f980e92af3341650819ca6c985294ebe0aa78d38bdfe249536d7ec7f2efc6ecf

Analysis

max time kernel
141s
max time network
131s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28-08-2023 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

clipgrab-3.9.7-dotinstaller.exe
Size

2.8MB
MD5

0f29445baa824f6729cbda3d90b15cec
SHA1

572195b4193529d842653e678eeec7dc3544ee2f
SHA256

f980e92af3341650819ca6c985294ebe0aa78d38bdfe249536d7ec7f2efc6ecf
SHA512

a05bb0cb18d3c7e0ce5795397beeaee90078c272afccf5211d911eae4bc39078bed7da22c528e77ed4daea1c1b4e736c2f361cdb6e525e4132ba4793e433cc81
SSDEEP

49152:9qe3f6PUk/4g+H98AHaCfu6rtWBu1SSmqOIzDamifOL9T9vEXv:MSiPUk/XE9vBugtL1SNaRLh9vEXv

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
2900	clipgrab-3.9.7-dotinstaller.tmp
2360	clipgrab-3.9.7-portable.exe
1404	clipgrab-3.9.7-portable.tmp
2956	vc_redist.x86.exe
2852	vc_redist.x86.exe

Loads dropped DLL 11 IoCs

pid	Process
2800	clipgrab-3.9.7-dotinstaller.exe
2900	clipgrab-3.9.7-dotinstaller.tmp
2900	clipgrab-3.9.7-dotinstaller.tmp
2900	clipgrab-3.9.7-dotinstaller.tmp
2360	clipgrab-3.9.7-portable.exe
1404	clipgrab-3.9.7-portable.tmp
1404	clipgrab-3.9.7-portable.tmp
1404	clipgrab-3.9.7-portable.tmp
1404	clipgrab-3.9.7-portable.tmp
2956	vc_redist.x86.exe
2852	vc_redist.x86.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Gui.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\libcrypto-1_1.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-70OHB.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-INSR4.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-JJV2K.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-G961P.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\python\libssl-1_1.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\imageformats\is-LU5FI.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-7TMAM.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\ffmpeg.exe	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-KT8JM.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-581VD.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-GJPNK.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\resources\is-BMOH5.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\imageformats\is-8LSH2.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\imageformats\qgif.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-CTKPP.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-8E3O3.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\unins000.dat	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-UK1F8.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\python\python37.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\imageformats\qwebp.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\resources\is-8P219.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-1UAH0.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-K472T.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\platforms\qwindows.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-0PFQR.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-GKB51.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\position\qtposition_positionpoll.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\resources\is-MJNDO.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-67682.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-6Q1DT.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-08414.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Svg.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\iconengines\qsvgicon.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-2O5J5.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\imageformats\is-EDF78.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\iconengines\is-K9S3A.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\libEGL.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5WebEngineCore.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-4ETB2.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-P79KS.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\position\is-7T841.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\imageformats\qico.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Positioning.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Widgets.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-NAVAI.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-ITCMP.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-5KMV4.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\imageformats\is-BK0DN.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5WebEngineWidgets.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5QuickWidgets.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\libssl-1_1.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5SerialPort.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-S7K8Q.tmp	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\python\is-7JIIE.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\opengl32sw.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5PrintSupport.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\QtWebEngineProcess.exe	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\position\qtposition_winrt.dll	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5Network.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-62ENP.tmp	clipgrab-3.9.7-portable.tmp
File opened for modification	C:\Program Files (x86)\ClipGrab\Qt5WebChannel.dll	clipgrab-3.9.7-portable.tmp
File created	C:\Program Files (x86)\ClipGrab\is-S27H8.tmp	clipgrab-3.9.7-portable.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	clipgrab-3.9.7-dotinstaller.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	clipgrab-3.9.7-dotinstaller.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	clipgrab-3.9.7-dotinstaller.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	clipgrab-3.9.7-dotinstaller.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	clipgrab-3.9.7-dotinstaller.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	clipgrab-3.9.7-dotinstaller.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	clipgrab-3.9.7-dotinstaller.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	clipgrab-3.9.7-dotinstaller.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2900	clipgrab-3.9.7-dotinstaller.tmp
2900	clipgrab-3.9.7-dotinstaller.tmp
2900	clipgrab-3.9.7-dotinstaller.tmp
2900	clipgrab-3.9.7-dotinstaller.tmp
2900	clipgrab-3.9.7-dotinstaller.tmp
2900	clipgrab-3.9.7-dotinstaller.tmp
2900	clipgrab-3.9.7-dotinstaller.tmp
1404	clipgrab-3.9.7-portable.tmp
1404	clipgrab-3.9.7-portable.tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2900	clipgrab-3.9.7-dotinstaller.tmp
1404	clipgrab-3.9.7-portable.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2900	clipgrab-3.9.7-dotinstaller.tmp

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2900	2800	clipgrab-3.9.7-dotinstaller.exe	28
PID 2800 wrote to memory of 2900	2800	clipgrab-3.9.7-dotinstaller.exe	28
PID 2800 wrote to memory of 2900	2800	clipgrab-3.9.7-dotinstaller.exe	28
PID 2800 wrote to memory of 2900	2800	clipgrab-3.9.7-dotinstaller.exe	28
PID 2800 wrote to memory of 2900	2800	clipgrab-3.9.7-dotinstaller.exe	28
PID 2800 wrote to memory of 2900	2800	clipgrab-3.9.7-dotinstaller.exe	28
PID 2800 wrote to memory of 2900	2800	clipgrab-3.9.7-dotinstaller.exe	28
PID 2900 wrote to memory of 2360	2900	clipgrab-3.9.7-dotinstaller.tmp	31
PID 2900 wrote to memory of 2360	2900	clipgrab-3.9.7-dotinstaller.tmp	31
PID 2900 wrote to memory of 2360	2900	clipgrab-3.9.7-dotinstaller.tmp	31
PID 2900 wrote to memory of 2360	2900	clipgrab-3.9.7-dotinstaller.tmp	31
PID 2900 wrote to memory of 2360	2900	clipgrab-3.9.7-dotinstaller.tmp	31
PID 2900 wrote to memory of 2360	2900	clipgrab-3.9.7-dotinstaller.tmp	31
PID 2900 wrote to memory of 2360	2900	clipgrab-3.9.7-dotinstaller.tmp	31
PID 2360 wrote to memory of 1404	2360	clipgrab-3.9.7-portable.exe	32
PID 2360 wrote to memory of 1404	2360	clipgrab-3.9.7-portable.exe	32
PID 2360 wrote to memory of 1404	2360	clipgrab-3.9.7-portable.exe	32
PID 2360 wrote to memory of 1404	2360	clipgrab-3.9.7-portable.exe	32
PID 2360 wrote to memory of 1404	2360	clipgrab-3.9.7-portable.exe	32
PID 2360 wrote to memory of 1404	2360	clipgrab-3.9.7-portable.exe	32
PID 2360 wrote to memory of 1404	2360	clipgrab-3.9.7-portable.exe	32
PID 1404 wrote to memory of 2956	1404	clipgrab-3.9.7-portable.tmp	33
PID 1404 wrote to memory of 2956	1404	clipgrab-3.9.7-portable.tmp	33
PID 1404 wrote to memory of 2956	1404	clipgrab-3.9.7-portable.tmp	33
PID 1404 wrote to memory of 2956	1404	clipgrab-3.9.7-portable.tmp	33
PID 1404 wrote to memory of 2956	1404	clipgrab-3.9.7-portable.tmp	33
PID 1404 wrote to memory of 2956	1404	clipgrab-3.9.7-portable.tmp	33
PID 1404 wrote to memory of 2956	1404	clipgrab-3.9.7-portable.tmp	33
PID 2956 wrote to memory of 2852	2956	vc_redist.x86.exe	35
PID 2956 wrote to memory of 2852	2956	vc_redist.x86.exe	35
PID 2956 wrote to memory of 2852	2956	vc_redist.x86.exe	35
PID 2956 wrote to memory of 2852	2956	vc_redist.x86.exe	35
PID 2956 wrote to memory of 2852	2956	vc_redist.x86.exe	35
PID 2956 wrote to memory of 2852	2956	vc_redist.x86.exe	35
PID 2956 wrote to memory of 2852	2956	vc_redist.x86.exe	35

C:\Users\Admin\AppData\Local\Temp\clipgrab-3.9.7-dotinstaller.exe
"C:\Users\Admin\AppData\Local\Temp\clipgrab-3.9.7-dotinstaller.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Users\Admin\AppData\Local\Temp\is-RE3M3.tmp\clipgrab-3.9.7-dotinstaller.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RE3M3.tmp\clipgrab-3.9.7-dotinstaller.tmp" /SL5="$80124,1907617,1111552,C:\Users\Admin\AppData\Local\Temp\clipgrab-3.9.7-dotinstaller.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\clipgrab-3.9.7-portable.exe
    "C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\clipgrab-3.9.7-portable.exe" /VERYSILENT
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\is-IJPT1.tmp\clipgrab-3.9.7-portable.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-IJPT1.tmp\clipgrab-3.9.7-portable.tmp" /SL5="$60184,72952445,791040,C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\clipgrab-3.9.7-portable.exe" /VERYSILENT
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\is-6G3NS.tmp\vc_redist.x86.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-6G3NS.tmp\vc_redist.x86.exe" /install /passive /silent /norestart
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2956
      - C:\Windows\Temp\{5A2C766E-96F2-40E4-9D10-F94BFFD58E87}\.cr\vc_redist.x86.exe
        
        "C:\Windows\Temp\{5A2C766E-96F2-40E4-9D10-F94BFFD58E87}\.cr\vc_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-6G3NS.tmp\vc_redist.x86.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /passive /silent /norestart
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ClipGrab\clipgrab.exe

Filesize
1.1MB

MD5
57cdd2bc92aee7d3d213561188e565d4

SHA1
fb34ba0178b5764b6ccc9d228796196ee172980e

SHA256
10770da581cc85d55a286d42a0428accafe6c7910bc640cc4264da7fb26dafa4

SHA512
ac00f5021cbc34b7ca160364cdde0a404353d8fc9e6a46866884268880c7b753e91741c48b413d6f7a5ff28a4e3d98bd7485550b46009a7c5b42dd0a877f3856

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f64be1828fb2eb7535863cfaada899c

SHA1
cdf5cd99c632400cd21ed2ac83f558849b5cd8cc

SHA256
b4a14d272a9b5f9f9e43e76fc30fe837e4b4de97d1bc5377dec1ed3688943470

SHA512
5bb31db789704f3526f36d0390ee3b2ed3e199c5f3a1154ee309ba5515788b5d50760bb4d4f3f3e82688056590a0cc91fe4e2a3bf75da1a9c6b0719849dd2e60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar994A.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6G3NS.tmp\vc_redist.x86.exe

Filesize
14.0MB

MD5
310f8aadd8055f8b8eba1a6528be7d10

SHA1
3ee9622151e4b50837fcdfac1b085430f0181f4e

SHA256
54ad46ae80984aa48cae6361213692c96b3639e322730d28c7fb93b183c761da

SHA512
2872a30939f7ee20b494806574cf5b8b5a0976f8fe69bdbd77dde2483ce2a9e5458ff3636147e49a449e941a44ca2d79239e3da62fddb69fc5bced8ee1004ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6G3NS.tmp\vc_redist.x86.exe

Filesize
14.0MB

MD5
310f8aadd8055f8b8eba1a6528be7d10

SHA1
3ee9622151e4b50837fcdfac1b085430f0181f4e

SHA256
54ad46ae80984aa48cae6361213692c96b3639e322730d28c7fb93b183c761da

SHA512
2872a30939f7ee20b494806574cf5b8b5a0976f8fe69bdbd77dde2483ce2a9e5458ff3636147e49a449e941a44ca2d79239e3da62fddb69fc5bced8ee1004ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\AVG_AV.png

Filesize
114KB

MD5
5ef5291810c454a35f76d976105f37cc

SHA1
8ce0cc65ae1786cef1c545d40d081eda13239fa6

SHA256
03e69e8c87732c625df2f628ac63bd145268f9dea9c5f3dd3670b1cf349a995c

SHA512
3bec461bb3cbbbdb3c05171fcc5ab7e648b2b60d7b811261662f14d35c3836148b14cda1a3f2be127c89cc732de8cf1644d2e55e049eeeb2da8e397c58cc919e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\WebAdvisor.png

Filesize
47KB

MD5
4cfff8dc30d353cd3d215fd3a5dbac24

SHA1
0f4f73f0dddc75f3506e026ef53c45c6fafbc87e

SHA256
0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856

SHA512
9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\clipgrab-3.9.7-portable.exe

Filesize
70.3MB

MD5
962d6f9e7331b8f3eb2fa4acb15f5f61

SHA1
2e1a7e9ec7159e564814a599657d42dc01ef9858

SHA256
0ae8656f4c65673d75544cff54721cbfc586edd6e8b4b2a2070930684920411e

SHA512
f8721fc68703d6a6ab9188bce1d64774447f02f378dd4b4d267f7fb4b01d42c4520feede2855ab426d92dfc538a1d272d7a88e65871015a95654c3d8f321d3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\clipgrab-3.9.7-portable.exe

Filesize
70.3MB

MD5
962d6f9e7331b8f3eb2fa4acb15f5f61

SHA1
2e1a7e9ec7159e564814a599657d42dc01ef9858

SHA256
0ae8656f4c65673d75544cff54721cbfc586edd6e8b4b2a2070930684920411e

SHA512
f8721fc68703d6a6ab9188bce1d64774447f02f378dd4b4d267f7fb4b01d42c4520feede2855ab426d92dfc538a1d272d7a88e65871015a95654c3d8f321d3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\clipgrab-3.9.7-portable.exe

Filesize
70.3MB

MD5
962d6f9e7331b8f3eb2fa4acb15f5f61

SHA1
2e1a7e9ec7159e564814a599657d42dc01ef9858

SHA256
0ae8656f4c65673d75544cff54721cbfc586edd6e8b4b2a2070930684920411e

SHA512
f8721fc68703d6a6ab9188bce1d64774447f02f378dd4b4d267f7fb4b01d42c4520feede2855ab426d92dfc538a1d272d7a88e65871015a95654c3d8f321d3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\loader.gif

Filesize
10KB

MD5
f23a523b82ad9103a9ac1dcc33eca72f

SHA1
5363bb6b51923441ef56638576307cc252f05a71

SHA256
59853c413b0813ded6f1e557959768d6662f010f49884d36b62c13038fac739c

SHA512
514ec63f7ed80d0708f7e2355fad8a558b4dcf2d0122ff98fe7c3ca1f40e7cd04e8869ca7a3b95622c0848c0d99306d7e791b86ca69b9e240beae959ca6285be

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\logo.png

Filesize
9KB

MD5
2c050a55ade91ca10c94c41fdceaa8cb

SHA1
178fd0ee1c184fe681d89bff0ff8b89392723a67

SHA256
43262c9cc6328d67007b97a8eb36c924d05d45a383349e61b067f35677e1ad6e

SHA512
425825cbe2a417f10832c37fc0e571ca3e3f9b940f93f9f8ec8fcff2df896a52ff753386c30e03836d588b6bf355323dbea2e3a0cbf756f8f3c7065335cbfeac

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\prod0.zip

Filesize
499KB

MD5
cd9c77bc5840af008799985f397fe1c3

SHA1
9b526687a23b737cc9468570fa17378109e94071

SHA256
26d7704b540df18e2bccd224df677061ffb9f03cab5b3c191055a84bf43a9085

SHA512
de82bd3cbfb66a2ea0cc79e19407b569355ac43bf37eecf15c9ec0693df31ee480ee0be8e7e11cc3136c2df9e7ef775bf9918fe478967eee14304343042a7872

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IJPT1.tmp\clipgrab-3.9.7-portable.tmp

Filesize
2.5MB

MD5
ae7b203e80eaa5afb50768049bb3de50

SHA1
cc0b5d64c2af21a3b24e167352df8ae93acd30d3

SHA256
ffe5d85efc5b75b4c99b07f5819d1fb3b9b1b42e67c903ef86f013bdedad7112

SHA512
a94cc199a4fa8a67496169de972bef84dd0e411502c5f74438ec0e7d18626ef3278d9c3aae1b0d025776849dbed5ec8e06d714b4bd48a43e48e2a167f7d52748

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IJPT1.tmp\clipgrab-3.9.7-portable.tmp

Filesize
2.5MB

MD5
ae7b203e80eaa5afb50768049bb3de50

SHA1
cc0b5d64c2af21a3b24e167352df8ae93acd30d3

SHA256
ffe5d85efc5b75b4c99b07f5819d1fb3b9b1b42e67c903ef86f013bdedad7112

SHA512
a94cc199a4fa8a67496169de972bef84dd0e411502c5f74438ec0e7d18626ef3278d9c3aae1b0d025776849dbed5ec8e06d714b4bd48a43e48e2a167f7d52748

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RE3M3.tmp\clipgrab-3.9.7-dotinstaller.tmp

Filesize
3.2MB

MD5
aadc16c8ad4312196df3aa1d9f6386d3

SHA1
ff4d78923e0d957e6a66b3c06efecc435c396c7a

SHA256
04fade43204ecbbb378114a023b3db4a3aebe8258ff3b3846156e80a9c5cf4a3

SHA512
51621ec71d530d75e4a537381edf03bc48b234dd861547c950573febf5709a1716ee797368854512edf1950a4e1f4f8bbe292417a0dd238600338a39e2454e04

Download Submit
C:\Windows\Temp\{5A2C766E-96F2-40E4-9D10-F94BFFD58E87}\.cr\vc_redist.x86.exe

Filesize
881KB

MD5
9df0848b2753e9255f1a6b4cdc9a5a3e

SHA1
051469cd9e786b720ef6b70c35a1e184a643f520

SHA256
59089badd61acb47a07748c9018d3a959cf58f07de9902b0c45dffae3e566090

SHA512
518a78e77515b2fb21c5f66a760473a1f8ab5050e9bc65a4715ab178e568079f11f65fc173db59dd021b69fe0b606c42e50bf5f09a34ba2009a7b71e88033452

Download Submit
C:\Windows\Temp\{5A2C766E-96F2-40E4-9D10-F94BFFD58E87}\.cr\vc_redist.x86.exe

Filesize
881KB

MD5
9df0848b2753e9255f1a6b4cdc9a5a3e

SHA1
051469cd9e786b720ef6b70c35a1e184a643f520

SHA256
59089badd61acb47a07748c9018d3a959cf58f07de9902b0c45dffae3e566090

SHA512
518a78e77515b2fb21c5f66a760473a1f8ab5050e9bc65a4715ab178e568079f11f65fc173db59dd021b69fe0b606c42e50bf5f09a34ba2009a7b71e88033452

Download Submit
C:\Windows\Temp\{92B61690-4576-45CC-8B3A-A95E20072B1F}\.ba\1055\license.rtf

Filesize
177KB

MD5
f1a281f74d3e91d16dd26d1f313cd8a9

SHA1
ddb2ca9032c5a9c091eac53b679f6ba428077b00

SHA256
f79108a254f876e0f6bbcb05a9effbe25dc252e7ea256bfe3fd28ceb79737f25

SHA512
484c5ca26275427e1fb74d3217a22a0e4aac409aba973e78d7ad68834e7ad1d86c7855d34b227925200f941d288dfc09477b2d7dfe0856810c6c847297b8d625

Download Submit
C:\Windows\Temp\{92B61690-4576-45CC-8B3A-A95E20072B1F}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
\Program Files (x86)\ClipGrab\clipgrab.exe

Filesize
1.1MB

MD5
57cdd2bc92aee7d3d213561188e565d4

SHA1
fb34ba0178b5764b6ccc9d228796196ee172980e

SHA256
10770da581cc85d55a286d42a0428accafe6c7910bc640cc4264da7fb26dafa4

SHA512
ac00f5021cbc34b7ca160364cdde0a404353d8fc9e6a46866884268880c7b753e91741c48b413d6f7a5ff28a4e3d98bd7485550b46009a7c5b42dd0a877f3856

Download Submit
\Program Files (x86)\ClipGrab\clipgrab.exe

Filesize
1.1MB

MD5
57cdd2bc92aee7d3d213561188e565d4

SHA1
fb34ba0178b5764b6ccc9d228796196ee172980e

SHA256
10770da581cc85d55a286d42a0428accafe6c7910bc640cc4264da7fb26dafa4

SHA512
ac00f5021cbc34b7ca160364cdde0a404353d8fc9e6a46866884268880c7b753e91741c48b413d6f7a5ff28a4e3d98bd7485550b46009a7c5b42dd0a877f3856

Download Submit
\Program Files (x86)\ClipGrab\unins000.exe

Filesize
2.5MB

MD5
713651dc6a72f22021036563f4bfb3b9

SHA1
a09bead30eaa159688bef41f86b5843e61b65f28

SHA256
69605ea2bb1301ab9dc8b17523a013de325d02f5b35d47ab6cc0fb9a3855ca07

SHA512
c66749b235273cb6872a7938ae55c4aaa809297aaa0e4c063b542690b4485e6f20fe5ac2da92068a926ec3beace10361c6868815e9fe0ac33fcfbf3b2138dc91

Download Submit
\Users\Admin\AppData\Local\Temp\is-6G3NS.tmp\vc_redist.x86.exe

Filesize
14.0MB

MD5
310f8aadd8055f8b8eba1a6528be7d10

SHA1
3ee9622151e4b50837fcdfac1b085430f0181f4e

SHA256
54ad46ae80984aa48cae6361213692c96b3639e322730d28c7fb93b183c761da

SHA512
2872a30939f7ee20b494806574cf5b8b5a0976f8fe69bdbd77dde2483ce2a9e5458ff3636147e49a449e941a44ca2d79239e3da62fddb69fc5bced8ee1004ee5

Download Submit
\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\clipgrab-3.9.7-portable.exe

Filesize
70.3MB

MD5
962d6f9e7331b8f3eb2fa4acb15f5f61

SHA1
2e1a7e9ec7159e564814a599657d42dc01ef9858

SHA256
0ae8656f4c65673d75544cff54721cbfc586edd6e8b4b2a2070930684920411e

SHA512
f8721fc68703d6a6ab9188bce1d64774447f02f378dd4b4d267f7fb4b01d42c4520feede2855ab426d92dfc538a1d272d7a88e65871015a95654c3d8f321d3be

Download Submit
\Users\Admin\AppData\Local\Temp\is-DCIB8.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
e1f18a22199c6f6aa5d87b24e5b39ef1

SHA1
0dcd8f90b575f6f1d10d6789fe769fa26daafd0e

SHA256
62c56c8cf2ac6521ce047b73aa99b6d3952ca53f11d34b00e98d17674a2fc10d

SHA512
5a10a2f096adce6e7db3a40bc3ea3fd44d602966e606706ee5a780703f211de7f77656c79c296390baee1e008dc3ce327eaaf5d78bbae20108670c5bc809a190

Download Submit
\Users\Admin\AppData\Local\Temp\is-IJPT1.tmp\clipgrab-3.9.7-portable.tmp

Filesize
2.5MB

MD5
ae7b203e80eaa5afb50768049bb3de50

SHA1
cc0b5d64c2af21a3b24e167352df8ae93acd30d3

SHA256
ffe5d85efc5b75b4c99b07f5819d1fb3b9b1b42e67c903ef86f013bdedad7112

SHA512
a94cc199a4fa8a67496169de972bef84dd0e411502c5f74438ec0e7d18626ef3278d9c3aae1b0d025776849dbed5ec8e06d714b4bd48a43e48e2a167f7d52748

Download Submit
\Users\Admin\AppData\Local\Temp\is-RE3M3.tmp\clipgrab-3.9.7-dotinstaller.tmp

Filesize
3.2MB

MD5
aadc16c8ad4312196df3aa1d9f6386d3

SHA1
ff4d78923e0d957e6a66b3c06efecc435c396c7a

SHA256
04fade43204ecbbb378114a023b3db4a3aebe8258ff3b3846156e80a9c5cf4a3

SHA512
51621ec71d530d75e4a537381edf03bc48b234dd861547c950573febf5709a1716ee797368854512edf1950a4e1f4f8bbe292417a0dd238600338a39e2454e04

Download Submit
\Windows\Temp\{5A2C766E-96F2-40E4-9D10-F94BFFD58E87}\.cr\vc_redist.x86.exe

Filesize
881KB

MD5
9df0848b2753e9255f1a6b4cdc9a5a3e

SHA1
051469cd9e786b720ef6b70c35a1e184a643f520

SHA256
59089badd61acb47a07748c9018d3a959cf58f07de9902b0c45dffae3e566090

SHA512
518a78e77515b2fb21c5f66a760473a1f8ab5050e9bc65a4715ab178e568079f11f65fc173db59dd021b69fe0b606c42e50bf5f09a34ba2009a7b71e88033452

Download Submit
\Windows\Temp\{92B61690-4576-45CC-8B3A-A95E20072B1F}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
memory/1404-220-0x0000000000400000-0x0000000000685000-memory.dmp

Filesize
2.5MB

Download
memory/1404-471-0x0000000000400000-0x0000000000685000-memory.dmp

Filesize
2.5MB

Download
memory/1404-259-0x0000000000400000-0x0000000000685000-memory.dmp

Filesize
2.5MB

Download
memory/1404-214-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2360-217-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/2360-472-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/2360-201-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/2360-198-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/2800-1-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/2800-154-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/2900-8-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2900-186-0x0000000003430000-0x000000000343F000-memory.dmp

Filesize
60KB

Download
memory/2900-185-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/2900-156-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2900-173-0x0000000003430000-0x000000000343F000-memory.dmp

Filesize
60KB

Download
memory/2900-172-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/2900-155-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/2900-208-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/2900-164-0x0000000003430000-0x000000000343F000-memory.dmp

Filesize
60KB

Download
memory/2900-494-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download
memory/2900-497-0x0000000000400000-0x000000000073F000-memory.dmp

Filesize
3.2MB

Download