Malware Analysis Report

2024-09-22 16:46

Sample ID 240131-xbp4fsada8
Target ClipPlusCommunitySetup_ns.zip
SHA256 1120c72e96423635515bd260a0d9b219a6a7d17eca7f21d2ab63e3a6d2319539
Tags
babadeda crypter loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1120c72e96423635515bd260a0d9b219a6a7d17eca7f21d2ab63e3a6d2319539

Threat Level: Known bad

The file ClipPlusCommunitySetup_ns.zip was found to be: Known bad.

Malicious Activity Summary

babadeda crypter loader

Babadeda Crypter

Babadeda

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-01-31 18:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-31 18:40

Reported

2024-01-31 18:44

Platform

win10-20231215-en

Max time kernel

133s

Max time network

143s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA21C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57a133.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57a131.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57a131.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3c4

Network

Country Destination Domain Proto
US 8.8.8.8:53 telldruggcommitetter.shop udp
US 172.67.132.181:443 telldruggcommitetter.shop tcp
US 8.8.8.8:53 181.132.67.172.in-addr.arpa udp
US 8.8.8.8:53 gemcreedarticulateod.shop udp
US 172.67.152.52:443 gemcreedarticulateod.shop tcp
US 8.8.8.8:53 secretionsuitcasenioise.shop udp
US 172.67.213.168:443 secretionsuitcasenioise.shop tcp
US 8.8.8.8:53 52.152.67.172.in-addr.arpa udp
US 8.8.8.8:53 168.213.67.172.in-addr.arpa udp
US 8.8.8.8:53 claimconcessionrebe.shop udp
US 104.21.58.31:443 claimconcessionrebe.shop tcp
US 8.8.8.8:53 liabilityarrangemenyit.shop udp
US 188.114.97.2:443 liabilityarrangemenyit.shop tcp
US 8.8.8.8:53 31.58.21.104.in-addr.arpa udp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

\??\Volume{e50584b5-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a4a8d77e-c8cd-48a6-bf82-ad3232f55156}_OnDiskSnapshotProp

MD5 b3ed54d4702665ad76550127ca8085a3
SHA1 45906189e3af4c6856f4f2505950f7b4b62c0f83
SHA256 cbf7c5fe919db64febe6e3e579b0c5eb9d2bba1bf9da38218790347647d9ffe9
SHA512 698c48a58f1fba4833f8e1723f1490389f353d9fa7afc3f52a296a4d3a6cda59b29ce7884cc949a93566605605e68901abf3f6ba125dd5fd81f921e2618efc12

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 ef3f5e739bc832adbafcfdd8dfe467e1
SHA1 5600fc394956636ba77eac9357e491ffa97de4f1
SHA256 1bef5598ee840b15259d2c3b99dee29747c675556e3645998d716fb77f23bebc
SHA512 78e874c1051b943952ee4df069be8e92dc7c8d71385ee49c3f0fdcc6caf64c1f85185fcf663b23903d026454546ef8a3a4870d87180af71a1c5b62f3a38568d2

C:\Config.Msi\e57a132.rbs

MD5 c30156e8d52087407531ef756783ddc3
SHA1 bd2070bde09a465d13f6540bfce8547dde929675
SHA256 46d8ad49f6b84b8b685e8b202f426e93762d77342699443b5e20f92c017b431f
SHA512 8bb7e247b5249bfeebd18c3569e4f142703201416a48bb3f0ec7c34b9144526cb7f3d48a0ac67a7c247249dc79ba4c6cdef44e702a172c0fb340cf91058cf1e7

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 75983471d6b941b6f1932c98c6c207ca
SHA1 bf7f530d6bb76d71f4d85f3ea485a9802e7832a1
SHA256 1927d476afdd4d94c044569f4eb985a777290a590d7c8fbfc82b87aed44c9a58
SHA512 e83dc79b97d07e4a2ff47633f2ec94ffeafe69dabae6ee15fda01a4ccae0c8bd1b5b1df0c9de3a9fb40dcf5640773a9224b981abf994370ec67e321aa3277c56

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

MD5 5efb2702c0b3d8eeac563372a33a6ed0
SHA1 c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99
SHA256 40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b
SHA512 8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

MD5 a6f27196423a3d1c0caa4a0caf98893a
SHA1 58b97697fa349b40071df4272b4efbd1dd295595
SHA256 d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222
SHA512 0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

C:\Windows\Installer\e57a131.msi

MD5 64a26c49d5dbd8d2010ecb951922cb19
SHA1 cc1c974742ed3f478970364dd6b15a8328c8d4ac
SHA256 6d52f71e2563b7119a57ebaca006785b6c4de19783f5c2ed57c41866e14d11a0
SHA512 718aefda92a5ddcb8f4fbcaa988dc4133019b998e9528ba335575c2efccedb61bd401c0951ffc37ff8bedabb6ade440fd663b5db3c35b3bc8d3a0f921c350457

\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 a8ce94a59a77880ee944e62612bb1d2b
SHA1 2c230572ee98994b481931b32ae38778d344aebc
SHA256 42621f4107139d0266b7fdb3001476815c3530a30605379bbfc688d6fd278e5d
SHA512 bd241e560d359bb5eabef90e2c6a5500b3581a743e7860b42344fa44a3ab65f6f693a4244da971b5809fe4ee55236cd411e50d7ba505b0c4b0dc8d506a369f2c

memory/512-80-0x0000000001270000-0x0000000001553000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 b25693597662591e8b8ada473022bf1d
SHA1 82f5ebe1ed1607b1295bd1c66be6c2f925901e10
SHA256 9daea1a482cb8c91b5beecf35da4c62ddcadc24f410525f823f73541cea24c4f
SHA512 b75ff94b261b38d057080c1a521fd3c18f9116f6ac60489a0917450eafba24f3184321a7d2ddc7ee5761065c8876fe88450a78ca1c7c791ba676e26ad97b58ee

memory/512-87-0x00000000739A0000-0x00000000739C8000-memory.dmp

memory/512-86-0x0000000073A10000-0x0000000073A1E000-memory.dmp

memory/512-90-0x0000000000D40000-0x0000000000D5D000-memory.dmp

memory/512-98-0x00000000738F0000-0x00000000738FE000-memory.dmp

memory/512-99-0x0000000073610000-0x0000000073646000-memory.dmp

memory/512-101-0x00000000001F0000-0x00000000001FE000-memory.dmp

memory/512-102-0x00000000734F0000-0x0000000073514000-memory.dmp

memory/512-103-0x00000000001F0000-0x00000000001FD000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 0f60cd94df80406058b26bc9249adf32
SHA1 833e131c8c97a7854dcbc0ff38ba7687c516632e
SHA256 704d78fd56899229e78539c9f247b9b23aa547835ca9587f48c32f6ebbec0b64
SHA512 6265e2ce999ea572faf62f695f1d02d99def1f88324c51ba5b598a2c716961f2cbde0352c9724e4defc51c6e2d2cc424ba864678e239caf5d6116094802bee90

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 03ee1ebdec552ce433bfef4056ba6e5e
SHA1 a4e4ee0544154e683761de341a0ff7a8bbc6cf96
SHA256 8a0ec1268b48bec51150ebd3c8e8249ec46ae18d1de496481b38beee3b82bcfd
SHA512 5241ff6175c272a8974672d75cbc68fc87d5f1fcc0ada0c5f4e01b81a19130697465d570310fc61c06ed4f19bef8c183d324648984f96727e29683e878ab7824

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 0296aeb869d850e175200f3b01dd2444
SHA1 cd8c41cead238533555262a5d742bf6b3fd599f2
SHA256 c3519fdeabae8cbc3611497be7974ce3ad943cb73d970444ce077fe4fbcd052b
SHA512 1d5de1ba423b5c9a389c5d276b0ba5edf4f00ac864ab4edd18fb523f43d46b0c10e384db8901fc91967cbddcc6050c5c3f895524369a98d8f967d797624a97d9

memory/512-108-0x0000000000F00000-0x0000000000F01000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 93b4f46f6a7f845671d591d3096acade
SHA1 d8ddf96be96960bb09b3e0183e4e4444476e04d4
SHA256 4a4e0793733ebd6ed866dd4ff7408e613eabdfc0868913ea320c18ea3a12e2e9
SHA512 cac1f859d6396754c760d959334b1720924db287a398068ffac74959eb475b67f72782752acfec8664e91176cd7e2464bc668e9b8ade6ac9ffd10eca0c494165

\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 49c9ca548522fd7cb2f50b82eb23168c
SHA1 54a23f04810aa10fe864c90337de560ae5997f14
SHA256 a5d012a92fa9fd2a5a81c4781e30da003c9e9ff2deb0a12a4e250846c2d03747
SHA512 b4c8929033a0ca6171470b4a1a7b310f66477b5712a755bfbdca085dc3573e6f63f6c3dd3ce6d200f6788f6fe8bf7771faac51c1ff7eeab5aa28baaa575944e6

memory/512-117-0x0000000071B50000-0x0000000071C75000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 0275b900f963f4c2a9d65eb75fee3069
SHA1 a58d189b43e48dd7d16cd65089caf7d55d060888
SHA256 57a90261d792f1aea0a62141341de3dc6f6a7162669fa59da7b0f198e0034fe9
SHA512 7ccb3567ff1a57bb2b58a1a9a0e17b4a4a019bf7026e9ee7dd91417a0de40342d659968149ec6363fdd14e72358b1c445751d5292554c738a015913264dbbfcd

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 285c15fd428dd35e5a39ce4510959321
SHA1 5f2b8c163c58837e503b3f3ca567c01f2a25a8d5
SHA256 4e1963d6e85ec009f4307e24a33bf6a6bfd4c755bdf670d8b89255096456a627
SHA512 97a32e195f1bc4b5872dd183d35029ce77cd97b5143ab944776443b85f3ec6a83bc3f8848b343f5281512ec903cacdfefd8de6bfccdfa1c7ce8794ef9a78ae94

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

MD5 2d30827498ffb02eb7344170a26f9a4a
SHA1 1cf11c4fbdf54ed3612ae1d007e015f3934741de
SHA256 2faae9054e25fec6d35d0b1754160915d4946998d67257f131f3d602568d707d
SHA512 751cf808f58a8724dcd10db846663ed6254e48af968d981cae59a97fb71eba0f4ea2b43f7d624c9ed6c1b8fdd1e2a1f560c0b17ab539321a8e8283f70620a64e

\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 e3b9efe3071201d3b5f4d864a6838b3c
SHA1 ac3eca9028580841c40c8c769be96b9f08ba507f
SHA256 b20866082c1ff3e49594a6d45408590c58ed3b735d1ce4025adbda82102b062b
SHA512 75b2f478c44d01001685f80d70dbd51db26ea511711782ccab79c187eb7be1771f575deffb7076f881aa8a78d36e9b215e1f94b5f44e604aae49eaf6319cf9d0

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 2626a1b68d3c3dda8e135fa2dc3a3945
SHA1 3790ff32db65eb87eed50a26d504dd582a78e546
SHA256 503a7aec00f0c560109c9dc6e423ca369344a88f7d36db67631f6e92b8cce0cf
SHA512 901ff6ff1d30e8baa48b796e67cbd38d5cd15460b628bbf904220621ed27a71d05f4de0d3fabf05a2631aa273bfb7b5d6d6513d694687d5967914b27e15c15dc

\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 93b7bfdd53dd583b3003b6a4b9634f1a
SHA1 aa6a94b7f3617b2818fd8b51a8922cd27d15033b
SHA256 3498595c1fb56be509b1f938b67316c42c29745472cae4f9a81cb547ca132779
SHA512 4fe8ee7d31ca6ab683bdb749fc2a7ec13746ab3833a79781abf2d48ed827d6929da67f334bffa93ff56000c5c442f55c87b7287dd334d6af262775908b65259b

memory/512-96-0x00000000001F0000-0x00000000001FE000-memory.dmp

memory/512-94-0x00000000735C0000-0x00000000735F3000-memory.dmp

memory/512-93-0x00000000001F0000-0x00000000001FE000-memory.dmp

memory/512-92-0x0000000000D40000-0x0000000000D42000-memory.dmp

memory/512-89-0x0000000073900000-0x000000007399E000-memory.dmp

memory/512-83-0x0000000073570000-0x00000000735BD000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 2b1b614a5154c649ac6aa48169f2171d
SHA1 d2bfd7d7cb9d0c62cae4ab5ab7f31759113bab1c
SHA256 6cf16b5ea86063b54eaae1dc59cf3fbd68bc6e8273ae8cd18af88606cf7309af
SHA512 1e395e1d180c390db811f624eab90788feab7a82e71bd4e7670e0387d52d34ec673319af353daf553f10bd6c28f0416906b21d28f4338d8e874cfcd1c26cbaae

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 7feccbb69549aeef045a2e9f7e807733
SHA1 4db1dfb0e489e2a51e8a5d2f7189e292b1a22f49
SHA256 9908d8225e1620ce040ffe0d494b2ce395c3db4db545337c1322273b1386ba76
SHA512 8b7b19cff6afe2c63dd2c98c419f254d50b3f12ab6423b7f5e198bb092d91dc884f3b2b0718c44c37f0f4263cfb1b5cf76515c2250bed8554290d8870a3c04d3

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

MD5 5199d6173a6deb45c275ef32af377c3c
SHA1 e8989859b917cfa106b4519fefe4655c4325875b
SHA256 a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3
SHA512 80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

memory/512-118-0x0000000005610000-0x000000000569B000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 23d172191c51ecaf4073e418267b4c48
SHA1 807936b0c9aadd72b2e61c7a1f7c5a6eebed05f3
SHA256 6888e623d33369848f05ea46d8ce60eacd2b9e6eb61e8b55b8e50dd65c7ccbad
SHA512 c32c181fbafe674fed38a3afb01b8be02da808c291b8c0a4ce58eab6eada1df98ed119b4d406169d4116d1ccc4443700c14caa3e16bef0052b3e268148c3734b

memory/512-127-0x0000000005960000-0x00000000059E0000-memory.dmp

memory/512-129-0x0000000005960000-0x00000000059E0000-memory.dmp

memory/512-128-0x0000000005960000-0x00000000059E0000-memory.dmp

memory/512-126-0x0000000005960000-0x00000000059E0000-memory.dmp

memory/512-125-0x0000000005960000-0x00000000059E0000-memory.dmp

memory/512-124-0x0000000000F00000-0x0000000000F01000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 ffc6ec5562ba22c839c6b8477de3ef29
SHA1 5526627fe2205c06983a8c08c22f7b708fd06d28
SHA256 99d7b54a9cd447af0f24d0338994d3a35ff5637500d080c830d865439889479a
SHA512 9f0537106991ac366a7d246a61bbd8c86f00966c1093c710808aae22483f1e867b343b851ed0130e15843b8d7ceba91949df76291462c1dca888644b481a978a

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

MD5 46ede9ea58c0ac20baf444750311e3f8
SHA1 246c36050419602960fca4ec6d2079ea0d91f46e
SHA256 7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236
SHA512 d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

MD5 cdfbe254cc64959fc0fc1200f41f34c0
SHA1 4e0919a8a5c4b23441e51965eaaa77f485584c01
SHA256 9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9
SHA512 63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

MD5 8e58fcc0672a66c827c6f90fa4b58538
SHA1 3e807dfd27259ae7548692a05af4fe54f8dd32ed
SHA256 6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d
SHA512 0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

MD5 b6022150de5aeab34849ade53a9ac397
SHA1 203d9458c92fc0628a84c483f17043ce468fa62f
SHA256 c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d
SHA512 2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

MD5 d8ccb4b8235f31a3c73485fde18b0187
SHA1 723bd0f39b32aff806a7651ebc0cdbcea494c57e
SHA256 7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba
SHA512 8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

MD5 d31da7583083c1370f3c6b9c15f363cc
SHA1 1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c
SHA256 cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506
SHA512 a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

memory/512-131-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/512-130-0x0000000000F20000-0x0000000000F21000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

MD5 89e794bbd022ae1cafbf1516541d6ba5
SHA1 a69f496680045e5f30b636e9f17429e0b3dd653e
SHA256 7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9
SHA512 16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

MD5 ff3d92fe7a1bf86cba27bec4523c2665
SHA1 c2184ec182c4c9686c732d9b27928bddac493b90
SHA256 9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8
SHA512 6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

memory/512-132-0x0000000000400000-0x0000000000BAB000-memory.dmp

memory/512-133-0x0000000001270000-0x0000000001553000-memory.dmp

memory/512-135-0x0000000071B50000-0x0000000071C75000-memory.dmp

memory/512-134-0x00000000723B0000-0x00000000730D3000-memory.dmp