256e075239aa8bbec9ba3d3fb634af55 |
| SHA256 | bbc70091b3834af5413b9658b07269badd4cae8d96724bf1f7919f6aab595009 |
| SHA512 | 69a22b063ab92ca7e941b826400c62be41ae0317143387c8aa8c727b5c9ee3528ddd4014de22a2a2e2cbae801cb041fe477d68d2684353cdf6c83d7ee97c43d4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini
| MD5 | cc04d6015cd4395c9b980b280254156e |
| SHA1 | 87b176f1330dc08d4ffabe3f7e77da4121c8e749 |
| SHA256 | 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e |
| SHA512 | d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe
| MD5 | c2938eb5ff932c2540a1514cc82c197c |
| SHA1 | 2d7da1c3bfa4755ba0efec5317260d239cbb51c3 |
| SHA256 | 5d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665 |
| SHA512 | 5deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png
| MD5 | 771bc7583fe704745a763cd3f46d75d2 |
| SHA1 | e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752 |
| SHA256 | 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d |
| SHA512 | 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png
| MD5 | b83ac69831fd735d5f3811cc214c7c43 |
| SHA1 | 5b549067fdd64dcb425b88fabe1b1ca46a9a8124 |
| SHA256 | cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185 |
| SHA512 | 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png
| MD5 | 72747c27b2f2a08700ece584c576af89 |
| SHA1 | 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33 |
| SHA256 | 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b |
| SHA512 | 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png
| MD5 | e01cdbbd97eebc41c63a280f65db28e9 |
| SHA1 | 1c2657880dd1ea10caf86bd08312cd832a967be1 |
| SHA256 | 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f |
| SHA512 | ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png
| MD5 | 09773d7bb374aeec469367708fcfe442 |
| SHA1 | 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6 |
| SHA256 | 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2 |
| SHA512 | f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png
| MD5 | 19876b66df75a2c358c37be528f76991 |
| SHA1 | 181cab3db89f416f343bae9699bf868920240c8b |
| SHA256 | a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425 |
| SHA512 | 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png
| MD5 | 8347d6f79f819fcf91e0c9d3791d6861 |
| SHA1 | 5591cf408f0adaa3b86a5a30b0112863ec3d6d28 |
| SHA256 | e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750 |
| SHA512 | 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png
| MD5 | de5ba8348a73164c66750f70f4b59663 |
| SHA1 | 1d7a04b74bd36ecac2f5dae6921465fc27812fec |
| SHA256 | a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73 |
| SHA512 | 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png
| MD5 | f1c75409c9a1b823e846cc746903e12c |
| SHA1 | f0e1f0cf35369544d88d8a2785570f55f6024779 |
| SHA256 | fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6 |
| SHA512 | ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png
| MD5 | adbbeb01272c8d8b14977481108400d6 |
| SHA1 | 1cc6868eec36764b249de193f0ce44787ba9dd45 |
| SHA256 | 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85 |
| SHA512 | c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png
| MD5 | 57a6876000151c4303f99e9a05ab4265 |
| SHA1 | 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794 |
| SHA256 | 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4 |
| SHA512 | c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png
| MD5 | d03b7edafe4cb7889418f28af439c9c1 |
| SHA1 | 16822a2ab6a15dda520f28472f6eeddb27f81178 |
| SHA256 | a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665 |
| SHA512 | 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png
| MD5 | 2c7a9e323a69409f4b13b1c3244074c4 |
| SHA1 | 3c77c1b013691fa3bdff5677c3a31b355d3e2205 |
| SHA256 | 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2 |
| SHA512 | 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png
| MD5 | f4e9f958ed6436aef6d16ee6868fa657 |
| SHA1 | b14bc7aaca388f29570825010ebc17ca577b292f |
| SHA256 | 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b |
| SHA512 | cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png
| MD5 | e593676ee86a6183082112df974a4706 |
| SHA1 | c4e91440312dea1f89777c2856cb11e45d95fe55 |
| SHA256 | deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb |
| SHA512 | 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png
| MD5 | 13e6baac125114e87f50c21017b9e010 |
| SHA1 | 561c84f767537d71c901a23a061213cf03b27a58 |
| SHA256 | 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e |
| SHA512 | 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png
| MD5 | a23c55ae34e1b8d81aa34514ea792540 |
| SHA1 | 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf |
| SHA256 | 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd |
| SHA512 | 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png
| MD5 | 552b0304f2e25a1283709ad56c4b1a85 |
| SHA1 | 92a9d0d795852ec45beae1d08f8327d02de8994e |
| SHA256 | 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535 |
| SHA512 | 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png
| MD5 | 22e17842b11cd1cb17b24aa743a74e67 |
| SHA1 | f230cb9e5a6cb027e6561fabf11a909aa3ba0207 |
| SHA256 | 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42 |
| SHA512 | 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png
| MD5 | 3c29933ab3beda6803c4b704fba48c53 |
| SHA1 | 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c |
| SHA256 | 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633 |
| SHA512 | 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png
| MD5 | 1f156044d43913efd88cad6aa6474d73 |
| SHA1 | 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26 |
| SHA256 | 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816 |
| SHA512 | df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png
| MD5 | 09f3f8485e79f57f0a34abd5a67898ca |
| SHA1 | e68ae5685d5442c1b7acc567dc0b1939cad5f41a |
| SHA256 | 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3 |
| SHA512 | 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png
| MD5 | ed306d8b1c42995188866a80d6b761de |
| SHA1 | eadc119bec9fad65019909e8229584cd6b7e0a2b |
| SHA256 | 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301 |
| SHA512 | 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png
| MD5 | d9d00ecb4bb933cdbb0cd1b5d511dcf5 |
| SHA1 | 4e41b1eda56c4ebe5534eb49e826289ebff99dd9 |
| SHA256 | 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89 |
| SHA512 | 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png
| MD5 | 096d0e769212718b8de5237b3427aacc |
| SHA1 | 4b912a0f2192f44824057832d9bb08c1a2c76e72 |
| SHA256 | 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef |
| SHA512 | 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri
| MD5 | 7473be9c7899f2a2da99d09c596b2d6d |
| SHA1 | 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac |
| SHA256 | e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3 |
| SHA512 | a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml
| MD5 | 5ae2d05d894d1a55d9a1e4f593c68969 |
| SHA1 | a983584f58d68552e639601538af960a34fa1da7 |
| SHA256 | d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c |
| SHA512 | 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe
| MD5 | 9cdabfbf75fd35e615c9f85fedafce8a |
| SHA1 | 57b7fc9bf59cf09a9c19ad0ce0a159746554d682 |
| SHA256 | 969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673 |
| SHA512 | 348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
| MD5 | 57bd9bd545af2b0f2ce14a33ca57ece9 |
| SHA1 | 15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1 |
| SHA256 | a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf |
| SHA512 | d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39 |