Malware Analysis Report

2024-09-22 16:43

Sample ID 240130-1svbaaeffn
Target ClipPlusCommunitySetup.zip
SHA256 91a2438e2f0b0572836b4e501bb22141c6908746b3891a41401a7276a03c1030
Tags
babadeda crypter loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

91a2438e2f0b0572836b4e501bb22141c6908746b3891a41401a7276a03c1030

Threat Level: Known bad

The file ClipPlusCommunitySetup.zip was found to be: Known bad.

Malicious Activity Summary

babadeda crypter loader

Babadeda Crypter

Babadeda

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Blocklisted process makes network request

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-01-30 21:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-30 21:55

Reported

2024-01-30 21:58

Platform

win7-20231215-en

Max time kernel

117s

Max time network

118s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup.msi

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\f762a8a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f762a8b.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f762a8d.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f762a8a.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f762a8b.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2CDE.tmp C:\Windows\system32\msiexec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005B8" "0000000000000550"

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"

Network

Files

C:\Users\Admin\AppData\Local\Temp\CabCFE.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarD8D.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 385a621bf78a4f971ba1faa96e423b66
SHA1 6cd59c42e0304afe2717df02b41d3428b876b93c
SHA256 5586dbbae7feb1e1a18053e061e6831498671bf8756b591385b7cf6535ca63d1
SHA512 a3ad2d1b423f7a04e47a219da34f241b960ef53f883b9c2960e70c8a8b99c3c33d15a38566cd07ad4ad923ade98c82dcde55da7c2b037b505b321bcc7854e177

C:\Config.Msi\f762a8c.rbs

MD5 9f2033526b94747978cf9c6a0ea06933
SHA1 4dc6f1980fb414b160c1ec1d935b2a8d91f82eaa
SHA256 b80f91226f7fb77c1de5a6c2d94beaa5c8b057187055563dc57135470d6ebb5e
SHA512 a10b0943167b813dc2875d63fcd03681759ffb464bf857303b061b4cdfa358a3f1f894ae5b3ebc974515d6c299e51ed61a82fd33af1a0126a9766854d551d075

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 923f48cc861e7a6c94744a984f04bdec
SHA1 093d98ed434a2ada3506db8fe4b4563a67907cee
SHA256 06c5063750a3714efacf9c7d57e084fc68ac964bdb14cc7f8560b9bfa84c4687
SHA512 c172daf4b775d5fd675b6dcc06f2c88300af1b578cfa47bab9f6e6b76c3d79ca8b4e88edb452b411cd7f0ffd14c924e7988a077c2fa11fac04dc4517a3efa334

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

MD5 5efb2702c0b3d8eeac563372a33a6ed0
SHA1 c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99
SHA256 40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b
SHA512 8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

MD5 8e58fcc0672a66c827c6f90fa4b58538
SHA1 3e807dfd27259ae7548692a05af4fe54f8dd32ed
SHA256 6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d
SHA512 0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

C:\Windows\Installer\f762a8a.msi

MD5 7e4f27c1825b29066108fdd150a0bc27
SHA1 2987105ff84b72faa9708776181b0cf0757917f8
SHA256 54ba2445b8ee24a35fef46e5d49c90baa8f58d3470de58dfaaf8c25c79736caf
SHA512 041d73a8f576869a427dc20ef9a2057eac2c3044431ad2c72daca7f5832a7c753fd803d803d5f5fd48c440b48d56ae90cde0db5eab62ac4bf721167d336dba46

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

MD5 a6f27196423a3d1c0caa4a0caf98893a
SHA1 58b97697fa349b40071df4272b4efbd1dd295595
SHA256 d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222
SHA512 0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

MD5 ff3d92fe7a1bf86cba27bec4523c2665
SHA1 c2184ec182c4c9686c732d9b27928bddac493b90
SHA256 9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8
SHA512 6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

MD5 89e794bbd022ae1cafbf1516541d6ba5
SHA1 a69f496680045e5f30b636e9f17429e0b3dd653e
SHA256 7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9
SHA512 16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

MD5 d8ccb4b8235f31a3c73485fde18b0187
SHA1 723bd0f39b32aff806a7651ebc0cdbcea494c57e
SHA256 7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba
SHA512 8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

MD5 b6022150de5aeab34849ade53a9ac397
SHA1 203d9458c92fc0628a84c483f17043ce468fa62f
SHA256 c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d
SHA512 2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 61283c4132f173115dbb3777dd9cd1ce
SHA1 df2991718da0ca92661d532616f08c8e4f77ebd6
SHA256 332e0354610b3f26e23042570ee50cf2d3e479e42451afd1fe079373c4e95833
SHA512 5e7cc8d5536f1524677e1326c7346e763497208b7015b25df73a81d193b3c6d20c963966419c3fa418ee47390f411c14126cb497a63877e748c92cd12b5804a7

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

MD5 5199d6173a6deb45c275ef32af377c3c
SHA1 e8989859b917cfa106b4519fefe4655c4325875b
SHA256 a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3
SHA512 80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

memory/2268-125-0x0000000000DA0000-0x0000000001083000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 f4f54998aaac3642edb8d9e2c75953b9
SHA1 c97de197fbe2e652ef3b2b455839e5adeca8052c
SHA256 8ddc30b37d6873d5e8ba50984d7307d797232195fa07bc8ab4bc604cb231d850
SHA512 19a5160a51613d95af9f4a682836919f8fb76ef78b1fd7b8eb6e1ffc1f8ca37ade95b4f06adc8ec9ece6574e9feb8ec2637af19120d8492e9c807a1953187556

\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 8edf3ce46c9f91aac4bfdf7a71e90f08
SHA1 cb00d7e344ed8e2942cd8723f624d3efaa0dc192
SHA256 52b3358e2fc1200151e664e744066dcdfa20c917a66b8afc62614425465831bf
SHA512 3a6bbf5d9875d25f42a48cc2624f2260b75865c08aa07f053243514e3e56e99b57f8fa82cbf13b2ed199e3bdc51c86c58d0d3e44f7ffa124e16e45741252ecfd

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 45814d86180e867e23abe3ebb5868fa7
SHA1 a6f3be89d66e8dea6f48cd8847e69c8a808a2421
SHA256 31e931053e5b23c34c0aec9a291a3ed38ad6c928c84fcf081c9b458e31d7d90b
SHA512 03560cbbd55e9a992c7497a444aca02f268742b2aa6c7c7de6281f3eaa78a8ec65cf275a83a5b728bdc4d2dd9a11b75911ec1affc3901f83dcb573c91aa13bea

memory/2268-129-0x0000000000230000-0x000000000024D000-memory.dmp

memory/2268-133-0x0000000074870000-0x0000000074898000-memory.dmp

memory/2268-134-0x0000000000230000-0x0000000000234000-memory.dmp

memory/2268-137-0x00000000747D0000-0x000000007486E000-memory.dmp

memory/2268-138-0x0000000000250000-0x000000000026E000-memory.dmp

memory/2268-141-0x0000000000230000-0x000000000023E000-memory.dmp

memory/2268-140-0x0000000074790000-0x00000000747C3000-memory.dmp

memory/2268-136-0x0000000000230000-0x0000000000234000-memory.dmp

memory/2268-146-0x00000000746B0000-0x00000000746E6000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 fbe35738b0eca46993247d21aa722c4d
SHA1 acbd4eedf03541a3c7628cd821174bac8b923497
SHA256 81b435b4d77fefe45d07e8a0bd6b01309a9c04e797627d314f7615d5a969bf2f
SHA512 3eb4db28726297c4d9635c3d1cd322fafb7df7a8e5f64a18ab53471e5784058f270996664441ddda469f9304151b18887b50c30a25d561961971a628e97fd276

memory/2268-149-0x0000000000230000-0x000000000023D000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 192dc79840178d07578ccb06d6985a5f
SHA1 241483ec191ed70dfb8b0c9478c34eccec4fdec6
SHA256 b0589bd38c0eb3425d08a180f93a2d897d8ad880bf5ec527e5bc903f75230365
SHA512 e2b46f666c4d09db76408faa05fe3531712f318031743dcfac46ee3cab85fca6aee79f6ecdb3a69669618d09809704e4f32a77e5fab1ecf5d49040eb32d84d9e

\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 05e99817ac34acbed33c3782a11e828f
SHA1 13494724076ea1ecfdea2a36532346c3d62efb8d
SHA256 f63b03892f9490ff9d85fd39e48c347ab6936f05e7563a27c802c6116232ee48
SHA512 5cfadabee4ca3b3e33aebbaa7a210d79c90bf1fb73c8af852bc0ddc838b3ee012b5cc12a49a2ae62490c813935ae1cfc07871befa0d83f2268b2c975935417c2

\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 e6910d55dda2ac634f2df7c9606f1ccb
SHA1 aab2cbf57e558f674f9fd7d9258037a3d46055b3
SHA256 e710ed61260f58fe8b551f26756198931f8936f1590dad8eff0d555ab2b0c9b5
SHA512 e6658466e2283da9291bfd254f66d6eb89cc5d13d6c430be2a4d86ba9503def242e2e1e63851e3bdd9ed27be62a0ea8cf81a2a05d596982f8c2f785b9bff7faa

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 b99aa02150b512c5ded41a1362f841e9
SHA1 31760d3ae84051d9c4af3fb3d1063a8b93b8c403
SHA256 fb99420924947adee7d60953efdeb7b41163b84f20bb29e7f80752f4976a2a67
SHA512 d80f08c5ca1e2b93cc96279caa88c29e06af9e4c202def5cbf79e27f081087efaab9d3ec3f57ca81cc69d81beb7b89364754f98878e632c9a1911001c0ae6478

\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 d9fd3ab489f569b86109226970ea68a5
SHA1 d823d7171668354dd13828b5881e04558c820763
SHA256 22b18a5e46c0e9af7ab25daa27b5a25a811c45f3939397b92161ea463f571fd0
SHA512 807f51d74eebd94153c8af3fb64ce6254b643be8e78cd9c074a65365113fa230702287806186e7047a40962e903e4efd2e4baa1c82c82d22907f5d87c306be6b

memory/2268-164-0x0000000004770000-0x00000000047FB000-memory.dmp

memory/2268-169-0x0000000000400000-0x0000000000BAB000-memory.dmp

memory/2268-171-0x0000000000DA0000-0x0000000001083000-memory.dmp

memory/2268-172-0x0000000072A40000-0x0000000073763000-memory.dmp

memory/2268-170-0x0000000004480000-0x0000000004481000-memory.dmp

memory/2268-160-0x0000000074060000-0x0000000074185000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 6c3ecf80090412df02ce5afc9cb4b5e8
SHA1 a4edcadcf7dd464c14c600628390e6a876742274
SHA256 fd867cf466204cea9e2a701c66e55c1d4eb66355a44ac04b2309d2f02dc4c29e
SHA512 e017043cd27d70c1ff324f9d12a7ffcec3d39458bfa6f0bae03c165f13d400b8c62e9c5d749dcb497e343629a0076c53c274ccd346b27cef0bc5875ce8cb4dab

memory/2268-175-0x0000000074060000-0x0000000074185000-memory.dmp

memory/2268-174-0x0000000000230000-0x0000000000235000-memory.dmp

memory/2268-173-0x0000000000230000-0x0000000000234000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 720806691bfcf51603e2f650b9f57bad
SHA1 db8a95046e3a4aa9a864b5b8be783d6879a4d803
SHA256 09f8fdbf1071d0a19a672c7182013548ab51cb7c22ae5cc827dfb7884e8aea5e
SHA512 8dc91efc566e4a38ab8abfb5f3dcb5083a256fd75f9253e70b1d550b8beb92ef7611dc734fab660a11e35bdbab68b72b5c9bb33fd966997b909493bb90fbcca1

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

MD5 db123de85e5363c3726bbd57a6b4d8df
SHA1 fa0b96f74e121f70332b7c812273aba908366510
SHA256 cdddf1a3cf384275f3ad8ef0db8a739f5077f7c38aff3fa6b5800c1e3542c9ef
SHA512 ef96c07b3055506846f04238c396a7f2926a0a7132d899b1f6d53c103fdbf87eff9f55ba60e8078e8573ac8978b61d4384e7574a962a591e486501d8b5e2ece9

\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 7a6c073fb55e978a5cee7c14478f8b10
SHA1 4d787d369f5b44f782e1c897d6562054c8df997d
SHA256 3739794d3a8ee38126b8a451b14159ad3aab6f11e775225c9b207ed389d4e158
SHA512 f421914da56aadb2630f7268fbbee48da1ee711b38b4f315210d07ce9e498d5c1c8f72a45fab3d5b8316a59f3f32054b4b3fc5bea0da7f4546a4311ea56beb81

memory/2268-154-0x0000000000340000-0x0000000000341000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 b1f62aa4be1891bd7381d19e73a501fd
SHA1 1311d0539be4ae2c84d4fb5e38b08d57cf231a3c
SHA256 213fadd5e04785ddbdd3916f5cd5764674da78870f72b1dddda582242bd83156
SHA512 edeb872fdefd75c6bc8e51e6cd48fa906676f437a86307983b036d0820dcf2688ee982357b12f29ad1066d3b1377c2e825710331c31fe185d403f701babf8587

memory/2268-148-0x0000000074680000-0x00000000746A4000-memory.dmp

memory/2268-145-0x0000000000230000-0x0000000000235000-memory.dmp

memory/2268-144-0x0000000074780000-0x000000007478E000-memory.dmp

memory/2268-132-0x00000000748A0000-0x00000000748AE000-memory.dmp

memory/2268-128-0x0000000074AF0000-0x0000000074B3D000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

MD5 cdfbe254cc64959fc0fc1200f41f34c0
SHA1 4e0919a8a5c4b23441e51965eaaa77f485584c01
SHA256 9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9
SHA512 63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

MD5 d31da7583083c1370f3c6b9c15f363cc
SHA1 1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c
SHA256 cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506
SHA512 a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

MD5 46ede9ea58c0ac20baf444750311e3f8
SHA1 246c36050419602960fca4ec6d2079ea0d91f46e
SHA256 7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236
SHA512 d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-30 21:55

Reported

2024-01-30 21:58

Platform

win10v2004-20231215-en

Max time kernel

144s

Max time network

150s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup.msi

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI7290.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57713a.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e577138.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e577138.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638} C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000cdbedf05adb60d680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000cdbedf050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900cdbedf05000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dcdbedf05000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cdbedf0500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x468 0x50c

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 telldruggcommitetter.shop udp
US 104.21.5.9:443 telldruggcommitetter.shop tcp
US 8.8.8.8:53 gemcreedarticulateod.shop udp
US 104.21.80.171:443 gemcreedarticulateod.shop tcp
US 8.8.8.8:53 secretionsuitcasenioise.shop udp
US 172.67.213.168:443 secretionsuitcasenioise.shop tcp
US 8.8.8.8:53 claimconcessionrebe.shop udp
US 104.21.58.31:443 claimconcessionrebe.shop tcp
US 8.8.8.8:53 9.5.21.104.in-addr.arpa udp
US 8.8.8.8:53 168.213.67.172.in-addr.arpa udp
US 8.8.8.8:53 171.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 liabilityarrangemenyit.shop udp
US 104.21.83.220:443 liabilityarrangemenyit.shop tcp
US 8.8.8.8:53 220.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 31.58.21.104.in-addr.arpa udp
US 8.8.8.8:53 150.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 106.246.116.51.in-addr.arpa udp

Files

\??\Volume{05dfbecd-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{5ae1a925-89b5-49d0-a5dc-742713475fca}_OnDiskSnapshotProp

MD5 b2b70813296baaf7ff717b3293d77c27
SHA1 6f4b16bd7a51c20629a916f6c5a4d616acccbe08
SHA256 79eacae834379a9fe76ff5f46f44cd260c113c5bdd5f689bb7ad3e72a0c07304
SHA512 2e60b1016a5adf468400897a7dda2f99d35e34837fa18573deb8d195c630fe46c63a2a74cd441cae828859658b0f95c0bcbd8197b2188393299feacbdf49438d

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 5d0768caf1fb32ab8e0e41c88648f390
SHA1 d449b121eb84d41331881350e8b607d66c2b3e08
SHA256 ebf01549c76007a0d7d3dfd1d31217a54e5a1477e62bb33defa691a0b2295626
SHA512 9f659ffc640cf9f59abebe13444f276a7a6e088db05bc71f9d1d0d1d466e1cc969b57cb56dd93d899d77854e986ea44e280ed05de6a9bd2e11f09aa95b9510bc

C:\Config.Msi\e577139.rbs

MD5 555faba3770ececce7becd894d600c6e
SHA1 69bf9295a23cd1387fc0b44518a11600a956f1f4
SHA256 6f8d4820f52d7a693da27488409049b245900e3b21242a5c2b83c0ecfa9612e2
SHA512 349ca6efaeb5578842abde960c7d38408b56f336bf90878cf96eec83096e8e301e5f982499e093ac36c49a0a85028f105967a756a1293d5942cc67d07bf84579

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 4dc28e177906abcf9ac84c2652819036
SHA1 ea288fa3e013806b31a0de853940f216dd06379c
SHA256 65cd1f19805b4e7b1a20ae1f619d0b9cf2f04e382e113f305f62c91945cc1dc7
SHA512 59a2338ced27ee4c5d952b23e5978c4728bbc50224112837757fcfc26edfb053f3393069b1587b79e11e595ced040560d27bb824d4544e30c5928a67a07d13d5

C:\Windows\Installer\e577138.msi

MD5 7f9a4afbdb2f9c717e639c92aa74796e
SHA1 4952c7631b6ed345d42a775d3d44af2d186175d2
SHA256 3c99dfebd2111ab1cc62dda5b16550799b3797e9ae7c6061e45867d7b89172c3
SHA512 9b1d65d41098b4334a8d7de224cdfdf28fee71f0211c9e52071abadd9fc7ea3be1c3d57cb622277080ec847b34fa11f2d887f732d07f411f8e49cfbe8d24d7b1

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

MD5 5efb2702c0b3d8eeac563372a33a6ed0
SHA1 c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99
SHA256 40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b
SHA512 8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

MD5 e05ae3eeca6aa42654b94e5f9eb4129f
SHA1 2178037101d99db10cc90f23a868a0f73093d23e
SHA256 f131aa3ea3fcd66d98854a8d522a88449e05cbdc7a5eaa8ea38a4967d4cad8e0
SHA512 a61424dc063a35476cd1436ed2fcd87663cf619a833b052ea3e8b1396b297e3375bfbb44fb801b46c0ea5e2636e490ae5e0d884c2eaeab2587608cd3f6cc8a67

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

MD5 b6022150de5aeab34849ade53a9ac397
SHA1 203d9458c92fc0628a84c483f17043ce468fa62f
SHA256 c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d
SHA512 2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

MD5 335f904d10fa78c10e14ccca65430852
SHA1 f2e8e15ecc4b6de64211e7382631b16868eb5fcd
SHA256 cc5ab14a3a10d60f9eb5c1b79b249ec9dc34ebfb4357f4d9203889f8c46a8e5a
SHA512 565b3465ae56a13522098a413345350f01dce42c1d2e0f71f68817231ad2993c724b9307c3f0c2d7937eeef4644b661f8e4831f6ee819247c9f79c8d31a51b49

memory/3068-79-0x00000000011B0000-0x0000000001493000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 c13e306c752c8657ca8640f255eb1a2a
SHA1 9bd8b1ded0f00eb7693f69ef24073319da37501e
SHA256 c7901aef15d3d188c72c1a1e77641b1395b09d6c8e8b511360b3c1b625f7a4c3
SHA512 b4e9501af537cde16279ee7cad2210ac9db722e869081fad145d5eb45792f3bb46ce583afb11a3400156b569de0fd7917a5090b2900d476b44610217d360e123

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 4a9486a0b055fb062920533b7ca6fbc6
SHA1 1110913f8a3cfe87cef5777ba1d26e1d92580bf1
SHA256 c5372dde9bc07e546cce59d90f8a07b004d1744a67930792b42c6cf652b8028b
SHA512 2a0207d1372332c4f7ee254703f99673576698f074df7f859db42fa48180bff78f461a417c7ddba12c246816bbf2653c2e243a3c821acedf421eecc8badee46d

memory/3068-82-0x0000000075890000-0x00000000758DD000-memory.dmp

memory/3068-87-0x0000000075750000-0x0000000075778000-memory.dmp

memory/3068-86-0x00000000756D0000-0x00000000756DE000-memory.dmp

memory/3068-85-0x0000000000D70000-0x0000000000D8D000-memory.dmp

memory/3068-92-0x0000000075710000-0x0000000075743000-memory.dmp

memory/3068-89-0x0000000075780000-0x000000007581E000-memory.dmp

memory/3068-91-0x0000000000D70000-0x0000000000D8D000-memory.dmp

memory/3068-96-0x0000000075700000-0x000000007570E000-memory.dmp

memory/3068-98-0x00000000753A0000-0x00000000753D6000-memory.dmp

memory/3068-101-0x00000000753E0000-0x0000000075404000-memory.dmp

memory/3068-100-0x0000000002C40000-0x0000000002C57000-memory.dmp

memory/3068-102-0x0000000000D70000-0x0000000000D7D000-memory.dmp

memory/3068-97-0x0000000000D70000-0x0000000000D7E000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 b3da955657d44c8affa44c101d7f131a
SHA1 0e3eaa33d61d4549fb4725619f221dc5aa57391b
SHA256 cb940a98dc93762ccd81ae7a226e0dd2e92e45c1fa998715680918a798ef86fa
SHA512 60e4a41abc2dc2dba2e747121833dac59c571dfee2b00ed52244f8edd0ad9f2959623b2b46b9a0aea7934b295cd0068c9cd50e22f972b99494698d644d21bd04

memory/3068-111-0x0000000074E60000-0x0000000074F85000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 091053f71156e239052b52f31e48248f
SHA1 1fa7c4ddac58f88f752ffc8a1425f7ccc06b2ed1
SHA256 2df6ea2b5df0054cb3b766bd479ffdfc081f6e1776af32bee34699466d6788b8
SHA512 629b471bb8cb311ad655671052f4016b11a5e30562557a0fb5eefb9df48ae2ddb424bf7fe1e7bc9f120a9ba2a44cfcf1b84c296516814a7f7b7959d27f279fd8

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 3ab43683e32bd3c4504da23e1e598c7e
SHA1 f4592ba1f0996a2a1062993423aab4c60b1a9b87
SHA256 c6f2ddcf3fc0f689b68ab80c22bf38a892e97d2c2d5b30cf51e17578dc649e51
SHA512 9105fc2163a36bfa5464ee675b333189bdcd88f3c32fe851eaa7d34aa850dceaae5e68fb9ca59b8f992543d87ce79a0fbf707d98dd09a907beab2064a390cd76

memory/3068-117-0x0000000003C50000-0x0000000003CDB000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 b5c4be51eddb6dcc707cb1f91eed6bd9
SHA1 0def17a411e5a96cde0cd683591deb71f8ee2392
SHA256 b64256bf3b1ec272668f5a23f5f3960497cb8808bd523e48dff740b0a4b58465
SHA512 8dbad335b3b939c9dcb620d87cf652144b7ac592ca407cf2d99f1a8e533e0e31af72ddd130167f50ea4fc308fd486f74868555accaffbcd60cb435571501f018

memory/3068-122-0x0000000003720000-0x0000000003721000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 d9e05919ac42e223f6e6c9ca9da1bf56
SHA1 78b9854e7e104c219d565a9b27b1fc3863e82571
SHA256 2a65181c209b5b0a0f47ad0791cfac89e970f76ab638690528a32b86830e41a8
SHA512 99c1203887ebad495933399c22bc319a7a94ae2eedff79a9ee43721643f3253fa6acedf50a389a01cd3214bacbe6818de6e64db939510b271002fb82b882f157

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 14c6741545350231ee7e379fa5592fd9
SHA1 ecfb0ee4e1bd83c3b6ccda0da59d3a05b007b6ba
SHA256 949e11ded8ff99146d488cf4271d964e818fe339a772e2377dd6a57b6cbb9c55
SHA512 f3141d9326e8804a55ff51c9870cd515e20f0c6837e04da61fdd3400405a4b6ea2ef86501034a1740bb9549189f9a797a8c8eadf32e97fe231bc69cdb028ba22

memory/3068-113-0x0000000003720000-0x0000000003721000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 e77465437daa81ff9b943d4e47b671e4
SHA1 5f3fe7c9ea262e9db3499098ae2f972ed8b9c596
SHA256 4b692bb512e96708e6d22dbde618382e4577074d3e9c7b028a7c16804b6eeafe
SHA512 9e4bbfb91671b28b0f87510987f29a66842eefe19e355480e400b13867f707451d471ab1fa2b7eaf54d2d224da86cbfc094c46775af96c7a39f9660040e5326b

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 caa12f0f363ca1c1a6cb385a4853d423
SHA1 e10fbff7cfe2b0fd91b6fbd6c152c3f00e848015
SHA256 3e8632dd79087684635900addb5f558249dded4602e333f4c0ce2c84474bfc22
SHA512 618f553a98409df34907bb22fe4112c833c071a0486212b84598bacac5c9aa33adf19d0d943c1109269793e5a631d9e6d931163e334192795f19a6f02793e926

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

MD5 487f8f4a34ae01884abeca289bd6511c
SHA1 13d43c059351b98976d4cbd1429753b3c3d2c47c
SHA256 05e827ad4f6bfc3ffb35bb9592d942e42e330974ee5a0bce6a032dd4745cea94
SHA512 ef19fe62ae05c6a68d6369399299e8316affcada03bb9e600340397ed00298c1014cf85c03770a3456d591dc44036169ef91120264e1bd422ff31f2735c8d003

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 e98f595caa5ee23e8a3e46d83211da9d
SHA1 a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017
SHA256 df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a
SHA512 e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 88209a13c999a19bb5c17f5cbe997bc9
SHA1 6963783ef807c6c0f6f8304073f3a276b75ada5b
SHA256 c2b65335310a1cb9c086f3282c38534432bdbe322359513c8b7f7f9b7d9f8841
SHA512 656adaa3843860c501bdd9d2c653393e0426d6bbf40179393a6cd557e98406a354128535d4c5e4595f56e6ce69792855e9578f9d7da35ce9841c5618dae39ce6

memory/3068-93-0x0000000000D70000-0x0000000000D7E000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 3ce6ca9446d768d0d3c02f8289dfd9c0
SHA1 05466b3b41d82d551418cb9177e67480d3685f35
SHA256 35acb04d0ad3525acb2bfefe1fba245e4082780a62c4f51c8ce6c833c4f5dc75
SHA512 491aabcb63f7f75074f91dae512cf304afe3038e73b3432c613b52e59dad3cb6cb6cb24e13f8a0d1d2117ed54281b042d4bce6c77f95ce1e71bd6a99afb58d81

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 2e2421726326ca4373f7aaf45b53b734
SHA1 4521ea343cc0a6220c2bb815bc4f3255c285a14e
SHA256 c328494c83785cbd83bed8c878eb49be8060539ce0b94da6431473888271d1f4
SHA512 4a7f75b317693259cb6f1925e3b794ef9a67df52b712e35de1c79595917a14e7d9f82babc8391fe49f31b72b1d71b4e3fa3ba17a6b743998340a5262d585b11c

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 ad184d1c890c84cecbe635e12cb89625
SHA1 b8eaa33c96ab33dd2c00c9ce8dd2c09dac0ef1dd
SHA256 a25c1d1b7b7019f6057f46b4f6772e9db9cd3143c716abdd4e677b920b61d025
SHA512 f49dcd19bf84b12f7d5f75949776c66053015408e8cdb0dfc46896049225006ceb8580a72f8668b2e2b48d39cc748e2d0f5f6528be6b8d84b534f94105760634

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

MD5 5199d6173a6deb45c275ef32af377c3c
SHA1 e8989859b917cfa106b4519fefe4655c4325875b
SHA256 a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3
SHA512 80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

MD5 cdfbe254cc64959fc0fc1200f41f34c0
SHA1 4e0919a8a5c4b23441e51965eaaa77f485584c01
SHA256 9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9
SHA512 63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

MD5 a6f27196423a3d1c0caa4a0caf98893a
SHA1 58b97697fa349b40071df4272b4efbd1dd295595
SHA256 d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222
SHA512 0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

MD5 d8ccb4b8235f31a3c73485fde18b0187
SHA1 723bd0f39b32aff806a7651ebc0cdbcea494c57e
SHA256 7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba
SHA512 8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

MD5 46ede9ea58c0ac20baf444750311e3f8
SHA1 246c36050419602960fca4ec6d2079ea0d91f46e
SHA256 7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236
SHA512 d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

MD5 ff3d92fe7a1bf86cba27bec4523c2665
SHA1 c2184ec182c4c9686c732d9b27928bddac493b90
SHA256 9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8
SHA512 6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

MD5 d31da7583083c1370f3c6b9c15f363cc
SHA1 1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c
SHA256 cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506
SHA512 a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

MD5 89e794bbd022ae1cafbf1516541d6ba5
SHA1 a69f496680045e5f30b636e9f17429e0b3dd653e
SHA256 7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9
SHA512 16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

MD5 8e58fcc0672a66c827c6f90fa4b58538
SHA1 3e807dfd27259ae7548692a05af4fe54f8dd32ed
SHA256 6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d
SHA512 0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

memory/3068-125-0x0000000002FD0000-0x0000000002FD1000-memory.dmp

memory/3068-124-0x0000000003920000-0x0000000003921000-memory.dmp

memory/3068-127-0x00000000011B0000-0x0000000001493000-memory.dmp

memory/3068-126-0x0000000000400000-0x0000000000BAB000-memory.dmp

memory/3068-128-0x0000000073C70000-0x0000000074993000-memory.dmp

memory/3068-129-0x0000000074E60000-0x0000000074F85000-memory.dmp