Malware Analysis Report

2025-01-22 08:47

Sample ID 241027-swr2bswphr
Target https://download.clipgrab.org/clipgrab-3.9.10-dotinstaller.exe
Tags
discovery persistence privilege_escalation spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://download.clipgrab.org/clipgrab-3.9.10-dotinstaller.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence privilege_escalation spyware stealer

Downloads MZ/PE file

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Modifies system executable filetype association

Executes dropped EXE

Reads user/profile data of web browsers

Checks installed software on the system

Checks for any installed AV software in registry

Checks system information in the registry

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of SendNotifyMessage

Modifies system certificate store

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Script User-Agent

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 15:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 15:28

Reported

2024-10-27 15:31

Platform

win10v2004-20241007-en

Max time kernel

128s

Max time network

138s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download.clipgrab.org/clipgrab-3.9.10-dotinstaller.exe

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\clipgrab-3.9.10-dotinstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\clipgrab-3.9.10-portable.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe N/A
N/A N/A C:\Windows\Temp\{F9B69CBD-FD6F-40FF-A630-43E9756E4C3B}\.cr\vc_redist.x86.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Windows\Temp\{F9B69CBD-FD6F-40FF-A630-43E9756E4C3B}\.cr\vc_redist.x86.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\python\python.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sr-Latn-CS.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ru-RU.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-FR.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sr-Latn-CS.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files (x86)\ClipGrab\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\resources\is-PUG5I.tmp C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hu-HU.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.css C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-it-IT.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ru-RU.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchsuggestcounter.luc C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File opened for modification C:\Program Files (x86)\ClipGrab\imageformats\qico.dll C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\minimize.png C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.css C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\taskmanager.dll C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\core\uiarbitratorhelper.luc C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-BR.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nl-NL.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\remapattributes.luc C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File opened for modification C:\Program Files (x86)\ClipGrab\Qt5Widgets.dll C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files\McAfee\Temp1323362894\jslang\wa-res-shared-pt-PT.js C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-ES.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ru-RU.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\transport_ga.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\open_sideloaded_ext_alert_guide.png C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-PT.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-cs-CZ.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nb-NO.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-CN.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wsssetting.luc C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-CN.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-FR.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticshandleonnavigate.luc C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\Temp1323362894\jslang\wa-res-install-pl-PL.js C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-ES.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-CA.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sv-SE.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-it-IT.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticswpssetting.luc C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\Temp1323362894\logicscripts.cab C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close_icon.png C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\Temp1323362894\jslang\eula-fi-FI.txt C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\amazon_upsell_handler.luc C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.html C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle-rebranding.html C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File opened for modification C:\Program Files (x86)\ClipGrab\Qt5WebEngineCore.dll C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files (x86)\ClipGrab\python\is-LMU3I.tmp C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-TW.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainmembership.luc C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files (x86)\ClipGrab\is-TCKOE.tmp C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-it-IT.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_eng_observability.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendonping.luc C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\common.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-da-DK.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-sstoast-toggle-rebranding-step1.png C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ru-RU.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-US.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-1.png C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-en-US.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-TW.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-CA.js C:\Program Files\McAfee\Temp1323362894\installer.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\clipgrab-3.9.10-dotinstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{F9B69CBD-FD6F-40FF-A630-43E9756E4C3B}\.cr\vc_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\clipgrab-3.9.10-portable.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\ffmpeg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\python\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\BannerNotificationHandler.BannerNotificationHandler.1 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\WOW6432NODE\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\CLSID = "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\ProgID\ = "FileSyncOutOfProcServices.FileSyncOutOfProcServices.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\WOW6432NODE\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\PROGID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\WOW6432NODE\INTERFACE\{E9DE26A1-51B2-47B4-B1BF-C87059CC02A7}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96" C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\FileSyncClient.FileSyncClient C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy.1\ = "SyncEngineStorageProviderHandlerProxy Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\ = "IFileSyncClient8" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ = "IOneDriveInfoProvider" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3" C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\ShellFolder\FolderValueFlags = "40" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\VersionIndependentProgID\ = "FileSyncClient.AutoPlayHandler" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\SYNCENGINECOMSERVER.SYNCENGINECOMSERVER\CLSID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}\TypeLib\ = "{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ = "ISyncEngineBandwidthLimiter" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\INTERFACE\{0776AE27-5AB9-4E18-9063-1836DA63117A}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\FileSyncClient.FileSyncClient\ = "FileSyncClient Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_CLASSES\INTERFACE\{C1439245-96B4-47FC-B391-679386C5D40F}\TYPELIB C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\ = "FileSyncEx" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\TypeLib\ = "{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByDirection = "1" C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\ = "IGetAllSharedFoldersCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\SyncEngineCOMServer.SyncEngineCOMServer.1 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\AppID\{EEABD3A3-784D-4334-AAFC-BB13234F17CF} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ = "PSFactoryBuffer" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 5c00000001000000040000000008000019000000010000001000000060e2dc65295f1062e558f3fef235ed3c030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e1d000000010000001000000054e2cd85ba79cda018fed9e6a863aa461400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b276200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f553000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000132020004700320000000f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b05040000000100000010000000d63981c6527e9669fcfcca66ed05f2962000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 040000000100000010000000d63981c6527e9669fcfcca66ed05f2960f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b050b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900200013202000470032000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c06200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f51400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b271d000000010000001000000054e2cd85ba79cda018fed9e6a863aa46030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e19000000010000001000000060e2dc65295f1062e558f3fef235ed3c2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 499418.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files (x86)\ClipGrab\clipgrab.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3808 wrote to memory of 924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3808 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download.clipgrab.org/clipgrab-3.9.10-dotinstaller.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1d5946f8,0x7ffc1d594708,0x7ffc1d594718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8

C:\Users\Admin\Downloads\clipgrab-3.9.10-dotinstaller.exe

"C:\Users\Admin\Downloads\clipgrab-3.9.10-dotinstaller.exe"

C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp

"C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp" /SL5="$A0030,1870827,1112064,C:\Users\Admin\Downloads\clipgrab-3.9.10-dotinstaller.exe"

C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\clipgrab-3.9.10-portable.exe

"C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\clipgrab-3.9.10-portable.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp

"C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp" /SL5="$2027E,73456979,791040,C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\clipgrab-3.9.10-portable.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe

"C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe" /install /passive /silent /norestart

C:\Windows\Temp\{F9B69CBD-FD6F-40FF-A630-43E9756E4C3B}\.cr\vc_redist.x86.exe

"C:\Windows\Temp\{F9B69CBD-FD6F-40FF-A630-43E9756E4C3B}\.cr\vc_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe" -burn.filehandle.attached=724 -burn.filehandle.self=676 /install /passive /silent /norestart

C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Program Files (x86)\ClipGrab\clipgrab.exe

"C:\Program Files (x86)\ClipGrab\clipgrab.exe"

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -v quiet

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -formats

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6000 -ip 6000

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 1900

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6000 -ip 6000

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files\McAfee\Temp1323362894\installer.exe

"C:\Program Files\McAfee\Temp1323362894\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 992

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\clipgrab.exe

"C:\Program Files (x86)\ClipGrab\clipgrab.exe"

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -v quiet

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -formats

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=9868791293719838087 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=9868791293719838087 --renderer-client-id=2 --mojo-platform-channel-handle=2352 /prefetch:1

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=1275843910289792722 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=1275843910289792722 --renderer-client-id=3 --mojo-platform-channel-handle=2844 /prefetch:1

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=10687016123077154597 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=10687016123077154597 --renderer-client-id=4 --mojo-platform-channel-handle=2908 /prefetch:1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=1297045078064382976 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=1297045078064382976 --renderer-client-id=2 --mojo-platform-channel-handle=2364 /prefetch:1

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp --version

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=4695977709538547445 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=4695977709538547445 --renderer-client-id=3 --mojo-platform-channel-handle=2984 /prefetch:1

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp --version

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" --version

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=8531023490097758893 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8531023490097758893 --renderer-client-id=4 --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=292854872331461388 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=292854872331461388 --renderer-client-id=5 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp -J ytsearch16:\"creo\" --yes-playlist --flat-playlist

C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe

"C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=12530503706022409873 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=12530503706022409873 --renderer-client-id=6 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp -J --no-playlist https://www.youtube.com/watch?v=IDaP8LeYsrk

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -bsfs

C:\Program Files (x86)\ClipGrab\python\python.exe

"C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp --newline --no-playlist --no-mtime -o C:/Users/Admin/AppData/Local/Temp/cg-youtube-dl-%(id)s-%(format_id)s.%(ext)s -f 270+140 https://www.youtube.com/watch?v=IDaP8LeYsrk

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -bsfs

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"

C:\Program Files (x86)\ClipGrab\ffmpeg.exe

ffmpeg -y -loglevel repeat+info -i file:C:\Users\Admin\AppData\Local\Temp\cg-youtube-dl-IDaP8LeYsrk-270+140.f270.mp4 -i file:C:\Users\Admin\AppData\Local\Temp\cg-youtube-dl-IDaP8LeYsrk-270+140.f140.m4a -c copy -map 0:v:0 -map 1:a:0 -movflags +faststart file:C:\Users\Admin\AppData\Local\Temp\cg-youtube-dl-IDaP8LeYsrk-270+140.temp.mp4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8827313983496077344,17086923293025947148,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5872 /prefetch:2

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

/updateInstalled /background

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 download.clipgrab.org udp
DE 92.205.197.54:443 download.clipgrab.org tcp
US 8.8.8.8:53 54.197.205.92.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 d1g2dvgwts5bro.cloudfront.net udp
BE 18.239.190.175:443 d1g2dvgwts5bro.cloudfront.net tcp
US 8.8.8.8:53 175.190.239.18.in-addr.arpa udp
BE 18.239.190.175:443 d1g2dvgwts5bro.cloudfront.net tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 52.39.34.155:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 155.34.39.52.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 2.18.190.76:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 76.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
GB 2.18.190.76:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 home.mcafee.com udp
GB 23.214.142.196:443 home.mcafee.com tcp
US 8.8.8.8:53 clipgrab.org udp
DE 92.205.197.54:443 clipgrab.org tcp
US 52.39.34.155:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 196.142.214.23.in-addr.arpa udp
US 8.8.8.8:53 clipgrab.org udp
DE 92.205.197.54:443 clipgrab.org tcp
US 8.8.8.8:53 tracking.vanbittern.com udp
DE 195.201.99.9:443 tracking.vanbittern.com tcp
US 8.8.8.8:53 9.99.201.195.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
DE 92.205.197.54:443 clipgrab.org tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 2.18.190.79:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 manifest.googlevideo.com udp
GB 142.250.179.238:443 manifest.googlevideo.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 142.250.179.238:443 manifest.googlevideo.com tcp
GB 142.250.179.238:443 manifest.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-aigzrn7z.googlevideo.com udp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
US 8.8.8.8:53 103.135.194.173.in-addr.arpa udp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
US 8.8.8.8:53 92.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 99.57.26.184.in-addr.arpa udp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.103:443 rr2---sn-aigzrn7z.googlevideo.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_3808_MBYWTJUYEVTDKLRD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc5414ddb0bf0d6abc1c51f07bd68606
SHA1 9cecae9f9de61cf30b1baf3f267f69c555dfe483
SHA256 e5d6e8b7ac148d815d0c6b4a8dba32bd5c29cb8bdb47b9b48ad521b90204c51d
SHA512 a5b0aa7b7263431cbd8f4e9a982ab648d7ff08aacafdf3740c1145cd2272ff33d7505ceaa767c5116b91075b26e492cb8ecbd7a258f403fbb02a27f36b680b85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\Downloads\Unconfirmed 499418.crdownload

MD5 d5351a9afa0356b886f609ff7f53603d
SHA1 7368de3db110e4398be3edd3afdd6bc48f7bb9fd
SHA256 e92c5cf7509dd9792fac8202fb08295dfc9e5f18663db81bf07990de1bc85893
SHA512 8c36c8ba6569eab077c25d2f7ec4da93eb660d7223fbc534b09aae663c858d4c4aa79d0b7cacec9da63f74daf3395e860eb22b2ae21df127a6c78b779bfd155f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d965041a086b0e600c9430e01b6d4cdc
SHA1 850adb002490af735d2a6eef0101c90499b0a8e2
SHA256 1cb74b5adcf5969ee944db5ce5f7dd91f1470fbb0a74d753280a4de46684f732
SHA512 2bd1112f69175779d2d573c593c438ba2ff564a8ee0270571636fe70499ac496ca3ed80858696c2127b7fff9c91cb4046361620f67cbe820e8b9da337a0aeae4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4370731b3df36fa6e21c16fed1fe2210
SHA1 125b9e58de966a3a735bdf7862d82ac421cc3e81
SHA256 a54681a2ad00cf029f071e1577286345c29f1b6f7623307859a41c167996789d
SHA512 7c9f3a49ab9ce13ee7c2a1484986a38d500d51782f8aabf1163ad3cfbe78194006678b1842b44b53f17fd59f77ccbd7b73e816a1edbf1466b05206da4d90b1d0

memory/5888-98-0x0000000000400000-0x000000000051D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-TGSJQ.tmp\clipgrab-3.9.10-dotinstaller.tmp

MD5 dfb84f0b32159220a4a1465628b5a751
SHA1 efe579c8abc58197846cc1cf236d0d47c63adcd8
SHA256 527b0d6950701702b71588d925210bfa0abd545d64f4522771a0f6c57d90dbfe
SHA512 e2eafd9c381ee644e01e5c2ae25a7e36d20843ccf87e6b5015aba7756e43dd4986cc394e741b1bfdc3e6ea6ff80ef947ef53fd7299dfbe61649db38f0d2d4e16

C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\zbShieldUtils.dll

MD5 b83f5833e96c2eb13f14dcca805d51a1
SHA1 9976b0a6ef3dabeab064b188d77d870dcdaf086d
SHA256 00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401
SHA512 8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb

memory/6000-127-0x0000000004C80000-0x0000000004DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\loader.gif

MD5 f23a523b82ad9103a9ac1dcc33eca72f
SHA1 5363bb6b51923441ef56638576307cc252f05a71
SHA256 59853c413b0813ded6f1e557959768d6662f010f49884d36b62c13038fac739c
SHA512 514ec63f7ed80d0708f7e2355fad8a558b4dcf2d0122ff98fe7c3ca1f40e7cd04e8869ca7a3b95622c0848c0d99306d7e791b86ca69b9e240beae959ca6285be

C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\WebAdvisor.png

MD5 4cfff8dc30d353cd3d215fd3a5dbac24
SHA1 0f4f73f0dddc75f3506e026ef53c45c6fafbc87e
SHA256 0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856
SHA512 9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

memory/6000-132-0x0000000004C80000-0x0000000004DC0000-memory.dmp

memory/5888-133-0x0000000000400000-0x000000000051D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b40ddce2da470f1f321b6935337a1efb
SHA1 dd499013229ad0df8fd49ca622b35378600241af
SHA256 1d454015df3f05bcef7ac34c2c8e269dd973b2efc4be2a0056d09c9aa5e32b32
SHA512 aa06b052e0a90832d1d32ca1bbaaa538fe4e4419d0f8ac6d4173b739c0566118b448a9b4e52e315c139bfbc6e191dda58945b969ef7d089530f79d70323c815c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d5b33e16a8145a6e00b849f31eaee6b8
SHA1 1f3060e3ba0450b09cfc6624cf5bf80367604bf7
SHA256 06377d4607057f1011545165877b6496f96f46b296071ac2abe9862c4d60bbb9
SHA512 300f84e4bedbebfbe4948ead9bd10f7aab45936f655028e866f286c5c3f793a255a93a01e514bbd9b1c101704873241775ea1314a32364e0169270d2dead0d78

memory/6000-152-0x0000000000400000-0x0000000000758000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\AVG_AV.png

MD5 aee8e80b35dcb3cf2a5733ba99231560
SHA1 7bcf9feb3094b7d79d080597b56a18da5144ca7b
SHA256 35bbd8f390865173d65ba2f38320a04755541a0783e9f825fdb9862f80d97aa9
SHA512 dcd84221571bf809107f7aeaf94bab2f494ea0431b9dadb97feed63074322d1cf0446dbd52429a70186d3ecd631fb409102afcf7e11713e9c1041caacdb8b976

memory/6000-156-0x0000000004C80000-0x0000000004DC0000-memory.dmp

memory/5516-166-0x0000000000400000-0x00000000004CE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-I3T4M.tmp\clipgrab-3.9.10-portable.tmp

MD5 8dcfbb299a19324bf353d70d7076bcbe
SHA1 aa8dd54f42f053ebe93785ba61f6a387f8afc56b
SHA256 1d71e2022fa2abae4c1e63dc7df8d65d0c1193516bca28c5eaf3817284182e30
SHA512 29bf4c7d28caa4dea9c5eea903484c951f7dbd3853afc9276553d389f65f5a470a71e4d800564d1008442b768da6fe614bf5cfd8a36546e77eb6181b782015d3

memory/6000-172-0x0000000000400000-0x0000000000758000-memory.dmp

C:\Program Files (x86)\ClipGrab\clipgrab.exe

MD5 2fb391076899d2e446037f04139188da
SHA1 6df3ba9fd3356e82ad89e1fc05469c4190ac8d94
SHA256 47c6eecee0aca421478ef6ba8d245e0cf37997061540644c0d0720da36e20f38
SHA512 ab2edcf28a74370eb1eb1d01035622bb4e500b58bc4fdd556802099707b049ff8ce50003d362054a31363093b244a2dcf01c5746dd781105104416a77469b565

C:\Users\Admin\AppData\Local\Temp\is-6DEJ6.tmp\vc_redist.x86.exe

MD5 310f8aadd8055f8b8eba1a6528be7d10
SHA1 3ee9622151e4b50837fcdfac1b085430f0181f4e
SHA256 54ad46ae80984aa48cae6361213692c96b3639e322730d28c7fb93b183c761da
SHA512 2872a30939f7ee20b494806574cf5b8b5a0976f8fe69bdbd77dde2483ce2a9e5458ff3636147e49a449e941a44ca2d79239e3da62fddb69fc5bced8ee1004ee5

C:\Windows\Temp\{F9B69CBD-FD6F-40FF-A630-43E9756E4C3B}\.cr\vc_redist.x86.exe

MD5 9df0848b2753e9255f1a6b4cdc9a5a3e
SHA1 051469cd9e786b720ef6b70c35a1e184a643f520
SHA256 59089badd61acb47a07748c9018d3a959cf58f07de9902b0c45dffae3e566090
SHA512 518a78e77515b2fb21c5f66a760473a1f8ab5050e9bc65a4715ab178e568079f11f65fc173db59dd021b69fe0b606c42e50bf5f09a34ba2009a7b71e88033452

C:\Windows\Temp\{8E356B6B-3395-48F3-90E3-751B9BEE846B}\.ba\1055\license.rtf

MD5 f1a281f74d3e91d16dd26d1f313cd8a9
SHA1 ddb2ca9032c5a9c091eac53b679f6ba428077b00
SHA256 f79108a254f876e0f6bbcb05a9effbe25dc252e7ea256bfe3fd28ceb79737f25
SHA512 484c5ca26275427e1fb74d3217a22a0e4aac409aba973e78d7ad68834e7ad1d86c7855d34b227925200f941d288dfc09477b2d7dfe0856810c6c847297b8d625

C:\Windows\Temp\{8E356B6B-3395-48F3-90E3-751B9BEE846B}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{8E356B6B-3395-48F3-90E3-751B9BEE846B}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

memory/5576-422-0x0000000000400000-0x0000000000685000-memory.dmp

memory/5516-423-0x0000000000400000-0x00000000004CE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0.zip

MD5 f68008b70822bd28c82d13a289deb418
SHA1 06abbe109ba6dfd4153d76cd65bfffae129c41d8
SHA256 cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589
SHA512 fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253

C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

memory/6000-459-0x0000000004C80000-0x0000000004DC0000-memory.dmp

memory/6000-460-0x0000000000400000-0x0000000000758000-memory.dmp

C:\Program Files (x86)\ClipGrab\Qt5WebEngineWidgets.dll

MD5 9c30ad3a2ba28362ac506f50221e881d
SHA1 02497e8d0544d91318a2b6619b7c154cebee1073
SHA256 ce773742d6d80df75e9e462bd38bf237508541b3243dad57c48b4eb24f4ff3f1
SHA512 50bb8ac0f02bebe6aaa09554bfe8dd575681810239edeeb696b8170a8f4c3457a4ff3bf2e7ad9ed1b6a6c54f81201988c8e347f1fbff4e2ea2d348a72ca9aa70

C:\Program Files (x86)\ClipGrab\Qt5QuickWidgets.dll

MD5 42ce360f532e7e835ee94ee1226e1c19
SHA1 6c596c32575f081c86524742fcb11aa5e44ad213
SHA256 6b12b555d3bc465e106a26603b4bead895134ecd90b3201773415eab64cc69ac
SHA512 8f2772be5a6e375f06439f58c4b26277f93b8b777c950640c4699de6e0b0a99f7f33ebc6eac4b3a87a1e1b644c573b7ae5de9289d399fa41d732867c1bf95508

C:\Program Files (x86)\ClipGrab\Qt5Positioning.dll

MD5 92aa5c44793603758874f87ecc5c88ce
SHA1 f368193467f61e0edb4864422085e70770c88d76
SHA256 798cc99af70288093bfd09a5addfd55a80f9652e7dc79f0b51f7760c47de2c9e
SHA512 459b97983c236ad76438615dad7174aa64561c9a0d9fcda7f290411237d97411f503d2dbb2d90f0c61fc229a872971a96ab61bf7b9bfb8b1ea840f4621d10910

C:\Program Files (x86)\ClipGrab\Qt5Qml.dll

MD5 b92764b31b080972ad0682a0ba794db1
SHA1 a4b3b253da4078a0b9d536873a6e79a4ba070ad2
SHA256 4706a5ef8f1092da9d60af8722546ce8f23c98db7450c3f72521d4651aeb2a52
SHA512 077c7c285c038cec271fe21a2b77eaadf3ec7d6a288d24234d6e351bead294b7bb903ea2759cb852d8e3d0354fbac926292639375d82d4dbeb85e4c515ef4369

C:\Program Files (x86)\ClipGrab\Qt5Gui.dll

MD5 c8bb97d7265ae7327eab7432c6496cf3
SHA1 c8ecab5cc7872a08ebb81edd00e95db85d56d6b5
SHA256 bd149755a4b0b7d721f9a355717855f488b16d8cbe177d0d88d9990359f5d4d5
SHA512 ec8c71336ff97e54252b3f8558a0471f8a14821ae91f90a32f1e9284eddfba6106d85eff25d5cf19d5273acaedb9ec23daf84e273ec0d6939e3c694e5da47085

C:\Program Files (x86)\ClipGrab\libGLESV2.dll

MD5 02c59344a65e9893d7d2d0d79b570429
SHA1 d07d73aab1beaeeef57c03330add64afa5f20160
SHA256 adba2649650fa580fb301b69a74aa4ad0b8796a6b35179ff0a938be510db1b7d
SHA512 222ffdb94f4df18d25e5d77cb76ff95c0704dbd696796880bdc7c23c930546435ac5060233f3be9a5b2c058a721c15ffc542b9ba84aafe28dfc77498037f21df

C:\Program Files (x86)\ClipGrab\libEGL.dll

MD5 55813372944c5acaca0e38c22902a6e6
SHA1 8c3fbdcacecc971aac8823a52eb83082669220a3
SHA256 fc219ad27720cfb1b223d748c1b5bdd78886235f4254bfe8e0adaf168c7e9849
SHA512 73f504a1f7cda4082f370387304db701672d95409886362dd70f8599fc17a5b577d2b37dd8f012cecb6d6dffe4321906c2a07cdd7e12e2d31bb9df0fb2e97a7f

C:\Program Files (x86)\ClipGrab\platforms\qwindows.dll

MD5 b190c721612ac9d169f8b3a8f8b48a29
SHA1 206442dd161e878f1a6f83f3ebdb9208b56abfff
SHA256 ccb562f817d7015c78da4098bc576e7eaf3df1ebd55afb58d75f12dace9c761f
SHA512 951bc91302fcb1a28b7093f6867b379a90188733cec329efedb465ae27ae1a526a2d5f997816b26ed123d2401a9aa2854d26a003a65318f50e3a695d7948f6b7

C:\Program Files (x86)\ClipGrab\Qt5WebChannel.dll

MD5 2a65f4f49a88417222bcf109b59247ef
SHA1 a165ff1b21ff45c11783b63f2f4e9f270f84f05e
SHA256 632a5d720f3f6371721f94e4665ac13988afde722d155aaa5364a27cbd46d3ac
SHA512 c260fdb3454994e15582feec31b63e8418c9b1d705ee06ac09aa4ac77782ac79f722c9c883714e462ef919834ddd569ea7fff2b7d616a2b210966013c8ad9add

C:\Program Files (x86)\ClipGrab\Qt5Network.dll

MD5 08b5fcf0369a4923befb05a3e7b91998
SHA1 4d44449f027120d59bd0c9725dcfe02102acc82e
SHA256 de3ef3d9ac16b03a6da9cc076bba081142ccd4a306777b6d1bbaa60980e20723
SHA512 629a3c3b3fd6c36a0a9ec93bbd325bd78e5044279720a32eb79041b08989f575c99992f352d710c167b79c19498fa002ae85afbb080302fb001ed0b44465eb06

memory/1668-499-0x00000000008B0000-0x000000000450C000-memory.dmp

C:\Program Files (x86)\ClipGrab\Qt5Widgets.dll

MD5 db7034b133d238447a6f3704b65bbceb
SHA1 c834d45162f38f461a8eafe737301eb22056e913
SHA256 53d9f928141382a5ef60039562b200e03d18e8720f16fb0ee8072b45e94202a7
SHA512 837b7e675b752c372973ecb4a53de568fc087e5f3896916614d504405a0a1ae78d1be59f173c2a0b28b4b139924736208de2eb6ee767c78894b7834fae9bf9f1

C:\Program Files (x86)\ClipGrab\Qt5Core.dll

MD5 357cf7f517757f0689030f196dd7edc0
SHA1 248ae43e160e80c81718a9f26544be4e535cf20a
SHA256 fd3dd9dcc286e6d36cb7b3fc90c8f7f683d2e9eb449e0433af70118e726d3fe1
SHA512 f938d4e81c46bb2d4cea587a9040e6a9eac44942654e07f6b17b3e4d27d31d03b3b5226004a2e981e6c9eaf0c2faf42957607f278c9978f6033c901c93217b7f

C:\Program Files (x86)\ClipGrab\Qt5PrintSupport.dll

MD5 c9d5c7d715bbf74c31aab14893698778
SHA1 ee62edb71acb9eda4cb5f213a0b94940b972d7b3
SHA256 12717098b4d3f5f09ec19d091d1beb26d6df35e586bee511b9138be42d644e4a
SHA512 ee67880a737d1ec7c14cf84f20994bd34d8c8e39fc1763b634c311bc200ab6153f2f6760b217517a6190ccdf8076f4f9055062a011b3115c653c0ae4c5837330

C:\Program Files (x86)\ClipGrab\Qt5Quick.dll

MD5 7a517d5ee706c979876b97c789be8968
SHA1 7efc77f592389f94aa6980ecd3da7d39c960765f
SHA256 beb08a06b24ae1668441d47fbd434daa40ef6c4c45963351a0a6acdcd550bc31
SHA512 2656d980b31c5f6c34fae8b9ea719c06481195af6ff8b93a6297cae74783a2eaf6b808d539add7a1490e159ee19d2889308adb48491d719097d5459a7f798287

C:\Program Files (x86)\ClipGrab\Qt5Xml.dll

MD5 fd0f95e872b99b61f0b7276e0ff76c28
SHA1 a90b20be2f436362782ac18182637f8dca1e9719
SHA256 9150d32aa158f9c555cc3b845fc8f776684f11ec014b47a96d498faad67e7a31
SHA512 25a4e5d74315f64171c16929da0fa049db9dd835cb912e2909bf442fc6383a424cdd52aec58c6eb6d335697651deff16f688ecac8c11310a1fe7383996bdcd94

memory/4748-506-0x00000000008B0000-0x000000000450C000-memory.dmp

memory/6000-523-0x0000000000400000-0x0000000000758000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-8T3D4.tmp\prod0_extract\installer.exe

MD5 f67236c6db8c7def8172b9cd9e3c9922
SHA1 e972b87c313496ea40d8719dfed4089d4334299f
SHA256 427ee14cd3271c7f06bb614e9f7e017c2d7406616be15bd0848ad7e45990fa9d
SHA512 29e3a906049640796a426dfab3e0671649d066728d2c9882cdc0b02e1dc906d62991e929736eca6268a71223a86ef228df9739494f70de3458641dc992a4364c

memory/5188-680-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-679-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-678-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-677-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-681-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-683-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-682-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-684-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-685-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-687-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-686-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-689-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5888-695-0x0000000000400000-0x000000000051D000-memory.dmp

memory/5188-705-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-701-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-700-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-699-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-698-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-697-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-696-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-694-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-692-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-690-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-707-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-717-0x00007FF7F65B0000-0x00007FF7F65C0000-memory.dmp

memory/5188-708-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-710-0x00007FF82ADE0000-0x00007FF82ADF0000-memory.dmp

memory/5188-706-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-704-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-703-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-702-0x00007FF825BC0000-0x00007FF825BD0000-memory.dmp

memory/5188-747-0x00007FF817920000-0x00007FF817930000-memory.dmp

memory/5188-742-0x00007FF7CBB40000-0x00007FF7CBB50000-memory.dmp

memory/5188-726-0x00007FF7CBB40000-0x00007FF7CBB50000-memory.dmp

memory/5188-718-0x00007FF81C3E0000-0x00007FF81C3F0000-memory.dmp

memory/5188-810-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp

memory/5188-808-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp

memory/5188-802-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp

memory/5188-800-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp

memory/5188-790-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp

memory/5188-788-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp

memory/5188-776-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp

memory/5188-755-0x00007FF825F90000-0x00007FF825FA0000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 37bdff817971b6660f58af56788f0b1a
SHA1 31f2bbd305efe1cc5924b7e1d5fa88ccf174cd60
SHA256 1b3e166ad57165a0c817880b70b3561084455136bf13397acbc0c909009d80cf
SHA512 17cfedb1ac07152fa4ecb20f893d22e755e190f2fa804a00938f3c0399951ad16a9b41bfe21b6830b272b24b54961af12ccb53933a45a13583d43fb85df4e3f6

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 f437d23f32f44c96619a11218010beae
SHA1 d199488c276da865fb10b4c2916c319d72da1e33
SHA256 b5e823767f65a09cac9b911355aceb6eefd3e5dcdf0e478387c1b86b0412369a
SHA512 970803613d4ea7fc0a438b9087d9b6affcfa25ed2b91dd65f68c2d74b16f0a69e2c0628448de8eb2b04d423c02243c9eecd4c3dcb89b5c920a7e66b14d4056bf

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 706883dc663c12dfa0f5aa1342671a73
SHA1 5421f6e9705e2bc75d1341f38c69e42d05eeba0c
SHA256 48274896eded305fe3254f86dbb3f0f7322c9020462f4e07de090d2ab3559ed9
SHA512 677f0cbef32e974c4e1768cff5e4279ff210c983501eca881d8228f3af0afa699388aa6e376bfabd305bca0788989673fc2d055f18899b324b389990deaa8782

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 f2aa1ca29a122342d0e8a0d2d706bf1d
SHA1 c6c874d115634bd451a53092980ad531f35f0c4a
SHA256 f20e6928534e5eeebbce2bfbbd23a2677bbc8f0b52d5d76d359d83ec1e08285b
SHA512 b1ce47d67e78f13890bab7cd5d8b71f51ca515cbfac138ef1065c7e3e746382cf9c35e4531334cf24572da7be1c049eff1707bceafac870773e01b0b614f16fd

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 a98ca243087b9f38e1b74aa54149ec29
SHA1 929d818ce6d66b9a26f528e17bccf09cb8f11a6c
SHA256 a1bf8aebdb781933a37af2392a34972267aea8d047dfdc639d0b75180a8d5102
SHA512 90d2b68534b6544f56f6ac96fea2edbc55a6d1e53fdecec0db5869b00a8ef6174ffdd029d391b4db1cfc4a6235ed54b20c9d1d7e9e0600612fa980388266643e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1a0c0ec4f9931a54b49eb975121f3bd7
SHA1 5f7ec205fbe4b2d5057359fbb8d62cc6f34d676c
SHA256 dbbfa2209195c55b19cfe2a5ff0167e462d7c93570f45e23ea002de8856321b5
SHA512 56300ab2175459426e89dc6ed8387852dea9d9ba857753b6917d24c11cddfd9c4447ca583b14f456e5302668c204dcdb423583c1a9412e4a4ff45131221036be

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 23aa88af8728eac8919ef7d12a2f1aeb
SHA1 eb27330c7d9eb4de42205a1913410c1647a68d72
SHA256 d1416b0c115d13bbd7bb9af192a45ef873848306198400913f4ba2e8f2dd9cbe
SHA512 5f540a0c3f1c8ae688bbc161e568c41c3f549ccc028a05f5d8dba079144b8c8bce3ee4416e084da4046528375cacb28941aa5ad7ba0ee2f0b4b944d00bc97897

C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt

MD5 813095a1a85b1aed6a7a66a602abd34f
SHA1 e0bcb72f922c6c006a9a4bd1d8213725694350d2
SHA256 d313d92bc808a886c57192ed96aeac94f82823fcbbdfaa6bfad5307e035c1b68
SHA512 5744dc3059b0423864315e57ae92c80d78acb4a795050fda404fb17d5a8cfcf2d7d04e2b036dc819ddc4626f355c0cc54de19070b6737d19ff48c44a9aa1b8c9

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json

MD5 e516a60bc980095e8d156b1a99ab5eee
SHA1 238e243ffc12d4e012fd020c9822703109b987f6
SHA256 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA512 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPUS7TYC\update100[1].xml

MD5 53244e542ddf6d280a2b03e28f0646b7
SHA1 d9925f810a95880c92974549deead18d56f19c37
SHA256 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d
SHA512 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62

C:\Users\Admin\AppData\Local\Temp\cg-youtube-dl-IDaP8LeYsrk-270+140.f270.mp4.part

MD5 33d3819f67b433ae81f68a05d833f1cc
SHA1 e6d1da67ace6b38424f38e9d74b5b0378c05859a
SHA256 a3e75b0a28801e8d7bf04a79ead21213fa3af7e58fcbf2571dbcb79581868d7c
SHA512 8edff9e150c72a786c6753ec18b53ef414bf4eacaf4e33a64d81ae7ccb8b8ee440a705a8bdedfd87dd35ff3e3076fe41bd3e7533567c4e07544a64f9868584b8

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 177ab9a20825884176aa5971a4af1e9e
SHA1 bdf86bd55c008bba5bbe33d5de457e822e5a318e
SHA256 3427adb07b94350f0a86d02636b13cc4fb08b21b7d5d6ce9ec8c4de60a61d0f5
SHA512 5c2a2f6c4eb3c629762dbc2019705387b2b2f81f97c8d90980b124ebc3c8f545008d4f6471e286b256be809ab6975375a99461e118ed6fd7f4a689ca2325201b

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

MD5 fb4aa59c92c9b3263eb07e07b91568b5
SHA1 6071a3e3c4338b90d892a8416b6a92fbfe25bb67
SHA256 e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9
SHA512 60aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini

MD5 d503f91c0326e6a03310d06a67690ac6
SHA1 4f0c48d527d35b2f6c09d936b88337b1cfede378
SHA256 910d63e68cf3e97668dafd9f443c7dde80c6b8b4fe678f81d4ddcc27ac8a49f5
SHA512 628ae169d6bbdd93c44f45abadbb2232b4d9678ca05fd4f7dec84c4f25ee73707b8eb5ba707fa1997d4dac262c7079a70ce670973f15880772fa2c3f736c1079

C:\Users\Admin\AppData\Local\Temp\tmp82B3.tmp

MD5 5b16ef80abd2b4ace517c4e98f4ff551
SHA1 438806a0256e075239aa8bbec9ba3d3fb634af55
SHA256 bbc70091b3834af5413b9658b07269badd4cae8d96724bf1f7919f6aab595009
SHA512 69a22b063ab92ca7e941b826400c62be41ae0317143387c8aa8c727b5c9ee3528ddd4014de22a2a2e2cbae801cb041fe477d68d2684353cdf6c83d7ee97c43d4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 cc04d6015cd4395c9b980b280254156e
SHA1 87b176f1330dc08d4ffabe3f7e77da4121c8e749
SHA256 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e
SHA512 d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe

MD5 c2938eb5ff932c2540a1514cc82c197c
SHA1 2d7da1c3bfa4755ba0efec5317260d239cbb51c3
SHA256 5d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665
SHA512 5deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

MD5 771bc7583fe704745a763cd3f46d75d2
SHA1 e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752
SHA256 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d
SHA512 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

MD5 b83ac69831fd735d5f3811cc214c7c43
SHA1 5b549067fdd64dcb425b88fabe1b1ca46a9a8124
SHA256 cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185
SHA512 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

MD5 72747c27b2f2a08700ece584c576af89
SHA1 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33
SHA256 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b
SHA512 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

MD5 e01cdbbd97eebc41c63a280f65db28e9
SHA1 1c2657880dd1ea10caf86bd08312cd832a967be1
SHA256 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f
SHA512 ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

MD5 09773d7bb374aeec469367708fcfe442
SHA1 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6
SHA256 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2
SHA512 f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

MD5 19876b66df75a2c358c37be528f76991
SHA1 181cab3db89f416f343bae9699bf868920240c8b
SHA256 a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425
SHA512 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

MD5 8347d6f79f819fcf91e0c9d3791d6861
SHA1 5591cf408f0adaa3b86a5a30b0112863ec3d6d28
SHA256 e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750
SHA512 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

MD5 de5ba8348a73164c66750f70f4b59663
SHA1 1d7a04b74bd36ecac2f5dae6921465fc27812fec
SHA256 a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73
SHA512 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

MD5 f1c75409c9a1b823e846cc746903e12c
SHA1 f0e1f0cf35369544d88d8a2785570f55f6024779
SHA256 fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6
SHA512 ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

MD5 adbbeb01272c8d8b14977481108400d6
SHA1 1cc6868eec36764b249de193f0ce44787ba9dd45
SHA256 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85
SHA512 c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png

MD5 57a6876000151c4303f99e9a05ab4265
SHA1 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794
SHA256 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4
SHA512 c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png

MD5 d03b7edafe4cb7889418f28af439c9c1
SHA1 16822a2ab6a15dda520f28472f6eeddb27f81178
SHA256 a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665
SHA512 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

MD5 2c7a9e323a69409f4b13b1c3244074c4
SHA1 3c77c1b013691fa3bdff5677c3a31b355d3e2205
SHA256 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2
SHA512 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

MD5 f4e9f958ed6436aef6d16ee6868fa657
SHA1 b14bc7aaca388f29570825010ebc17ca577b292f
SHA256 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b
SHA512 cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png

MD5 e593676ee86a6183082112df974a4706
SHA1 c4e91440312dea1f89777c2856cb11e45d95fe55
SHA256 deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb
SHA512 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png

MD5 13e6baac125114e87f50c21017b9e010
SHA1 561c84f767537d71c901a23a061213cf03b27a58
SHA256 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e
SHA512 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png

MD5 a23c55ae34e1b8d81aa34514ea792540
SHA1 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf
SHA256 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd
SHA512 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

MD5 552b0304f2e25a1283709ad56c4b1a85
SHA1 92a9d0d795852ec45beae1d08f8327d02de8994e
SHA256 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535
SHA512 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

MD5 22e17842b11cd1cb17b24aa743a74e67
SHA1 f230cb9e5a6cb027e6561fabf11a909aa3ba0207
SHA256 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42
SHA512 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

MD5 3c29933ab3beda6803c4b704fba48c53
SHA1 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c
SHA256 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633
SHA512 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png

MD5 1f156044d43913efd88cad6aa6474d73
SHA1 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26
SHA256 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816
SHA512 df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png

MD5 09f3f8485e79f57f0a34abd5a67898ca
SHA1 e68ae5685d5442c1b7acc567dc0b1939cad5f41a
SHA256 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3
SHA512 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png

MD5 ed306d8b1c42995188866a80d6b761de
SHA1 eadc119bec9fad65019909e8229584cd6b7e0a2b
SHA256 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301
SHA512 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png

MD5 d9d00ecb4bb933cdbb0cd1b5d511dcf5
SHA1 4e41b1eda56c4ebe5534eb49e826289ebff99dd9
SHA256 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89
SHA512 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png

MD5 096d0e769212718b8de5237b3427aacc
SHA1 4b912a0f2192f44824057832d9bb08c1a2c76e72
SHA256 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef
SHA512 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri

MD5 7473be9c7899f2a2da99d09c596b2d6d
SHA1 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac
SHA256 e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3
SHA512 a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml

MD5 5ae2d05d894d1a55d9a1e4f593c68969
SHA1 a983584f58d68552e639601538af960a34fa1da7
SHA256 d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c
SHA512 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe

MD5 9cdabfbf75fd35e615c9f85fedafce8a
SHA1 57b7fc9bf59cf09a9c19ad0ce0a159746554d682
SHA256 969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673
SHA512 348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

MD5 57bd9bd545af2b0f2ce14a33ca57ece9
SHA1 15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1
SHA256 a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf
SHA512 d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39