0cd705341453bcd20ea0d533a877d955858e63e3ac79113b3029ab2f2390a848

Analysis

max time kernel
138s
max time network
138s
platform
windows7_x64
resource
win7-en
submitted
06-09-2021 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CloverPortable_3.4.5_32_64_bit.paf.exe
Size

4.9MB
MD5

714866a057e7a1baca8163c477de1649
SHA1

0c51232413e20d2f1729acc495b83a24bd9c78ff
SHA256

0cd705341453bcd20ea0d533a877d955858e63e3ac79113b3029ab2f2390a848
SHA512

955f5f122f110b06183cbdd0eb5e6973aba343a098b02d3917324eb411edd04207c813c73be926d8ef1602b73ac1ab9c7c39efecd7fcdd1d3189e63a7b2b05bf

Score

10^/10

adware persistence stealer

Malware Config

Signatures

Registers COM server for autorun 1 TTPs
persistence

Registry Run Keys / Startup Folder
T1060
Executes dropped EXE 2 IoCs

Processes:

CloverPortable.execlover.exe

pid process

1196 CloverPortable.exe
108 clover.exe
Modifies Installed Components in the registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

pid	process
1196	CloverPortable.exe
108	clover.exe

Loads dropped DLL 18 IoCs

Processes:

CloverPortable_3.4.5_32_64_bit.paf.exeCloverPortable.exeregsvr32.exeregsvr32.execlover.exe

pid	process
1092	CloverPortable_3.4.5_32_64_bit.paf.exe
1092	CloverPortable_3.4.5_32_64_bit.paf.exe
1092	CloverPortable_3.4.5_32_64_bit.paf.exe
1092	CloverPortable_3.4.5_32_64_bit.paf.exe
1092	CloverPortable_3.4.5_32_64_bit.paf.exe
1092	CloverPortable_3.4.5_32_64_bit.paf.exe
1196	CloverPortable.exe
1196	CloverPortable.exe
1196	CloverPortable.exe
1196	CloverPortable.exe
1892	regsvr32.exe
536	regsvr32.exe
1280
1196	CloverPortable.exe
108	clover.exe
108	clover.exe
108	clover.exe
108	clover.exe

Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
stealer adware

Modify Registry
T1112

Browser Extensions
T1176
Drops file in Program Files directory 1 IoCs

Processes:

clover.exe

description ioc process

File opened for modification C:\Program Files (x86)\Clover\CloverInfo.ini clover.exe
Drops file in Windows directory 1 IoCs

Processes:

clover.exe

description ioc process

File opened for modification C:\Windows\ clover.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Program Files (x86)\Clover\CloverInfo.ini	clover.exe

description	ioc	process
File opened for modification	C:\Windows\	clover.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca0000000002000000000010660000000100002000000003150e11445796bb90b82d6baee63e6e354727d1a0637bb1c3ba53895d22b79d000000000e80000000020000200000001fd03d47327e51c652ab33823a8e177a2367e97b4eefaeab502090b7482f9c13900000001c9015fb7aa5a4f8751d8e2be53ea200f99b265ffca33f28fb4d1c8b89730cbc083efcbbac324e24df8484bfd84c965d92b617c56224b54cc47e35537537600d7fcec88fb94434753a4c511f77bcd4bee37b447b4391cb8f86eab645dbba91e02c4d886a296b7a7a0a13d573f2b2b2b1f1ecf547662b9686d109eb66308fb0f54043c22c7ce7e1fc0dda958327dc1a5d4000000021ecebc9f405845243a07c656514bf86dd2f5f0ba3ad069baf058e1ed28591c893dd328daa398aff1a28acd5b2696655ca89a4a4b9854e25306f45517ed888f0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4E9B191-0EDF-11EC-A26A-524906888AEE} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca00000000020000000000106600000001000020000000eef00535d4f6e19947c7634b19a74261ecb6f54f1c0bc67274346c413117a08b000000000e8000000002000020000000f60fc8bed8ae68c053160c0eb4750d046ff838bf17be4bb37fc349f3a3c6525220000000c0c7222f7baec6482426b51b45f75a2871dd0a07379ba5826360056b5249ecbe40000000cf6b06015b717649e4dec49c081f9df0e5662266bfd688f6f9da944b14aff0356adca8d8790a69c848a2e6f6ee772d2b6bdd4773c3cf587d03730f2a99bfbd51	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 105937baeca2d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Modifies registry class 50 IoCs

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TabHelper.ExplorerWatcher.1\ = "ExplorerWatcher Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TabHelper.ExplorerWatcher	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{63F1F5B5-238F-4205-B166-D1BF6E351BDC}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\ = "IExplorerWatcher"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TabHelper.ExplorerWatcher.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TabHelper.ExplorerWatcher\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TabHelper.ExplorerWatcher\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\VersionIndependentProgID\ = "TabHelper.ExplorerWatcher"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{63F1F5B5-238F-4205-B166-D1BF6E351BDC}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{63F1F5B5-238F-4205-B166-D1BF6E351BDC}\1.0\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\TypeLib\ = "{63F1F5B5-238F-4205-B166-D1BF6E351BDC}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{63F1F5B5-238F-4205-B166-D1BF6E351BDC}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{63F1F5B5-238F-4205-B166-D1BF6E351BDC}\1.0\ = "TabHelper 1.0 ÀàÐÍ¿â"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TabHelper.ExplorerWatcher\CLSID\ = "{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\InprocServer32\ = "C:\\clover\\CloverPortable\\App\\Clover\\TabHelper64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{63F1F5B5-238F-4205-B166-D1BF6E351BDC}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{63F1F5B5-238F-4205-B166-D1BF6E351BDC}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{63F1F5B5-238F-4205-B166-D1BF6E351BDC}\1.0\HELPDIR\ = "C:\\clover\\CloverPortable\\App\\Clover"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\TypeLib\ = "{63F1F5B5-238F-4205-B166-D1BF6E351BDC}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3D8758D6-6EEF-453D-B910-391ABFFFD326}\ = "TabHelper"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{63F1F5B5-238F-4205-B166-D1BF6E351BDC}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\TabHelper.DLL\AppID = "{3D8758D6-6EEF-453D-B910-391ABFFFD326}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\ = "IExplorerWatcher"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{63F1F5B5-238F-4205-B166-D1BF6E351BDC}\1.0\0\win64\ = "C:\\clover\\CloverPortable\\App\\Clover\\TabHelper64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3D8758D6-6EEF-453D-B910-391ABFFFD326}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\TabHelper.DLL	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TabHelper.ExplorerWatcher.1\CLSID\ = "{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TabHelper.ExplorerWatcher\ = "ExplorerWatcher Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\ = "ExplorerWatcher Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\TypeLib\ = "{63F1F5B5-238F-4205-B166-D1BF6E351BDC}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TabHelper.ExplorerWatcher.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TabHelper.ExplorerWatcher\CurVer\ = "TabHelper.ExplorerWatcher.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\ProgID\ = "TabHelper.ExplorerWatcher.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD448767-930B-442A-9F4D-EF9AA999C4E8}\ProxyStubClsid32	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

CloverPortable_3.4.5_32_64_bit.paf.exeCloverPortable.execlover.exe

pid	process
1092	CloverPortable_3.4.5_32_64_bit.paf.exe
1092	CloverPortable_3.4.5_32_64_bit.paf.exe
1196	CloverPortable.exe
108	clover.exe
108	clover.exe
108	clover.exe
108	clover.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

CloverPortable_3.4.5_32_64_bit.paf.execlover.exe

pid process

1092 CloverPortable_3.4.5_32_64_bit.paf.exe
108 clover.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	628	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	628	AUDIODG.EXE
Token: 33	628	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	628	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

CloverPortable_3.4.5_32_64_bit.paf.execlover.exeiexplore.exe

pid process

1092 CloverPortable_3.4.5_32_64_bit.paf.exe
108 clover.exe
108 clover.exe
108 clover.exe
392 iexplore.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

regsvr32.exeiexplore.exeIEXPLORE.EXE

pid process

536 regsvr32.exe
392 iexplore.exe
392 iexplore.exe
1364 IEXPLORE.EXE
1364 IEXPLORE.EXE
1364 IEXPLORE.EXE
1364 IEXPLORE.EXE

pid	process
536	regsvr32.exe
392	iexplore.exe
392	iexplore.exe
1364	IEXPLORE.EXE
1364	IEXPLORE.EXE
1364	IEXPLORE.EXE
1364	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

CloverPortable.exeregsvr32.exeiexplore.exe

description	pid	process	target process
PID 1196 wrote to memory of 1892	1196	CloverPortable.exe	regsvr32.exe
PID 1196 wrote to memory of 1892	1196	CloverPortable.exe	regsvr32.exe
PID 1196 wrote to memory of 1892	1196	CloverPortable.exe	regsvr32.exe
PID 1196 wrote to memory of 1892	1196	CloverPortable.exe	regsvr32.exe
PID 1196 wrote to memory of 1892	1196	CloverPortable.exe	regsvr32.exe
PID 1196 wrote to memory of 1892	1196	CloverPortable.exe	regsvr32.exe
PID 1196 wrote to memory of 1892	1196	CloverPortable.exe	regsvr32.exe
PID 1892 wrote to memory of 536	1892	regsvr32.exe	regsvr32.exe
PID 1892 wrote to memory of 536	1892	regsvr32.exe	regsvr32.exe
PID 1892 wrote to memory of 536	1892	regsvr32.exe	regsvr32.exe
PID 1892 wrote to memory of 536	1892	regsvr32.exe	regsvr32.exe
PID 1892 wrote to memory of 536	1892	regsvr32.exe	regsvr32.exe
PID 1892 wrote to memory of 536	1892	regsvr32.exe	regsvr32.exe
PID 1892 wrote to memory of 536	1892	regsvr32.exe	regsvr32.exe
PID 1196 wrote to memory of 108	1196	CloverPortable.exe	clover.exe
PID 1196 wrote to memory of 108	1196	CloverPortable.exe	clover.exe
PID 1196 wrote to memory of 108	1196	CloverPortable.exe	clover.exe
PID 1196 wrote to memory of 108	1196	CloverPortable.exe	clover.exe
PID 392 wrote to memory of 1364	392	iexplore.exe	IEXPLORE.EXE
PID 392 wrote to memory of 1364	392	iexplore.exe	IEXPLORE.EXE
PID 392 wrote to memory of 1364	392	iexplore.exe	IEXPLORE.EXE
PID 392 wrote to memory of 1364	392	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\CloverPortable_3.4.5_32_64_bit.paf.exe
"C:\Users\Admin\AppData\Local\Temp\CloverPortable_3.4.5_32_64_bit.paf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1092

C:\clover\CloverPortable\CloverPortable.exe
"C:\clover\CloverPortable\CloverPortable.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1196

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe /s "C:\clover\CloverPortable\App\Clover\TabHelper64.dll"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1892

C:\Windows\system32\regsvr32.exe
/s "C:\clover\CloverPortable\App\Clover\TabHelper64.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:536

C:\clover\CloverPortable\App\Clover\clover.exe
"C:\clover\CloverPortable\App\Clover\clover.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:108

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\clover\CloverPortable\help.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:392

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:392 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:628

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\clover\CloverPortable\App\AppInfo\Launcher\CloverPortable.ini
MD5
8ccc261d861e929baa1e996042f39faa

SHA1
5d09011fc1b86d3ea941d7a0199a6b4c1511020b

SHA256
eed750f6bed913966afc1dcbec72b300de0fa215615cc00cad07ff0d5f74b989

SHA512
c4a686410d87b7c4a1cc3dca4c6cc768f3791eb7e8569f2a9cec5849499a2067b7d3b939f60d1a4d78e80cced59da0708fe5cca4845932e99a8deba4afc2690d

Download Submit
C:\clover\CloverPortable\App\AppInfo\appinfo.ini
MD5
72285d66f1e73e1b47ead92298069eaa

SHA1
d0a2bed1ff3e126b6692bb0226b1b4329d0860a5

SHA256
f3ca78a94372d85b22d61a4ffaa8c01fcc2accd3dd4e5e59cb213190c64e1ef3

SHA512
019e1f021b83964b151ab4ecc1b1103348ed08ab86c82dc1bd3f3448e57feb1cef06b0c1752369c58b87d18c92f067bf7b7f9a04cd0f1879e538a405e849d282

Download Submit
C:\clover\CloverPortable\App\Clover\Clover.exe
MD5
c9ca9bb3f1d61124d91dda59abc59ca6

SHA1
f5afd79987e2dba8007c1ea32bb7ecd3503cdd61

SHA256
326f2ddb3ce43ce64de3e4e97464aa3bfdde604a93bf9f7141b9de7fc8367f13

SHA512
97d361f0e5660aae5019c3684e4dda341e98384f9b262aa3fe8e1124eb77adcfd7fed38c597ed4065259e754991170a4ccecf4fff8b4de3087c351dae1a0af8e

Download Submit
C:\clover\CloverPortable\App\Clover\Clover.exe
MD5
c9ca9bb3f1d61124d91dda59abc59ca6

SHA1
f5afd79987e2dba8007c1ea32bb7ecd3503cdd61

SHA256
326f2ddb3ce43ce64de3e4e97464aa3bfdde604a93bf9f7141b9de7fc8367f13

SHA512
97d361f0e5660aae5019c3684e4dda341e98384f9b262aa3fe8e1124eb77adcfd7fed38c597ed4065259e754991170a4ccecf4fff8b4de3087c351dae1a0af8e

Download Submit
C:\clover\CloverPortable\App\Clover\CloverInfo.ini
MD5
728aa91876960c627c5ebff60fbf9557

SHA1
5fb582e97cab7a3583eed18a80d89e9afb8abdf9

SHA256
5d0c2e0ab5aac555c69c73b2cecb6937d263aa484c02e2e08453a8c121c3b72f

SHA512
b1bcebc7ddbc650d0eacf1830a7a1e0fe40a90e079c33ce4658d91ac3fcfc0d1db4160ac31b481b525453e3a5fcd558a5e83b2dcfc9b2ff794ef0c4bda0797b2

Download Submit
C:\clover\CloverPortable\App\Clover\TabHelper64.dll
MD5
643d2b4e7c1c0b8b01d2fd41a924af80

SHA1
64a8665c98c4af9c97e8d937994c0a5bcd73d221

SHA256
e02c54b4f65d73b90a009e404464061e5f08be962f8268a79431b9683678e5ac

SHA512
3c31370ac2a75465dd2c4de635a5d18be8d8c6ac4055398dd4b05d5b9566de3ff9518dcc3c893326d388ed9b4985d0553cb01c94b6aaa145eb0c6429097f1061

Download Submit
C:\clover\CloverPortable\App\Clover\UtilWnd.dll
MD5
a72206185fa4e7d05445fc26658541ff

SHA1
89a3140230ab3dec3e49aa6a5017f869049242c1

SHA256
bb88206baf5fdc39cc1460ec253d14ed1b18acc16ef94b7610d074069267b0e3

SHA512
414b8a2832346b53579be13185870a3ffd1a3c09a9b40ec3ff956c5211af47061fabab14a40545c62794fad5993048fd3190a59de1279e0c2f3e786659b3a9c0

Download Submit
C:\clover\CloverPortable\App\Clover\clover_dll.dll
MD5
b4f7eae217bb80fdab69e7f87917dbb8

SHA1
5729c7c9c249699112fb125de3acc8040ac7b288

SHA256
42066fa459f09670b73545010dd9f3fd1227d4468a76d8d524e2ab4eee7c0b4a

SHA512
79dafae8d4fb6121988d598f27bf8135bc0180a78b39b2ebae8a82dfe67d78dd48b6fb9e23314553af577167c64e4c4b8edf8503fd3db305fe47e48b2fdb8a06

Download Submit
C:\clover\CloverPortable\App\Clover\config.ini
MD5
d7d66be46af50158d165b6e0a7521c33

SHA1
64930d3845b6851d9afb3ec13f76bdcaaefc0a98

SHA256
879ead9cb74cc12f2efd84d2270fe0ecdfb526bb6b645d750c78d4a293c0bea5

SHA512
db10ceb3b4223ad4b197f200d7ddc1acf2821bcd8681b9aba756ecdfeed496a50f809cac73ddffd164cbd50a37c8ac50d538c84d97765c41b6031e374a127821

Download Submit
C:\clover\CloverPortable\App\Clover\lang\lang_index.xml
MD5
927c5543cbee0f8a06f2589b84d75781

SHA1
d8a1e253eca91eb0718036bd7138205748c2e2f9

SHA256
b2165610c2519de6580e80a208d4126976314cfec60ab08918cc335b937d7e65

SHA512
73ff9f7c3d988bfcf286035731bc595356f488bff691de762426c20beeb78b586d3bb8cbaf1c9eb3fd6f334c397558d1297757b8e793e10c0e9a0787678b46ad

Download Submit
C:\clover\CloverPortable\App\Clover\lang\uires_en.dll
MD5
1e2310c7fad9847a25d199c7fa9d5af7

SHA1
54847d240e67c9ecca37b039a46b6908480d38c0

SHA256
edf0ec48019fe0161fc6189af0d8d5beb1176e2504fcffaa9f214e6aac7177e0

SHA512
ba67a7b89430f0641938eec315001878d37d704341915d2fd06949fb6183f4989be16054a980488ec25d1aa328962bad163b2ef584526533ff872c31cfa833eb

Download Submit
C:\clover\CloverPortable\App\Clover\login_ui.dll
MD5
e1475455e203479d38a4820389d9fe7e

SHA1
ff7739f5edc2f821cdec5ecef0792c9b46271ee6

SHA256
00e3be53d7b4aaa41d62f52ecdf21034444e98bd1c864d3ae265a64f40e3d3ed

SHA512
b93826c0543cc0b38c679cfea1a96d5e58bcbb1e7999fdf7b501db28e9e7c5b552a37899784a53567164d61e1859c0227e55d9f0885a877f26845ea823eeb244

Download Submit
C:\clover\CloverPortable\App\DefaultData\config.ini
MD5
a2c747624984d18bab5b68862895f7e9

SHA1
4628896a7690591667ea2cbfe4c97424e4d9e996

SHA256
deab39ae9f51231caf91585f9310f599eecb0933d8b3075bab9f4b12ad270b45

SHA512
2f324321f55ff245a3daf81d1d7068bdfcf7ee3e01a8a3528c7ad9b30f398d23c8e05048a755fd916e00691107ea269c63a5d964811777437cec9142663b9bcf

Download Submit
C:\clover\CloverPortable\CloverPortable.exe
MD5
b3f430a233fa273f0554fdbc1743fbeb

SHA1
5ba152852ea1756afd0363d851df985059c17997

SHA256
69ee78a5f75592ca942ad0be3880004466f7f55942a09d03a4161f3fba99a909

SHA512
6100ce0f4deba7cf3d278bea4fe20f2e881e8faff2f688a8747f6b68345c08f0dd4313bdfcdded2651d65c4dbb01322580f6c8325d7478d23efaefc14a0487d3

Download Submit
C:\clover\CloverPortable\CloverPortable.exe
MD5
b3f430a233fa273f0554fdbc1743fbeb

SHA1
5ba152852ea1756afd0363d851df985059c17997

SHA256
69ee78a5f75592ca942ad0be3880004466f7f55942a09d03a4161f3fba99a909

SHA512
6100ce0f4deba7cf3d278bea4fe20f2e881e8faff2f688a8747f6b68345c08f0dd4313bdfcdded2651d65c4dbb01322580f6c8325d7478d23efaefc14a0487d3

Download Submit
C:\clover\CloverPortable\Other\Help\Images\Help_Background_Footer.png
MD5
0e766f7413509a8e33e7b244ff66d5d6

SHA1
6af03588e216295499b0530c3716800fd17c23b8

SHA256
59b252968ddb3bfc0c29a9d6c03f1f940aed4153340fd6191d487a678c051a99

SHA512
7665bf1bf0b67ef7264f6295e449f2ee044f176a314b31b4273f3784eedb39b4957fd1c8e15ea20f4095acef5acee2206339cf5ca835ae653279ad45f87ad74c

Download Submit
C:\clover\CloverPortable\Other\Help\Images\Help_Background_Header.png
MD5
f9d5be46a3b53651f10271ca7e7a8077

SHA1
acd403722c586f01b8c75e19b384baaed1141d85

SHA256
d70104d9ee96cad48c64f303a82df3927135cbc15140af1751980dc5379ebe28

SHA512
a4bd0e5904c6bb1a14f82765dca8f5057e909dfb758949007c992a2b81dda0ac9450c7059b8e59b01ecb2caa8e86107233116adc56c7afcf94d35db3c5339fa1

Download Submit
C:\clover\CloverPortable\Other\Help\Images\Sourceforge_logo.png
MD5
076df09bf31ca9524735f3ba9817789b

SHA1
95c0848fbc46a061eae54cb1c9a2ba1b4626746f

SHA256
a11e4bd06d6fe424a6b9ef8a4d2d724089487db2b619781506d0f5091fc488d9

SHA512
a018479db436565eb931107edda2d759dc953063f24f394724d9f13c957fc353fa73e96be5d0f7ba39403e70ba52a4a8802b98f99a04ec2f8fa1140371a27d74

Download Submit
C:\clover\CloverPortable\Other\Help\Images\help_logo_top _new.png
MD5
df26227b593f53ae1930e2bd7576fe8b

SHA1
1f529a4b0f4db037ca6a9ba51bbbccbbbe7ad526

SHA256
cf709be72aa59f5ca2642baad4d749ca2d9e43a1c8b4af9b0a89c958390a449e

SHA512
ce03c4de46581d474053c9b74ac23a3d7e73b439c20adba32ea7b965ac9a89b07e836cdd2105f7b37af2996c187178034f5ce0b7ec612a1053909f6ab0671205

Download Submit
C:\clover\CloverPortable\Other\Help\Images\thumbapps _logo256.png
MD5
8642e8ddd68ea7b17964e966ee9a28b0

SHA1
02e6eb1c48e973dafb230f81ec9e14608206bfa3

SHA256
7749bc4255c41a20273ffcbcea30f110fa65e4d540de239b075f099d065f507a

SHA512
fc783c4a78c120a6b5b5a5bf694a13eee251b98be53f4a023453d6909951f71dea77e61c3352e574290dfe992a7f1f4a9d229c11e2e36f7f60d1b6b4b96f8a07

Download Submit
C:\clover\CloverPortable\help.html
MD5
f5e53feac7009e37b4d21766e359f64b

SHA1
d3bf1f8b2a8b94a51cc725680b0825b671cc3c68

SHA256
db102fd5ea719c976ad8f7b6074a1bc53878080cdba74dd67e87beb9e87e4169

SHA512
cc9a71c95c35aa3e79ebec8d9abb822673610d7de3a853d02fa3a5ed1d7f8e4be72b67f7c4afcb6466c0d0ad0f5c567a325962c6490868fc0988e0ac951aa98e

Download Submit
\Users\Admin\AppData\Local\Temp\nssF182.tmp\FindProcDLL.dll
MD5
ba4c1dfe226d573d516c0529f263011e

SHA1
d726e947633ea75c09bba1cb6a14a79ce953be24

SHA256
2ffe1ac2555e822b4a383996168031e456f09f9cf3bb763fccee35be178cf58a

SHA512
73d607f0cc27eb3b1966911edf669417249bbcaa2d07f037cb3d3d3eaf368110e7e683d0e2186b06820302cd17041d5f60adab1d0ad0ebc03e34075cea37f5f8

Download Submit
\Users\Admin\AppData\Local\Temp\nssF182.tmp\LangDLL.dll
MD5
3dd80dff583544514eeb3a5ed851a519

SHA1
56f7324d9d4230c96d1963e7b3e02b05a6cf5c24

SHA256
86cff5eaca76c49f924cb123d242fdcfd45ab99c4b638d3b8f4a8cfb1970ab5b

SHA512
955f4df195b5d134449904e9020f80125cfb64d70d9482ff583451f3fcb10d15577ceac4180f71a96452d8478f6365160ab15731f9a79a494383087c9310fd1d

Download Submit
\Users\Admin\AppData\Local\Temp\nssF182.tmp\System.dll
MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
\Users\Admin\AppData\Local\Temp\nssF182.tmp\System.dll
MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
\Users\Admin\AppData\Local\Temp\nssF182.tmp\nsDialogs.dll
MD5
ca95c9da8cef7062813b989ab9486201

SHA1
c555af25df3de51aa18d487d47408d5245dba2d1

SHA256
feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be

SHA512
a30d94910204d1419c803dc12d90a9d22f63117e4709b1a131d8c4d5ead7e4121150e2c8b004a546b33c40c294df0a74567013001f55f37147d86bb847d7bbc9

Download Submit
\Users\Admin\AppData\Local\Temp\nssF182.tmp\w7tbp.dll
MD5
9a3031cc4cef0dba236a28eecdf0afb5

SHA1
708a76aa56f77f1b0ebc62b023163c2e0426f3ac

SHA256
53bb519e3293164947ac7cbd7e612f637d77a7b863e3534ba1a7e39b350d3c00

SHA512
8fddde526e7d10d77e247ea80b273beae9dde1d4112806f1f5c3e6a409247d54d8a4445ab5bdd77025a434c3d1dcfdf480dac21abbdb13a308d5eb74517fab53

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFDC2.tmp\System.dll
MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFDC2.tmp\UAC.dll
MD5
a88baad3461d2e9928a15753b1d93fd7

SHA1
bb826e35264968bbc3b981d8430ac55df1e6d4a6

SHA256
c5ab2926c268257122d0342739e73573d7eeda34c861bc7a68a02cbc69bd41af

SHA512
5edcf46680716930da7fd1a41b8b0426f057cf4becefb3ee84798ec8b449726afb822fb626c4942036a1ae3bb937184d1f71d0e45075abb5bf167f5d833df43a

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFDC2.tmp\nsExec.dll
MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
\Users\Admin\AppData\Local\Temp\nsyFDC2.tmp\registry.dll
MD5
2880bf3bbbc8dcaeb4367df8a30f01a8

SHA1
cb5c65eae4ae923514a67c95ada2d33b0c3f2118

SHA256
acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973

SHA512
ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3

Download Submit
\clover\CloverPortable\App\Clover\Clover.exe
MD5
c9ca9bb3f1d61124d91dda59abc59ca6

SHA1
f5afd79987e2dba8007c1ea32bb7ecd3503cdd61

SHA256
326f2ddb3ce43ce64de3e4e97464aa3bfdde604a93bf9f7141b9de7fc8367f13

SHA512
97d361f0e5660aae5019c3684e4dda341e98384f9b262aa3fe8e1124eb77adcfd7fed38c597ed4065259e754991170a4ccecf4fff8b4de3087c351dae1a0af8e

Download Submit
\clover\CloverPortable\App\Clover\TabHelper64.dll
MD5
643d2b4e7c1c0b8b01d2fd41a924af80

SHA1
64a8665c98c4af9c97e8d937994c0a5bcd73d221

SHA256
e02c54b4f65d73b90a009e404464061e5f08be962f8268a79431b9683678e5ac

SHA512
3c31370ac2a75465dd2c4de635a5d18be8d8c6ac4055398dd4b05d5b9566de3ff9518dcc3c893326d388ed9b4985d0553cb01c94b6aaa145eb0c6429097f1061

Download Submit
\clover\CloverPortable\App\Clover\TabHelper64.dll
MD5
643d2b4e7c1c0b8b01d2fd41a924af80

SHA1
64a8665c98c4af9c97e8d937994c0a5bcd73d221

SHA256
e02c54b4f65d73b90a009e404464061e5f08be962f8268a79431b9683678e5ac

SHA512
3c31370ac2a75465dd2c4de635a5d18be8d8c6ac4055398dd4b05d5b9566de3ff9518dcc3c893326d388ed9b4985d0553cb01c94b6aaa145eb0c6429097f1061

Download Submit
\clover\CloverPortable\App\Clover\TabHelper64.dll
MD5
643d2b4e7c1c0b8b01d2fd41a924af80

SHA1
64a8665c98c4af9c97e8d937994c0a5bcd73d221

SHA256
e02c54b4f65d73b90a009e404464061e5f08be962f8268a79431b9683678e5ac

SHA512
3c31370ac2a75465dd2c4de635a5d18be8d8c6ac4055398dd4b05d5b9566de3ff9518dcc3c893326d388ed9b4985d0553cb01c94b6aaa145eb0c6429097f1061

Download Submit
\clover\CloverPortable\App\Clover\UtilWnd.dll
MD5
a72206185fa4e7d05445fc26658541ff

SHA1
89a3140230ab3dec3e49aa6a5017f869049242c1

SHA256
bb88206baf5fdc39cc1460ec253d14ed1b18acc16ef94b7610d074069267b0e3

SHA512
414b8a2832346b53579be13185870a3ffd1a3c09a9b40ec3ff956c5211af47061fabab14a40545c62794fad5993048fd3190a59de1279e0c2f3e786659b3a9c0

Download Submit
\clover\CloverPortable\App\Clover\clover_dll.dll
MD5
b4f7eae217bb80fdab69e7f87917dbb8

SHA1
5729c7c9c249699112fb125de3acc8040ac7b288

SHA256
42066fa459f09670b73545010dd9f3fd1227d4468a76d8d524e2ab4eee7c0b4a

SHA512
79dafae8d4fb6121988d598f27bf8135bc0180a78b39b2ebae8a82dfe67d78dd48b6fb9e23314553af577167c64e4c4b8edf8503fd3db305fe47e48b2fdb8a06

Download Submit
\clover\CloverPortable\App\Clover\lang\uires_en.dll
MD5
1e2310c7fad9847a25d199c7fa9d5af7

SHA1
54847d240e67c9ecca37b039a46b6908480d38c0

SHA256
edf0ec48019fe0161fc6189af0d8d5beb1176e2504fcffaa9f214e6aac7177e0

SHA512
ba67a7b89430f0641938eec315001878d37d704341915d2fd06949fb6183f4989be16054a980488ec25d1aa328962bad163b2ef584526533ff872c31cfa833eb

Download Submit
\clover\CloverPortable\App\Clover\login_ui.dll
MD5
e1475455e203479d38a4820389d9fe7e

SHA1
ff7739f5edc2f821cdec5ecef0792c9b46271ee6

SHA256
00e3be53d7b4aaa41d62f52ecdf21034444e98bd1c864d3ae265a64f40e3d3ed

SHA512
b93826c0543cc0b38c679cfea1a96d5e58bcbb1e7999fdf7b501db28e9e7c5b552a37899784a53567164d61e1859c0227e55d9f0885a877f26845ea823eeb244

Download Submit
memory/108-82-0x0000000000000000-mapping.dmp

Download
memory/536-77-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

Filesize
8KB

Download
memory/536-76-0x0000000000000000-mapping.dmp

Download
memory/1092-53-0x0000000074E61000-0x0000000074E63000-memory.dmp

Filesize
8KB

Download
memory/1092-59-0x0000000074411000-0x0000000074413000-memory.dmp

Filesize
8KB

Download
memory/1196-70-0x0000000004AC0000-0x0000000004B23000-memory.dmp

Filesize
396KB

Download
memory/1364-96-0x0000000000000000-mapping.dmp

Download
memory/1892-72-0x0000000000000000-mapping.dmp

Download