f980e92af3341650819ca6c985294ebe0aa78d38bdfe249536d7ec7f2efc6ecf

Analysis

max time kernel
123s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

clipgrab-3.9.7-dotinstaller.exe
Size

2.8MB
MD5

0f29445baa824f6729cbda3d90b15cec
SHA1

572195b4193529d842653e678eeec7dc3544ee2f
SHA256

f980e92af3341650819ca6c985294ebe0aa78d38bdfe249536d7ec7f2efc6ecf
SHA512

a05bb0cb18d3c7e0ce5795397beeaee90078c272afccf5211d911eae4bc39078bed7da22c528e77ed4daea1c1b4e736c2f361cdb6e525e4132ba4793e433cc81
SSDEEP

49152:9qe3f6PUk/4g+H98AHaCfu6rtWBu1SSmqOIzDamifOL9T9vEXv:MSiPUk/XE9vBugtL1SNaRLh9vEXv

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe

Executes dropped EXE 32 IoCs

pid	Process
5064	clipgrab-3.9.7-dotinstaller.tmp
1824	clipgrab-3.9.7-portable.exe
4612	clipgrab-3.9.7-portable.tmp
4876	vc_redist.x86.exe
5008	vc_redist.x86.exe
1980	clipgrab.exe
4056	ffmpeg.exe
3980	ffmpeg.exe
1300	python.exe
4148	python.exe
3948	python.exe
2492	python.exe
5080	python.exe
1424	python.exe
1208	python.exe
876	python.exe
2304	python.exe
4560	python.exe
4924	python.exe
4640	python.exe
4504	python.exe
3044	QtWebEngineProcess.exe
3668	QtWebEngineProcess.exe
2108	QtWebEngineProcess.exe
3712	python.exe
4320	python.exe
2536	python.exe
980	python.exe
1480	QtWebEngineProcess.exe
4828	python.exe
816	python.exe
448	QtWebEngineProcess.exe

Loads dropped DLL 64 IoCs

pid	Process
5064	clipgrab-3.9.7-dotinstaller.tmp
5064	clipgrab-3.9.7-dotinstaller.tmp
5064	clipgrab-3.9.7-dotinstaller.tmp
5008	vc_redist.x86.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1300	python.exe
1300	python.exe
4148	python.exe
4148	python.exe
3948	python.exe
3948	python.exe
2492	python.exe
2492	python.exe
5080	python.exe
5080	python.exe
1424	python.exe
1424	python.exe
1208	python.exe
1208	python.exe
876	python.exe
876	python.exe
2304	python.exe
2304	python.exe
4560	python.exe
4560	python.exe
4924	python.exe
4924	python.exe
4640	python.exe
4640	python.exe
4504	python.exe
4504	python.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ClipGrab\is-NQABQ.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-TNTQA.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-0DIUA.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-5GL3N.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-UDBOD.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Qml.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\clipgrab.exe	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Widgets.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\platforms\qwindows.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-6M80P.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-27108.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\position\is-FSD3P.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-0RNNQ.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-5KCAO.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5QuickWidgets.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-ER1HN.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-RVVCT.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-6CK4E.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-P861I.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-F6HHO.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-VHVUS.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\bearer\is-6R9EI.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\resources\is-MGJTH.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\imageformats\is-F7VKC.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Xml.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-7LNAM.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5PrintSupport.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\python\sqlite3.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\ffmpeg.exe	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-R7BCV.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5SerialPort.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-0HF70.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\imageformats\is-1SB6D.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-OK9SJ.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\unins000.dat	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Svg.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\imageformats\qjpeg.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\opengl32sw.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\imageformats\qgif.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-F494C.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-70CSF.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-F7C1P.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\python\python3.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5WebEngineCore.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\python\libssl-1_1.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-6J7J1.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-M4SF7.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\libGLESV2.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-6ANUL.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-6PFAA.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\iconengines\qsvgicon.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-9FTTA.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-JOUJN.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\libEGL.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\resources\is-8MN4O.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-V9Q9R.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Gui.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\unins000.dat	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-90D1S.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\position\is-VA6BH.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\resources\is-2C3BG.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\imageformats\qwbmp.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Quick.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5WebEngineWidgets.dll	clipgrab-3.9.7-portable.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
336	5064	WerFault.exe	83

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 19000000010000001000000060e2dc65295f1062e558f3fef235ed3c030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e1d000000010000001000000054e2cd85ba79cda018fed9e6a863aa461400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b276200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f553000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000132020004700320000000f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b052000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4	clipgrab.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	clipgrab.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b050b000000010000005400000053007400610072006600690065006c006400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900200013202000470032000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000002500000030233021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c06200000001000000200000002ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f51400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b271d000000010000001000000054e2cd85ba79cda018fed9e6a863aa46030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4	clipgrab.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	clipgrab.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	clipgrab.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	clipgrab.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E	clipgrab.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	clipgrab.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	clipgrab.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	20	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1980	clipgrab.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4612	clipgrab-3.9.7-portable.tmp
4612	clipgrab-3.9.7-portable.tmp
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3668	QtWebEngineProcess.exe
3668	QtWebEngineProcess.exe
2108	QtWebEngineProcess.exe
2108	QtWebEngineProcess.exe
1480	QtWebEngineProcess.exe
1480	QtWebEngineProcess.exe
448	QtWebEngineProcess.exe
448	QtWebEngineProcess.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1980	clipgrab.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: 35	1300	python.exe
Token: 35	4148	python.exe
Token: 35	3948	python.exe
Token: 35	2492	python.exe
Token: 35	5080	python.exe
Token: 35	1424	python.exe
Token: 35	1208	python.exe
Token: 35	876	python.exe
Token: 35	4560	python.exe
Token: 35	4924	python.exe
Token: 35	4640	python.exe
Token: 35	4504	python.exe
Token: 35	3712	python.exe
Token: 35	4320	python.exe
Token: 35	2536	python.exe
Token: 35	980	python.exe
Token: 35	4828	python.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
5064	clipgrab-3.9.7-dotinstaller.tmp
4612	clipgrab-3.9.7-portable.tmp
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
5064	clipgrab-3.9.7-dotinstaller.tmp
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe
1980	clipgrab.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 5064	3324	clipgrab-3.9.7-dotinstaller.exe	83
PID 3324 wrote to memory of 5064	3324	clipgrab-3.9.7-dotinstaller.exe	83
PID 3324 wrote to memory of 5064	3324	clipgrab-3.9.7-dotinstaller.exe	83
PID 5064 wrote to memory of 1824	5064	clipgrab-3.9.7-dotinstaller.tmp	91
PID 5064 wrote to memory of 1824	5064	clipgrab-3.9.7-dotinstaller.tmp	91
PID 5064 wrote to memory of 1824	5064	clipgrab-3.9.7-dotinstaller.tmp	91
PID 1824 wrote to memory of 4612	1824	clipgrab-3.9.7-portable.exe	92
PID 1824 wrote to memory of 4612	1824	clipgrab-3.9.7-portable.exe	92
PID 1824 wrote to memory of 4612	1824	clipgrab-3.9.7-portable.exe	92
PID 4612 wrote to memory of 4876	4612	clipgrab-3.9.7-portable.tmp	94
PID 4612 wrote to memory of 4876	4612	clipgrab-3.9.7-portable.tmp	94
PID 4612 wrote to memory of 4876	4612	clipgrab-3.9.7-portable.tmp	94
PID 4876 wrote to memory of 5008	4876	vc_redist.x86.exe	96
PID 4876 wrote to memory of 5008	4876	vc_redist.x86.exe	96
PID 4876 wrote to memory of 5008	4876	vc_redist.x86.exe	96
PID 5064 wrote to memory of 1980	5064	clipgrab-3.9.7-dotinstaller.tmp	97
PID 5064 wrote to memory of 1980	5064	clipgrab-3.9.7-dotinstaller.tmp	97
PID 5064 wrote to memory of 1980	5064	clipgrab-3.9.7-dotinstaller.tmp	97
PID 1980 wrote to memory of 4056	1980	clipgrab.exe	99
PID 1980 wrote to memory of 4056	1980	clipgrab.exe	99
PID 1980 wrote to memory of 4056	1980	clipgrab.exe	99
PID 1980 wrote to memory of 3980	1980	clipgrab.exe	104
PID 1980 wrote to memory of 3980	1980	clipgrab.exe	104
PID 1980 wrote to memory of 3980	1980	clipgrab.exe	104
PID 1980 wrote to memory of 1300	1980	clipgrab.exe	105
PID 1980 wrote to memory of 1300	1980	clipgrab.exe	105
PID 1980 wrote to memory of 1300	1980	clipgrab.exe	105
PID 1980 wrote to memory of 4148	1980	clipgrab.exe	107
PID 1980 wrote to memory of 4148	1980	clipgrab.exe	107
PID 1980 wrote to memory of 4148	1980	clipgrab.exe	107
PID 1980 wrote to memory of 3948	1980	clipgrab.exe	109
PID 1980 wrote to memory of 3948	1980	clipgrab.exe	109
PID 1980 wrote to memory of 3948	1980	clipgrab.exe	109
PID 1980 wrote to memory of 2492	1980	clipgrab.exe	111
PID 1980 wrote to memory of 2492	1980	clipgrab.exe	111
PID 1980 wrote to memory of 2492	1980	clipgrab.exe	111
PID 1980 wrote to memory of 5080	1980	clipgrab.exe	113
PID 1980 wrote to memory of 5080	1980	clipgrab.exe	113
PID 1980 wrote to memory of 5080	1980	clipgrab.exe	113
PID 1980 wrote to memory of 1424	1980	clipgrab.exe	115
PID 1980 wrote to memory of 1424	1980	clipgrab.exe	115
PID 1980 wrote to memory of 1424	1980	clipgrab.exe	115
PID 1980 wrote to memory of 1208	1980	clipgrab.exe	117
PID 1980 wrote to memory of 1208	1980	clipgrab.exe	117
PID 1980 wrote to memory of 1208	1980	clipgrab.exe	117
PID 1980 wrote to memory of 876	1980	clipgrab.exe	119
PID 1980 wrote to memory of 876	1980	clipgrab.exe	119
PID 1980 wrote to memory of 876	1980	clipgrab.exe	119
PID 1980 wrote to memory of 2304	1980	clipgrab.exe	121
PID 1980 wrote to memory of 2304	1980	clipgrab.exe	121
PID 1980 wrote to memory of 2304	1980	clipgrab.exe	121
PID 1980 wrote to memory of 4560	1980	clipgrab.exe	123
PID 1980 wrote to memory of 4560	1980	clipgrab.exe	123
PID 1980 wrote to memory of 4560	1980	clipgrab.exe	123
PID 1980 wrote to memory of 4924	1980	clipgrab.exe	125
PID 1980 wrote to memory of 4924	1980	clipgrab.exe	125
PID 1980 wrote to memory of 4924	1980	clipgrab.exe	125
PID 1980 wrote to memory of 4640	1980	clipgrab.exe	127
PID 1980 wrote to memory of 4640	1980	clipgrab.exe	127
PID 1980 wrote to memory of 4640	1980	clipgrab.exe	127
PID 1980 wrote to memory of 4504	1980	clipgrab.exe	129
PID 1980 wrote to memory of 4504	1980	clipgrab.exe	129
PID 1980 wrote to memory of 4504	1980	clipgrab.exe	129
PID 1980 wrote to memory of 3044	1980	clipgrab.exe	131

C:\Users\Admin\AppData\Local\Temp\clipgrab-3.9.7-dotinstaller.exe
"C:\Users\Admin\AppData\Local\Temp\clipgrab-3.9.7-dotinstaller.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Users\Admin\AppData\Local\Temp\is-AUBB2.tmp\clipgrab-3.9.7-dotinstaller.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AUBB2.tmp\clipgrab-3.9.7-dotinstaller.tmp" /SL5="$E0046,1907617,1111552,C:\Users\Admin\AppData\Local\Temp\clipgrab-3.9.7-dotinstaller.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5064
- - C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\clipgrab-3.9.7-portable.exe
    "C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\clipgrab-3.9.7-portable.exe" /VERYSILENT
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\is-POPK3.tmp\clipgrab-3.9.7-portable.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-POPK3.tmp\clipgrab-3.9.7-portable.tmp" /SL5="$701C4,72952445,791040,C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\clipgrab-3.9.7-portable.exe" /VERYSILENT
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\is-S76EA.tmp\vc_redist.x86.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-S76EA.tmp\vc_redist.x86.exe" /install /passive /silent /norestart
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4876
      - C:\Windows\Temp\{F9107BE8-AC93-4C84-9C0E-A6E7A9A0717B}\.cr\vc_redist.x86.exe
        
        "C:\Windows\Temp\{F9107BE8-AC93-4C84-9C0E-A6E7A9A0717B}\.cr\vc_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-S76EA.tmp\vc_redist.x86.exe" -burn.filehandle.attached=532 -burn.filehandle.self=540 /install /passive /silent /norestart
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5008
- - C:\Program Files (x86)\ClipGrab\clipgrab.exe
    "C:\Program Files (x86)\ClipGrab\clipgrab.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1980
  - - C:\Program Files (x86)\ClipGrab\ffmpeg.exe
      ffmpeg -v quiet
      4⤵
      Executes dropped EXE
      PID:4056
  - - C:\Program Files (x86)\ClipGrab\ffmpeg.exe
      ffmpeg -formats
      4⤵
      Executes dropped EXE
      PID:3980
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:1300
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:4148
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:3948
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:2492
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:5080
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:1424
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:1208
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:876
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2304
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:4560
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:4924
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:4640
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:4504
  - - C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
      "C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=4506921405793603299 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4506921405793603299 --renderer-client-id=2 --mojo-platform-channel-handle=2356 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:3044
  - - C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
      "C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=16137689071925531692 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16137689071925531692 --renderer-client-id=4 --mojo-platform-channel-handle=2872 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:2108
  - - C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
      "C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=5200157421974854125 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5200157421974854125 --renderer-client-id=3 --mojo-platform-channel-handle=2848 /prefetch:1
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:3668
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:3712
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" "" --version
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4320
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp --version
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2536
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp --version
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4828
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" C:/Users/Admin/AppData/Roaming/ClipGrab/ClipGrab/yt-dlp -J https://www.youtube.com/playlist?list=PL6B3937A5D230E335 --yes-playlist --flat-playlist
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:980
  - - C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
      "C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=12786265626947428876 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12786265626947428876 --renderer-client-id=5 --mojo-platform-channel-handle=3892 /prefetch:1
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1480
  - - C:\Program Files (x86)\ClipGrab\python\python.exe
      "C:\Program Files (x86)\ClipGrab\python\python.exe" --version
      4⤵
      Executes dropped EXE
      PID:816
  - - C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe
      "C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-databases --disable-gpu-compositing --service-pipe-token=7186590497818500787 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7186590497818500787 --renderer-client-id=6 --mojo-platform-channel-handle=2452 /prefetch:1
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 1800
    3⤵
    - Program crash
    PID:336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5064 -ip 5064
1⤵
PID:2064

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ClipGrab\Qt5Core.dll

Filesize
4.9MB

MD5
357cf7f517757f0689030f196dd7edc0

SHA1
248ae43e160e80c81718a9f26544be4e535cf20a

SHA256
fd3dd9dcc286e6d36cb7b3fc90c8f7f683d2e9eb449e0433af70118e726d3fe1

SHA512
f938d4e81c46bb2d4cea587a9040e6a9eac44942654e07f6b17b3e4d27d31d03b3b5226004a2e981e6c9eaf0c2faf42957607f278c9978f6033c901c93217b7f

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Core.dll

Filesize
4.9MB

MD5
357cf7f517757f0689030f196dd7edc0

SHA1
248ae43e160e80c81718a9f26544be4e535cf20a

SHA256
fd3dd9dcc286e6d36cb7b3fc90c8f7f683d2e9eb449e0433af70118e726d3fe1

SHA512
f938d4e81c46bb2d4cea587a9040e6a9eac44942654e07f6b17b3e4d27d31d03b3b5226004a2e981e6c9eaf0c2faf42957607f278c9978f6033c901c93217b7f

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Gui.dll

Filesize
5.1MB

MD5
c8bb97d7265ae7327eab7432c6496cf3

SHA1
c8ecab5cc7872a08ebb81edd00e95db85d56d6b5

SHA256
bd149755a4b0b7d721f9a355717855f488b16d8cbe177d0d88d9990359f5d4d5

SHA512
ec8c71336ff97e54252b3f8558a0471f8a14821ae91f90a32f1e9284eddfba6106d85eff25d5cf19d5273acaedb9ec23daf84e273ec0d6939e3c694e5da47085

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Gui.dll

Filesize
5.1MB

MD5
c8bb97d7265ae7327eab7432c6496cf3

SHA1
c8ecab5cc7872a08ebb81edd00e95db85d56d6b5

SHA256
bd149755a4b0b7d721f9a355717855f488b16d8cbe177d0d88d9990359f5d4d5

SHA512
ec8c71336ff97e54252b3f8558a0471f8a14821ae91f90a32f1e9284eddfba6106d85eff25d5cf19d5273acaedb9ec23daf84e273ec0d6939e3c694e5da47085

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Gui.dll

Filesize
5.1MB

MD5
c8bb97d7265ae7327eab7432c6496cf3

SHA1
c8ecab5cc7872a08ebb81edd00e95db85d56d6b5

SHA256
bd149755a4b0b7d721f9a355717855f488b16d8cbe177d0d88d9990359f5d4d5

SHA512
ec8c71336ff97e54252b3f8558a0471f8a14821ae91f90a32f1e9284eddfba6106d85eff25d5cf19d5273acaedb9ec23daf84e273ec0d6939e3c694e5da47085

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Network.dll

Filesize
1.0MB

MD5
08b5fcf0369a4923befb05a3e7b91998

SHA1
4d44449f027120d59bd0c9725dcfe02102acc82e

SHA256
de3ef3d9ac16b03a6da9cc076bba081142ccd4a306777b6d1bbaa60980e20723

SHA512
629a3c3b3fd6c36a0a9ec93bbd325bd78e5044279720a32eb79041b08989f575c99992f352d710c167b79c19498fa002ae85afbb080302fb001ed0b44465eb06

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Network.dll

Filesize
1.0MB

MD5
08b5fcf0369a4923befb05a3e7b91998

SHA1
4d44449f027120d59bd0c9725dcfe02102acc82e

SHA256
de3ef3d9ac16b03a6da9cc076bba081142ccd4a306777b6d1bbaa60980e20723

SHA512
629a3c3b3fd6c36a0a9ec93bbd325bd78e5044279720a32eb79041b08989f575c99992f352d710c167b79c19498fa002ae85afbb080302fb001ed0b44465eb06

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Positioning.dll

Filesize
259KB

MD5
92aa5c44793603758874f87ecc5c88ce

SHA1
f368193467f61e0edb4864422085e70770c88d76

SHA256
798cc99af70288093bfd09a5addfd55a80f9652e7dc79f0b51f7760c47de2c9e

SHA512
459b97983c236ad76438615dad7174aa64561c9a0d9fcda7f290411237d97411f503d2dbb2d90f0c61fc229a872971a96ab61bf7b9bfb8b1ea840f4621d10910

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Positioning.dll

Filesize
259KB

MD5
92aa5c44793603758874f87ecc5c88ce

SHA1
f368193467f61e0edb4864422085e70770c88d76

SHA256
798cc99af70288093bfd09a5addfd55a80f9652e7dc79f0b51f7760c47de2c9e

SHA512
459b97983c236ad76438615dad7174aa64561c9a0d9fcda7f290411237d97411f503d2dbb2d90f0c61fc229a872971a96ab61bf7b9bfb8b1ea840f4621d10910

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5PrintSupport.dll

Filesize
267KB

MD5
c9d5c7d715bbf74c31aab14893698778

SHA1
ee62edb71acb9eda4cb5f213a0b94940b972d7b3

SHA256
12717098b4d3f5f09ec19d091d1beb26d6df35e586bee511b9138be42d644e4a

SHA512
ee67880a737d1ec7c14cf84f20994bd34d8c8e39fc1763b634c311bc200ab6153f2f6760b217517a6190ccdf8076f4f9055062a011b3115c653c0ae4c5837330

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5PrintSupport.dll

Filesize
267KB

MD5
c9d5c7d715bbf74c31aab14893698778

SHA1
ee62edb71acb9eda4cb5f213a0b94940b972d7b3

SHA256
12717098b4d3f5f09ec19d091d1beb26d6df35e586bee511b9138be42d644e4a

SHA512
ee67880a737d1ec7c14cf84f20994bd34d8c8e39fc1763b634c311bc200ab6153f2f6760b217517a6190ccdf8076f4f9055062a011b3115c653c0ae4c5837330

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Qml.dll

Filesize
3.2MB

MD5
b92764b31b080972ad0682a0ba794db1

SHA1
a4b3b253da4078a0b9d536873a6e79a4ba070ad2

SHA256
4706a5ef8f1092da9d60af8722546ce8f23c98db7450c3f72521d4651aeb2a52

SHA512
077c7c285c038cec271fe21a2b77eaadf3ec7d6a288d24234d6e351bead294b7bb903ea2759cb852d8e3d0354fbac926292639375d82d4dbeb85e4c515ef4369

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Qml.dll

Filesize
3.2MB

MD5
b92764b31b080972ad0682a0ba794db1

SHA1
a4b3b253da4078a0b9d536873a6e79a4ba070ad2

SHA256
4706a5ef8f1092da9d60af8722546ce8f23c98db7450c3f72521d4651aeb2a52

SHA512
077c7c285c038cec271fe21a2b77eaadf3ec7d6a288d24234d6e351bead294b7bb903ea2759cb852d8e3d0354fbac926292639375d82d4dbeb85e4c515ef4369

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Quick.dll

Filesize
3.0MB

MD5
7a517d5ee706c979876b97c789be8968

SHA1
7efc77f592389f94aa6980ecd3da7d39c960765f

SHA256
beb08a06b24ae1668441d47fbd434daa40ef6c4c45963351a0a6acdcd550bc31

SHA512
2656d980b31c5f6c34fae8b9ea719c06481195af6ff8b93a6297cae74783a2eaf6b808d539add7a1490e159ee19d2889308adb48491d719097d5459a7f798287

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Quick.dll

Filesize
3.0MB

MD5
7a517d5ee706c979876b97c789be8968

SHA1
7efc77f592389f94aa6980ecd3da7d39c960765f

SHA256
beb08a06b24ae1668441d47fbd434daa40ef6c4c45963351a0a6acdcd550bc31

SHA512
2656d980b31c5f6c34fae8b9ea719c06481195af6ff8b93a6297cae74783a2eaf6b808d539add7a1490e159ee19d2889308adb48491d719097d5459a7f798287

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5QuickWidgets.dll

Filesize
64KB

MD5
42ce360f532e7e835ee94ee1226e1c19

SHA1
6c596c32575f081c86524742fcb11aa5e44ad213

SHA256
6b12b555d3bc465e106a26603b4bead895134ecd90b3201773415eab64cc69ac

SHA512
8f2772be5a6e375f06439f58c4b26277f93b8b777c950640c4699de6e0b0a99f7f33ebc6eac4b3a87a1e1b644c573b7ae5de9289d399fa41d732867c1bf95508

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5QuickWidgets.dll

Filesize
64KB

MD5
42ce360f532e7e835ee94ee1226e1c19

SHA1
6c596c32575f081c86524742fcb11aa5e44ad213

SHA256
6b12b555d3bc465e106a26603b4bead895134ecd90b3201773415eab64cc69ac

SHA512
8f2772be5a6e375f06439f58c4b26277f93b8b777c950640c4699de6e0b0a99f7f33ebc6eac4b3a87a1e1b644c573b7ae5de9289d399fa41d732867c1bf95508

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5WebChannel.dll

Filesize
96KB

MD5
2a65f4f49a88417222bcf109b59247ef

SHA1
a165ff1b21ff45c11783b63f2f4e9f270f84f05e

SHA256
632a5d720f3f6371721f94e4665ac13988afde722d155aaa5364a27cbd46d3ac

SHA512
c260fdb3454994e15582feec31b63e8418c9b1d705ee06ac09aa4ac77782ac79f722c9c883714e462ef919834ddd569ea7fff2b7d616a2b210966013c8ad9add

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5WebChannel.dll

Filesize
96KB

MD5
2a65f4f49a88417222bcf109b59247ef

SHA1
a165ff1b21ff45c11783b63f2f4e9f270f84f05e

SHA256
632a5d720f3f6371721f94e4665ac13988afde722d155aaa5364a27cbd46d3ac

SHA512
c260fdb3454994e15582feec31b63e8418c9b1d705ee06ac09aa4ac77782ac79f722c9c883714e462ef919834ddd569ea7fff2b7d616a2b210966013c8ad9add

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5WebEngineCore.dll

Filesize
56.7MB

MD5
cfa7e9d45cff6a9db2735ad94a1fac03

SHA1
f2b5ca141315a2bc064ea61df186f85b0d141eb5

SHA256
4ae899629fc79404bd166219bdde96a5cd169b7470375fb0f9c845c652402a65

SHA512
ed11a789437d3aca2036fbe364649f0b079f79d72fa6810063a0f12bf8a5b6e99dbe9af4d73202af2790e2569261f434a92a089984f15a820bea63ce6095b561

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5WebEngineCore.dll

Filesize
56.7MB

MD5
cfa7e9d45cff6a9db2735ad94a1fac03

SHA1
f2b5ca141315a2bc064ea61df186f85b0d141eb5

SHA256
4ae899629fc79404bd166219bdde96a5cd169b7470375fb0f9c845c652402a65

SHA512
ed11a789437d3aca2036fbe364649f0b079f79d72fa6810063a0f12bf8a5b6e99dbe9af4d73202af2790e2569261f434a92a089984f15a820bea63ce6095b561

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5WebEngineWidgets.dll

Filesize
187KB

MD5
9c30ad3a2ba28362ac506f50221e881d

SHA1
02497e8d0544d91318a2b6619b7c154cebee1073

SHA256
ce773742d6d80df75e9e462bd38bf237508541b3243dad57c48b4eb24f4ff3f1

SHA512
50bb8ac0f02bebe6aaa09554bfe8dd575681810239edeeb696b8170a8f4c3457a4ff3bf2e7ad9ed1b6a6c54f81201988c8e347f1fbff4e2ea2d348a72ca9aa70

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5WebEngineWidgets.dll

Filesize
187KB

MD5
9c30ad3a2ba28362ac506f50221e881d

SHA1
02497e8d0544d91318a2b6619b7c154cebee1073

SHA256
ce773742d6d80df75e9e462bd38bf237508541b3243dad57c48b4eb24f4ff3f1

SHA512
50bb8ac0f02bebe6aaa09554bfe8dd575681810239edeeb696b8170a8f4c3457a4ff3bf2e7ad9ed1b6a6c54f81201988c8e347f1fbff4e2ea2d348a72ca9aa70

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Widgets.dll

Filesize
4.3MB

MD5
db7034b133d238447a6f3704b65bbceb

SHA1
c834d45162f38f461a8eafe737301eb22056e913

SHA256
53d9f928141382a5ef60039562b200e03d18e8720f16fb0ee8072b45e94202a7

SHA512
837b7e675b752c372973ecb4a53de568fc087e5f3896916614d504405a0a1ae78d1be59f173c2a0b28b4b139924736208de2eb6ee767c78894b7834fae9bf9f1

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Widgets.dll

Filesize
4.3MB

MD5
db7034b133d238447a6f3704b65bbceb

SHA1
c834d45162f38f461a8eafe737301eb22056e913

SHA256
53d9f928141382a5ef60039562b200e03d18e8720f16fb0ee8072b45e94202a7

SHA512
837b7e675b752c372973ecb4a53de568fc087e5f3896916614d504405a0a1ae78d1be59f173c2a0b28b4b139924736208de2eb6ee767c78894b7834fae9bf9f1

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Xml.dll

Filesize
149KB

MD5
fd0f95e872b99b61f0b7276e0ff76c28

SHA1
a90b20be2f436362782ac18182637f8dca1e9719

SHA256
9150d32aa158f9c555cc3b845fc8f776684f11ec014b47a96d498faad67e7a31

SHA512
25a4e5d74315f64171c16929da0fa049db9dd835cb912e2909bf442fc6383a424cdd52aec58c6eb6d335697651deff16f688ecac8c11310a1fe7383996bdcd94

Download Submit
C:\Program Files (x86)\ClipGrab\Qt5Xml.dll

Filesize
149KB

MD5
fd0f95e872b99b61f0b7276e0ff76c28

SHA1
a90b20be2f436362782ac18182637f8dca1e9719

SHA256
9150d32aa158f9c555cc3b845fc8f776684f11ec014b47a96d498faad67e7a31

SHA512
25a4e5d74315f64171c16929da0fa049db9dd835cb912e2909bf442fc6383a424cdd52aec58c6eb6d335697651deff16f688ecac8c11310a1fe7383996bdcd94

Download Submit
C:\Program Files (x86)\ClipGrab\clipgrab.exe

Filesize
1.1MB

MD5
57cdd2bc92aee7d3d213561188e565d4

SHA1
fb34ba0178b5764b6ccc9d228796196ee172980e

SHA256
10770da581cc85d55a286d42a0428accafe6c7910bc640cc4264da7fb26dafa4

SHA512
ac00f5021cbc34b7ca160364cdde0a404353d8fc9e6a46866884268880c7b753e91741c48b413d6f7a5ff28a4e3d98bd7485550b46009a7c5b42dd0a877f3856

Download Submit
C:\Program Files (x86)\ClipGrab\clipgrab.exe

Filesize
1.1MB

MD5
57cdd2bc92aee7d3d213561188e565d4

SHA1
fb34ba0178b5764b6ccc9d228796196ee172980e

SHA256
10770da581cc85d55a286d42a0428accafe6c7910bc640cc4264da7fb26dafa4

SHA512
ac00f5021cbc34b7ca160364cdde0a404353d8fc9e6a46866884268880c7b753e91741c48b413d6f7a5ff28a4e3d98bd7485550b46009a7c5b42dd0a877f3856

Download Submit
C:\Program Files (x86)\ClipGrab\clipgrab.exe

Filesize
1.1MB

MD5
57cdd2bc92aee7d3d213561188e565d4

SHA1
fb34ba0178b5764b6ccc9d228796196ee172980e

SHA256
10770da581cc85d55a286d42a0428accafe6c7910bc640cc4264da7fb26dafa4

SHA512
ac00f5021cbc34b7ca160364cdde0a404353d8fc9e6a46866884268880c7b753e91741c48b413d6f7a5ff28a4e3d98bd7485550b46009a7c5b42dd0a877f3856

Download Submit
C:\Program Files (x86)\ClipGrab\ffmpeg.exe

Filesize
49.8MB

MD5
bf955dfb106a42076aed62fc99ae73d9

SHA1
026353b9f9a1d4fd365bdf0890a16c1d6f2a64c6

SHA256
e79d9b4bd7b0420b974eb58eb15d6f072ee939f98acc93314a4cc750c6b7099d

SHA512
c86c8027087fecc0317bfdd6db9bccdf6bd42fc1eac77da400cfefe7f9aed9bf06ed5817f2dad02e423e4f33b6bd522598a3eb52e56c2a31bf58d811e26b952f

Download Submit
C:\Program Files (x86)\ClipGrab\ffmpeg.exe

Filesize
49.8MB

MD5
bf955dfb106a42076aed62fc99ae73d9

SHA1
026353b9f9a1d4fd365bdf0890a16c1d6f2a64c6

SHA256
e79d9b4bd7b0420b974eb58eb15d6f072ee939f98acc93314a4cc750c6b7099d

SHA512
c86c8027087fecc0317bfdd6db9bccdf6bd42fc1eac77da400cfefe7f9aed9bf06ed5817f2dad02e423e4f33b6bd522598a3eb52e56c2a31bf58d811e26b952f

Download Submit
C:\Program Files (x86)\ClipGrab\ffmpeg.exe

Filesize
49.8MB

MD5
bf955dfb106a42076aed62fc99ae73d9

SHA1
026353b9f9a1d4fd365bdf0890a16c1d6f2a64c6

SHA256
e79d9b4bd7b0420b974eb58eb15d6f072ee939f98acc93314a4cc750c6b7099d

SHA512
c86c8027087fecc0317bfdd6db9bccdf6bd42fc1eac77da400cfefe7f9aed9bf06ed5817f2dad02e423e4f33b6bd522598a3eb52e56c2a31bf58d811e26b952f

Download Submit
C:\Program Files (x86)\ClipGrab\iconengines\qsvgicon.dll

Filesize
33KB

MD5
0a8e8b38e75ce6b65e31e93175717030

SHA1
2ebb52d5373feb5a137188d98645b87b03cd89dd

SHA256
06b1d5a15af5bdb413b9335a508084383a6db6a52b80773a5ca762d4d060ff2e

SHA512
ddc6e40a1c1c76a385bad06e9a653da6e8c2515292b2e0c6fb8e7fe005ccdbd2cd6c83c3f7960feb72862d89b10e20762ad6c142451e73afa5651f4eb725b8ad

Download Submit
C:\Program Files (x86)\ClipGrab\imageformats\qgif.dll

Filesize
30KB

MD5
bc3a9bedb27c0985e5b406715546b289

SHA1
b20ba051b0bc966649493f6bda675002000d0632

SHA256
16190622ddbb8c604233cc8f6ac97768fadc645aca3d6ec81f61149804cfe031

SHA512
64878b67f478fb2f205d781a9287723239d09303ef7fa0a1ecdd3f7dfa6017f06dfa3e924b7ff8078f8081d50e9dfe181e2e8e2f8741d703b5c099e5bdd9404a

Download Submit
C:\Program Files (x86)\ClipGrab\imageformats\qico.dll

Filesize
30KB

MD5
9dba627908eac32a713b1c6e897be3ec

SHA1
0eadaed43503e05aadee9695adf7e1c64b0379e7

SHA256
13a3cc5e68d4f5e5449c10e88476660d4d49a5e00eee8b942011a5ac49592eb6

SHA512
9041a82e0378a7ec9e289d46a49109d97e1e0fdb3d53a4ef650488dfcff9cbc7973eeb09f692c3d47347e2d79df48f47aad58d00b2fe31584216cb10648de552

Download Submit
C:\Program Files (x86)\ClipGrab\imageformats\qjpeg.dll

Filesize
361KB

MD5
cc91e7b735389b1e2d312606056065aa

SHA1
f82c4881f37b28e8da5c4732f0f02c87e178931d

SHA256
0247fc16049a322f34407ab5eef4870e24a033e8042d6271b4e8a6c7c6fe8bdf

SHA512
00ba39fdf121dc9f84fb24fd455c9459b9126b6efd2db2ee31866422f57eba3cb341ca8d5d172d3b32206794de2b498ef115f965ad5c55a669717439ba43ad4c

Download Submit
C:\Program Files (x86)\ClipGrab\imageformats\qsvg.dll

Filesize
26KB

MD5
c5891397f0c8daae3dc5f4f701980802

SHA1
8e2a1f1891036d59aaf068ff9cdd3ee1ba8638e2

SHA256
7b066fb4d52ae0f4dd05569a1049329fd17dd461675543443c924ca1be26aad7

SHA512
6827de90f1351505c301b414de464b291d2b1eeccb5694191de6a9d2233dfff6ade6165c4b8c43a523f3ea0b30ba67366d9e4419c6e359af42030c91f83e2635

Download Submit
C:\Program Files (x86)\ClipGrab\imageformats\qwbmp.dll

Filesize
24KB

MD5
da5c04a80b552b274a8e01729c65aff2

SHA1
c9f0ca9c3b0fd5cd3a420a8122f99bc74b802caf

SHA256
265626b75d68ecefe32d8edb228afce5a0ece33a7bf3b63497cea29b17e27eac

SHA512
e0e69a6406ccd2b3e382d01f9544a5124b305b5776c68df75983b330ca0615b424fe668b1c32a796990afab299c4caa6611dc134b825ee89088c8dd041313e90

Download Submit
C:\Program Files (x86)\ClipGrab\imageformats\qwebp.dll

Filesize
410KB

MD5
a3b4161c22f15fbc0d1d04b933a31537

SHA1
f11c6ef92c5355de26a0f1bb92b84118146f0fd0

SHA256
c71f62c2184960343299768f6c6e080a68e864e1db70c9816844afa53b4ca778

SHA512
47a9cec46ee86e2d9be5e7af4a56e78837af50300fef316cdf091ba1e3a93979d99ad481ce351bdd078b23113b9f6f242c70f9f1fa5dbc0c80e1a576a85bb061

Download Submit
C:\Program Files (x86)\ClipGrab\libEGL.DLL

Filesize
21KB

MD5
55813372944c5acaca0e38c22902a6e6

SHA1
8c3fbdcacecc971aac8823a52eb83082669220a3

SHA256
fc219ad27720cfb1b223d748c1b5bdd78886235f4254bfe8e0adaf168c7e9849

SHA512
73f504a1f7cda4082f370387304db701672d95409886362dd70f8599fc17a5b577d2b37dd8f012cecb6d6dffe4321906c2a07cdd7e12e2d31bb9df0fb2e97a7f

Download Submit
C:\Program Files (x86)\ClipGrab\libEGL.dll

Filesize
21KB

MD5
55813372944c5acaca0e38c22902a6e6

SHA1
8c3fbdcacecc971aac8823a52eb83082669220a3

SHA256
fc219ad27720cfb1b223d748c1b5bdd78886235f4254bfe8e0adaf168c7e9849

SHA512
73f504a1f7cda4082f370387304db701672d95409886362dd70f8599fc17a5b577d2b37dd8f012cecb6d6dffe4321906c2a07cdd7e12e2d31bb9df0fb2e97a7f

Download Submit
C:\Program Files (x86)\ClipGrab\libGLESV2.dll

Filesize
2.7MB

MD5
02c59344a65e9893d7d2d0d79b570429

SHA1
d07d73aab1beaeeef57c03330add64afa5f20160

SHA256
adba2649650fa580fb301b69a74aa4ad0b8796a6b35179ff0a938be510db1b7d

SHA512
222ffdb94f4df18d25e5d77cb76ff95c0704dbd696796880bdc7c23c930546435ac5060233f3be9a5b2c058a721c15ffc542b9ba84aafe28dfc77498037f21df

Download Submit
C:\Program Files (x86)\ClipGrab\libGLESv2.dll

Filesize
2.7MB

MD5
02c59344a65e9893d7d2d0d79b570429

SHA1
d07d73aab1beaeeef57c03330add64afa5f20160

SHA256
adba2649650fa580fb301b69a74aa4ad0b8796a6b35179ff0a938be510db1b7d

SHA512
222ffdb94f4df18d25e5d77cb76ff95c0704dbd696796880bdc7c23c930546435ac5060233f3be9a5b2c058a721c15ffc542b9ba84aafe28dfc77498037f21df

Download Submit
C:\Program Files (x86)\ClipGrab\libcrypto-1_1.dll

Filesize
2.4MB

MD5
c58b2589b88c5da34df20f737b7ac50c

SHA1
05ed6edafd5342b546fb5d5a6162695f11f5d4da

SHA256
49b26d14cf68a370de47f8f3724e46e61bff98aba7dd7b8a7c1f87e83bb44064

SHA512
4e2db4133fdb69dcc7a03201810b10cf9519dd7cdea8ff3fc496779d84556502cdb562d67f60a0503493705b622d1cb772fc9acb4935aa4fb6a6cbdf7b4b211f

Download Submit
C:\Program Files (x86)\ClipGrab\libcrypto-1_1.dll

Filesize
2.4MB

MD5
c58b2589b88c5da34df20f737b7ac50c

SHA1
05ed6edafd5342b546fb5d5a6162695f11f5d4da

SHA256
49b26d14cf68a370de47f8f3724e46e61bff98aba7dd7b8a7c1f87e83bb44064

SHA512
4e2db4133fdb69dcc7a03201810b10cf9519dd7cdea8ff3fc496779d84556502cdb562d67f60a0503493705b622d1cb772fc9acb4935aa4fb6a6cbdf7b4b211f

Download Submit
C:\Program Files (x86)\ClipGrab\libssl-1_1.dll

Filesize
518KB

MD5
6464921a380a4aca2966912286a07161

SHA1
bb5b62f6be640aa217c4193e283a1e58d0d0d815

SHA256
194473a59a69e72655015dc582f1e1db7476b598c07cd94839d500e0c7135265

SHA512
b73f4d8897efac5f7d2bc65f32d3d46e54b691c60828fa10605a46c872e3920fd78f17727ff5721fec89d53e6214f07e8002972fe65e502cb0522efc63599fd2

Download Submit
C:\Program Files (x86)\ClipGrab\libssl-1_1.dll

Filesize
518KB

MD5
6464921a380a4aca2966912286a07161

SHA1
bb5b62f6be640aa217c4193e283a1e58d0d0d815

SHA256
194473a59a69e72655015dc582f1e1db7476b598c07cd94839d500e0c7135265

SHA512
b73f4d8897efac5f7d2bc65f32d3d46e54b691c60828fa10605a46c872e3920fd78f17727ff5721fec89d53e6214f07e8002972fe65e502cb0522efc63599fd2

Download Submit
C:\Program Files (x86)\ClipGrab\platforms\qwindows.dll

Filesize
1.2MB

MD5
b190c721612ac9d169f8b3a8f8b48a29

SHA1
206442dd161e878f1a6f83f3ebdb9208b56abfff

SHA256
ccb562f817d7015c78da4098bc576e7eaf3df1ebd55afb58d75f12dace9c761f

SHA512
951bc91302fcb1a28b7093f6867b379a90188733cec329efedb465ae27ae1a526a2d5f997816b26ed123d2401a9aa2854d26a003a65318f50e3a695d7948f6b7

Download Submit
C:\Program Files (x86)\ClipGrab\platforms\qwindows.dll

Filesize
1.2MB

MD5
b190c721612ac9d169f8b3a8f8b48a29

SHA1
206442dd161e878f1a6f83f3ebdb9208b56abfff

SHA256
ccb562f817d7015c78da4098bc576e7eaf3df1ebd55afb58d75f12dace9c761f

SHA512
951bc91302fcb1a28b7093f6867b379a90188733cec329efedb465ae27ae1a526a2d5f997816b26ed123d2401a9aa2854d26a003a65318f50e3a695d7948f6b7

Download Submit
C:\Program Files (x86)\ClipGrab\python\python.exe

Filesize
95KB

MD5
083f4389a5cb405d0ab6a85952ea14f9

SHA1
ac1aad1677c95b9de407f517cbc9432943c7f432

SHA256
ca9f2a394ea9a7e0ee58cc39c7f2dceb4d539223dfbada1124a215921b0d767d

SHA512
7e7a71b7ca969008d2718a43862504e747644617bd27f64fb21228c6a0d8aa5f75bebab7827b0d2fe88d3d04ea22eaf0799d6635f1b1609b946440cd4dcd040d

Download Submit
C:\Program Files (x86)\ClipGrab\styles\qwindowsvistastyle.dll

Filesize
125KB

MD5
c1cc204987a532be5e7f22b2bec82815

SHA1
03ea72517453ab137c3b85194cbf8bf08c05d032

SHA256
f08b95bac860f6292342e5e2e3e506a603cd8d7f4a0e4a1b5d8fafa7c30cd65d

SHA512
684d653a777361d732b7383a7b699809e8c1e74bb04eff2b74a92ec860c305290014f5627eb56597ea1f3d1d5ed0e4167c0c62778e176d2d8615fe07404290af

Download Submit
C:\Program Files (x86)\ClipGrab\styles\qwindowsvistastyle.dll

Filesize
125KB

MD5
c1cc204987a532be5e7f22b2bec82815

SHA1
03ea72517453ab137c3b85194cbf8bf08c05d032

SHA256
f08b95bac860f6292342e5e2e3e506a603cd8d7f4a0e4a1b5d8fafa7c30cd65d

SHA512
684d653a777361d732b7383a7b699809e8c1e74bb04eff2b74a92ec860c305290014f5627eb56597ea1f3d1d5ed0e4167c0c62778e176d2d8615fe07404290af

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AUBB2.tmp\clipgrab-3.9.7-dotinstaller.tmp

Filesize
3.2MB

MD5
aadc16c8ad4312196df3aa1d9f6386d3

SHA1
ff4d78923e0d957e6a66b3c06efecc435c396c7a

SHA256
04fade43204ecbbb378114a023b3db4a3aebe8258ff3b3846156e80a9c5cf4a3

SHA512
51621ec71d530d75e4a537381edf03bc48b234dd861547c950573febf5709a1716ee797368854512edf1950a4e1f4f8bbe292417a0dd238600338a39e2454e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-POPK3.tmp\clipgrab-3.9.7-portable.tmp

Filesize
2.5MB

MD5
ae7b203e80eaa5afb50768049bb3de50

SHA1
cc0b5d64c2af21a3b24e167352df8ae93acd30d3

SHA256
ffe5d85efc5b75b4c99b07f5819d1fb3b9b1b42e67c903ef86f013bdedad7112

SHA512
a94cc199a4fa8a67496169de972bef84dd0e411502c5f74438ec0e7d18626ef3278d9c3aae1b0d025776849dbed5ec8e06d714b4bd48a43e48e2a167f7d52748

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-POPK3.tmp\clipgrab-3.9.7-portable.tmp

Filesize
2.5MB

MD5
ae7b203e80eaa5afb50768049bb3de50

SHA1
cc0b5d64c2af21a3b24e167352df8ae93acd30d3

SHA256
ffe5d85efc5b75b4c99b07f5819d1fb3b9b1b42e67c903ef86f013bdedad7112

SHA512
a94cc199a4fa8a67496169de972bef84dd0e411502c5f74438ec0e7d18626ef3278d9c3aae1b0d025776849dbed5ec8e06d714b4bd48a43e48e2a167f7d52748

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\clipgrab-3.9.7-portable.exe

Filesize
70.3MB

MD5
962d6f9e7331b8f3eb2fa4acb15f5f61

SHA1
2e1a7e9ec7159e564814a599657d42dc01ef9858

SHA256
0ae8656f4c65673d75544cff54721cbfc586edd6e8b4b2a2070930684920411e

SHA512
f8721fc68703d6a6ab9188bce1d64774447f02f378dd4b4d267f7fb4b01d42c4520feede2855ab426d92dfc538a1d272d7a88e65871015a95654c3d8f321d3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\clipgrab-3.9.7-portable.exe

Filesize
70.3MB

MD5
962d6f9e7331b8f3eb2fa4acb15f5f61

SHA1
2e1a7e9ec7159e564814a599657d42dc01ef9858

SHA256
0ae8656f4c65673d75544cff54721cbfc586edd6e8b4b2a2070930684920411e

SHA512
f8721fc68703d6a6ab9188bce1d64774447f02f378dd4b4d267f7fb4b01d42c4520feede2855ab426d92dfc538a1d272d7a88e65871015a95654c3d8f321d3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\finish.png

Filesize
2KB

MD5
7afaf9e0e99fd80fa1023a77524f5587

SHA1
e20c9c27691810b388c73d2ca3e67e109c2b69b6

SHA256
760b70612bb9bd967c2d15a5133a50ccce8c0bd46a6464d76875298dcc45dea0

SHA512
a090626e7b7f67fb5aa207aae0cf65c3a27e1b85e22c9728eee7475bd9bb7375ca93baaecc662473f9a427b4f505d55f2c61ba36bda460e4e6947fe22eedb044

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\loader.gif

Filesize
10KB

MD5
f23a523b82ad9103a9ac1dcc33eca72f

SHA1
5363bb6b51923441ef56638576307cc252f05a71

SHA256
59853c413b0813ded6f1e557959768d6662f010f49884d36b62c13038fac739c

SHA512
514ec63f7ed80d0708f7e2355fad8a558b4dcf2d0122ff98fe7c3ca1f40e7cd04e8869ca7a3b95622c0848c0d99306d7e791b86ca69b9e240beae959ca6285be

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\logo.png

Filesize
9KB

MD5
2c050a55ade91ca10c94c41fdceaa8cb

SHA1
178fd0ee1c184fe681d89bff0ff8b89392723a67

SHA256
43262c9cc6328d67007b97a8eb36c924d05d45a383349e61b067f35677e1ad6e

SHA512
425825cbe2a417f10832c37fc0e571ca3e3f9b940f93f9f8ec8fcff2df896a52ff753386c30e03836d588b6bf355323dbea2e3a0cbf756f8f3c7065335cbfeac

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PTMNP.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
e1f18a22199c6f6aa5d87b24e5b39ef1

SHA1
0dcd8f90b575f6f1d10d6789fe769fa26daafd0e

SHA256
62c56c8cf2ac6521ce047b73aa99b6d3952ca53f11d34b00e98d17674a2fc10d

SHA512
5a10a2f096adce6e7db3a40bc3ea3fd44d602966e606706ee5a780703f211de7f77656c79c296390baee1e008dc3ce327eaaf5d78bbae20108670c5bc809a190

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-S76EA.tmp\vc_redist.x86.exe

Filesize
14.0MB

MD5
310f8aadd8055f8b8eba1a6528be7d10

SHA1
3ee9622151e4b50837fcdfac1b085430f0181f4e

SHA256
54ad46ae80984aa48cae6361213692c96b3639e322730d28c7fb93b183c761da

SHA512
2872a30939f7ee20b494806574cf5b8b5a0976f8fe69bdbd77dde2483ce2a9e5458ff3636147e49a449e941a44ca2d79239e3da62fddb69fc5bced8ee1004ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-S76EA.tmp\vc_redist.x86.exe

Filesize
14.0MB

MD5
310f8aadd8055f8b8eba1a6528be7d10

SHA1
3ee9622151e4b50837fcdfac1b085430f0181f4e

SHA256
54ad46ae80984aa48cae6361213692c96b3639e322730d28c7fb93b183c761da

SHA512
2872a30939f7ee20b494806574cf5b8b5a0976f8fe69bdbd77dde2483ce2a9e5458ff3636147e49a449e941a44ca2d79239e3da62fddb69fc5bced8ee1004ee5

Download Submit
C:\Windows\Temp\{220E9F20-EF5C-4996-9575-FDC7B7CAA2BE}\.ba\1055\license.rtf

Filesize
177KB

MD5
f1a281f74d3e91d16dd26d1f313cd8a9

SHA1
ddb2ca9032c5a9c091eac53b679f6ba428077b00

SHA256
f79108a254f876e0f6bbcb05a9effbe25dc252e7ea256bfe3fd28ceb79737f25

SHA512
484c5ca26275427e1fb74d3217a22a0e4aac409aba973e78d7ad68834e7ad1d86c7855d34b227925200f941d288dfc09477b2d7dfe0856810c6c847297b8d625

Download Submit
C:\Windows\Temp\{220E9F20-EF5C-4996-9575-FDC7B7CAA2BE}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{220E9F20-EF5C-4996-9575-FDC7B7CAA2BE}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{F9107BE8-AC93-4C84-9C0E-A6E7A9A0717B}\.cr\vc_redist.x86.exe

Filesize
881KB

MD5
9df0848b2753e9255f1a6b4cdc9a5a3e

SHA1
051469cd9e786b720ef6b70c35a1e184a643f520

SHA256
59089badd61acb47a07748c9018d3a959cf58f07de9902b0c45dffae3e566090

SHA512
518a78e77515b2fb21c5f66a760473a1f8ab5050e9bc65a4715ab178e568079f11f65fc173db59dd021b69fe0b606c42e50bf5f09a34ba2009a7b71e88033452

Download Submit
C:\Windows\Temp\{F9107BE8-AC93-4C84-9C0E-A6E7A9A0717B}\.cr\vc_redist.x86.exe

Filesize
881KB

MD5
9df0848b2753e9255f1a6b4cdc9a5a3e

SHA1
051469cd9e786b720ef6b70c35a1e184a643f520

SHA256
59089badd61acb47a07748c9018d3a959cf58f07de9902b0c45dffae3e566090

SHA512
518a78e77515b2fb21c5f66a760473a1f8ab5050e9bc65a4715ab178e568079f11f65fc173db59dd021b69fe0b606c42e50bf5f09a34ba2009a7b71e88033452

Download Submit
memory/1824-436-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1824-184-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/1824-174-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/3324-133-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/3324-152-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/3324-502-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/3980-501-0x0000000000D90000-0x00000000049EC000-memory.dmp

Filesize
60.4MB

Download
memory/4056-497-0x0000000000D90000-0x00000000049EC000-memory.dmp

Filesize
60.4MB

Download
memory/4612-229-0x0000000000400000-0x0000000000685000-memory.dmp

Filesize
2.5MB

Download
memory/4612-435-0x0000000000400000-0x0000000000685000-memory.dmp

Filesize
2.5MB

Download
memory/4612-185-0x0000000000940000-0x0000000000941000-memory.dmp

Filesize
4KB

Download
memory/5064-166-0x00000000064B0000-0x00000000064BF000-memory.dmp

Filesize
60KB

Download
memory/5064-177-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/5064-498-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/5064-167-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/5064-158-0x00000000064B0000-0x00000000064BF000-memory.dmp

Filesize
60KB

Download
memory/5064-442-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/5064-138-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/5064-443-0x00000000064B0000-0x00000000064BF000-memory.dmp

Filesize
60KB

Download
memory/5064-165-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download