Malware Analysis Report

2024-09-22 16:41

Sample ID 240202-b71n6sddbq
Target b82ada91e8742234257d9cad38deebfe.bin
SHA256 97492f37f8bb48d5738c52a888e8c2121ecc221dd20cfc38d23e5ccf49f48ae4
Tags
babadeda crypter loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

97492f37f8bb48d5738c52a888e8c2121ecc221dd20cfc38d23e5ccf49f48ae4

Threat Level: Known bad

The file b82ada91e8742234257d9cad38deebfe.bin was found to be: Known bad.

Malicious Activity Summary

babadeda crypter loader

Babadeda Crypter

Babadeda

Enumerates connected drives

Drops file in Windows directory

Loads dropped DLL

Executes dropped EXE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-02-02 01:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-02 01:47

Reported

2024-02-02 01:50

Platform

win7-20231215-en

Max time kernel

117s

Max time network

118s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834.msi

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\f762368.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f762368.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f762369.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2414.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76236b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f762369.ipi C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Enumerates physical storage devices

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "000000000000038C" "0000000000000554"

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"

Network

N/A

Files

C:\Config.Msi\f76236a.rbs

MD5 f05cb15b922c9ea4b7fe63ec8dfa276c
SHA1 1892550bd52c9c0cfce7fe54f54f84fde65164f8
SHA256 23cd115804e508e62614757b902d1d58677df351f49764ed82bc7b867e99ef08
SHA512 5711036ab9dab77433c0a50b887c56425dd41771dcdf06edf55ac735d2503219fad2fddcd7053e033c1fc3499202cd4351a41bad729e5f94b7c26a28dcaade06

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 bda15158e43345f45479a8d238a469c3
SHA1 07a6d9f663644687acc546eaebc7e24951ecf2c7
SHA256 33cab888684b171cf7ebc2bd4a60beca626ea693483409e77ec200f0e81966da
SHA512 c5e046b569549716fa9301fda5728a8c07ce83264627d7dc22657dddc6ca6ff6a5682687e96afd0e1ec272564d83abfc062c0d8fc0a9a1f5bc3d7a23691193f4

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

MD5 8e58fcc0672a66c827c6f90fa4b58538
SHA1 3e807dfd27259ae7548692a05af4fe54f8dd32ed
SHA256 6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d
SHA512 0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

MD5 5efb2702c0b3d8eeac563372a33a6ed0
SHA1 c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99
SHA256 40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b
SHA512 8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

C:\Windows\Installer\f762368.msi

MD5 0ad8482b2e34635b22b7370fe952b2d7
SHA1 9ee3a884e43238dbe67e4be800df242a15355bbf
SHA256 eb6bb730719103350d9f197c0060ee0dddfb9ea3fc09b6074dae38dad56df76c
SHA512 abbb37e3dbcd1b86c012acb531f32d68c6e915c567a3d76f8409815d6925d54ffab198412340e2ba54a9c4ea87c6069968334c2c2360d8be4b2c5d9271e6172c

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

MD5 a6f27196423a3d1c0caa4a0caf98893a
SHA1 58b97697fa349b40071df4272b4efbd1dd295595
SHA256 d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222
SHA512 0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

MD5 ff3d92fe7a1bf86cba27bec4523c2665
SHA1 c2184ec182c4c9686c732d9b27928bddac493b90
SHA256 9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8
SHA512 6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

MD5 89e794bbd022ae1cafbf1516541d6ba5
SHA1 a69f496680045e5f30b636e9f17429e0b3dd653e
SHA256 7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9
SHA512 16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

MD5 46ede9ea58c0ac20baf444750311e3f8
SHA1 246c36050419602960fca4ec6d2079ea0d91f46e
SHA256 7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236
SHA512 d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

MD5 d31da7583083c1370f3c6b9c15f363cc
SHA1 1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c
SHA256 cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506
SHA512 a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 316e131300e0213b2cb5c2e6ab4adfec
SHA1 9a19d080aba110e56ddfb3b8ad73c54979ad5d51
SHA256 039102fd6e00e4df31f2855a4aa5dcb58ff8e4c6528f015bc5cb77ba0cd749e6
SHA512 fbf837c0ef42a5d6b7a9df83fe05f50d21b98f5d7b49c9f3b7e05cd14102a4afbd319442a770034827c9a091ea78341f4cf436e4c86d0d31d9d650cd2fe80239

\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 7eca0aeb9b81a172f256edfc8f34623b
SHA1 6642b2f67e110f9abf6b980b49ff5f19e1340bff
SHA256 12eaf5865f4e6b7067c50c0a133bbe8b1222fac3c8e8bebed777c25ed739dc2f
SHA512 f43e66f1ecf6db9e6550b6d995639025e69a784a0d287b1f12d25180f42870c069f155d8c20334bf6ef4f7a38d8f4dffa7ec921b580654afecb608b6da946778

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

MD5 5199d6173a6deb45c275ef32af377c3c
SHA1 e8989859b917cfa106b4519fefe4655c4325875b
SHA256 a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3
SHA512 80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 eeb2c9f79926c1074703c378fb27215c
SHA1 df632ea453d0986aebb5961a7874c25426e5885b
SHA256 ba71994c06091dfdc0f1c51eda9e41be888224d165fc0d62d7d882384569600c
SHA512 0ffb563a20b1bf6659ae78d79fe28379e9560c91e4a258dd12046c4659aaf30772b1dcbd426466fee513f42711bc55c70f3f8c8f9ebfc533173b5e9cc3b80406

memory/1928-75-0x0000000074C40000-0x0000000074C8D000-memory.dmp

memory/1928-72-0x0000000000E60000-0x0000000001143000-memory.dmp

memory/1928-79-0x00000000749F0000-0x00000000749FE000-memory.dmp

memory/1928-81-0x00000000749C0000-0x00000000749E8000-memory.dmp

memory/1928-82-0x0000000000240000-0x0000000000244000-memory.dmp

memory/1928-80-0x0000000000240000-0x0000000000244000-memory.dmp

memory/1928-84-0x0000000074920000-0x00000000749BE000-memory.dmp

memory/1928-87-0x00000000748E0000-0x0000000074913000-memory.dmp

memory/1928-86-0x0000000000240000-0x0000000000244000-memory.dmp

memory/1928-89-0x0000000000240000-0x000000000024E000-memory.dmp

memory/1928-78-0x0000000000240000-0x000000000025D000-memory.dmp

memory/1928-95-0x00000000747D0000-0x00000000747F4000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 cb1817950cc3bdd9c92a456fa9e916f0
SHA1 9cc288ca58c49d045b95cc158481c169e1d741d7
SHA256 7e0c783362e1f1b8b050c66b79df7f44b897fd9e3e587c4de779d67b973d48a6
SHA512 4e7cdaaadceebd541fecdb5c000e1d759e80426891c70dbd6db105411f149e9b799063c3a01ce7a9b1b0c4c07465aea330db269db4c6b5a22ab0b5e53cf4ee95

memory/1928-99-0x0000000000240000-0x000000000024D000-memory.dmp

memory/1928-98-0x0000000000240000-0x0000000000247000-memory.dmp

memory/1928-97-0x0000000000240000-0x0000000000243000-memory.dmp

memory/1928-93-0x0000000074800000-0x0000000074836000-memory.dmp

memory/1928-92-0x0000000000240000-0x000000000024E000-memory.dmp

memory/1928-91-0x00000000748D0000-0x00000000748DE000-memory.dmp

memory/1928-103-0x0000000000D50000-0x0000000000D51000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 25ccafba34985d46d9e360db0e8b9e72
SHA1 6c059ab9e433a13903bda41533a473aa35a13106
SHA256 390729457316c2f908263361cad0abca1d663e470d9f159e262059487ff27ece
SHA512 c649c98b3d74310e4a745cc4d22a4efa44cb5b05db13b104df004f6720f107d202243f4b346e7ee782caac615b36206fcc253c4a02e4f2b07ff2e8941289c47e

\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 c4c378218fb9d136a67a300219a8cb95
SHA1 a8fd2a1cc9cb996646ed9e79baaa342c16d3b163
SHA256 c8341f8a3a3a410607b7a364e0317bb21d9b158ac55abbe2b3425b27649b3149
SHA512 26e8361cee243a8a6f4879c1608b29b713f725487d320833560140418e73027fa92def0790bb8465293d240e0e237a015ac45112b1a4153afbacb4fddb3f9b8e

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 e151093a653ef47adc95f84100fb8d4d
SHA1 bc44b1e79b6cd81da91bf82c1d3ed8a11d622666
SHA256 bf80b723f8652bb210122bc697c2db2c2bcc09b5d818ff9704d1d87ad6b373f3
SHA512 21e58f3e742349ce06f1bfa7e091962862d1664f94b780bf5eacbf7bd308b929a9482666946107a836b2dc804e0bb9b899008cfe014bb194d7adccb95684cb04

\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 6b61ba46a95b859672f97031e5eb9f8c
SHA1 99d9cbfd335ab1153f72e2b0a917db13eda885ed
SHA256 392f0aaaad77c702a40421c3b008083750249e4fa69009c47858c1d9826edebe
SHA512 5c1f820fdc9997fd0e59d54b0f2009c86809ccf0fdb5a4e2deafa6e05cdd31c055a37532560a2cad9db20fe537cd30cd4a43e50cdeb0a6821e8e00b4b964d6e2

\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 55ee605f0b4cd2bd10c762df987cb74e
SHA1 13fe4d24b58160d0be11ab94470f0da0b1d2595b
SHA256 8a9af16b2876f37d28b5a8d21aaf9d93dc6f16f3759f2321505707086b8b3b7c
SHA512 28336ebb97296a1b422efda4360b21380f61b19fc79bd6851df2960d894024bfc8f60a91a8a48a141256d8e48a20a4b129c4c751f2ee5fa374bf04388f5aecc7

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

MD5 b6022150de5aeab34849ade53a9ac397
SHA1 203d9458c92fc0628a84c483f17043ce468fa62f
SHA256 c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d
SHA512 2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

MD5 cdfbe254cc64959fc0fc1200f41f34c0
SHA1 4e0919a8a5c4b23441e51965eaaa77f485584c01
SHA256 9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9
SHA512 63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 e98f595caa5ee23e8a3e46d83211da9d
SHA1 a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017
SHA256 df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a
SHA512 e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 658276a6bf6c17511f54254d56cd9022
SHA1 b9af3a23d41aa2bc2bf1f269e0deb8749896c584
SHA256 19b5b1a7be78f20a509b6283d89498f038a74337b803369cb37077e1ebb5fa2a
SHA512 4de906a5637512b40f91d49c798d2c2cea429077b53a7ed6e8eceaa6f0a1f56dbea1085c1a5afeeb689fd0c049d9041064c3d262a43b513f2288967292222fae

memory/1928-112-0x0000000071780000-0x00000000718A5000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

MD5 3978c2550c1e450c0b817854b69b3b82
SHA1 e0db6cb3d7182d16374db7fe6ce15ae7db3346db
SHA256 05a61eb335bf99882924caa6bff364811fda63efb3b76d23665e09b50835f1f6
SHA512 164e3c8922fd8fe2b8be0313e89c17840130946c1d73c7ebf3c7267f944b1a0cbe1517baa0f0e9daf0cf5f802caab6a231c9c412ebcb3111da8fa7f540622a08

memory/1928-118-0x0000000005870000-0x0000000005871000-memory.dmp

memory/1928-119-0x0000000000400000-0x0000000000BAB000-memory.dmp

memory/1928-120-0x0000000000E60000-0x0000000001143000-memory.dmp

memory/1928-121-0x0000000072B90000-0x00000000738B3000-memory.dmp

memory/1928-122-0x0000000000240000-0x0000000000244000-memory.dmp

memory/1928-123-0x0000000071780000-0x00000000718A5000-memory.dmp

memory/1928-113-0x0000000005160000-0x00000000051EB000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

MD5 d8ccb4b8235f31a3c73485fde18b0187
SHA1 723bd0f39b32aff806a7651ebc0cdbcea494c57e
SHA256 7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba
SHA512 8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-02 01:47

Reported

2024-02-02 01:50

Platform

win10v2004-20231215-en

Max time kernel

137s

Max time network

146s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834.msi

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e5779c4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5779c4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7ABE.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5779c6.msi C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000083dd7964f79773090000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000083dd79640000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090083dd7964000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d83dd7964000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000083dd796400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x344 0x498

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 telldruggcommitetter.shop udp
US 172.67.132.181:443 telldruggcommitetter.shop tcp
US 8.8.8.8:53 gemcreedarticulateod.shop udp
US 172.67.152.52:443 gemcreedarticulateod.shop tcp
US 8.8.8.8:53 secretionsuitcasenioise.shop udp
US 172.67.213.168:443 secretionsuitcasenioise.shop tcp
US 8.8.8.8:53 52.152.67.172.in-addr.arpa udp
US 8.8.8.8:53 181.132.67.172.in-addr.arpa udp
US 8.8.8.8:53 claimconcessionrebe.shop udp
US 172.67.199.120:443 claimconcessionrebe.shop tcp
US 8.8.8.8:53 liabilityarrangemenyit.shop udp
US 172.67.182.52:443 liabilityarrangemenyit.shop tcp
US 8.8.8.8:53 120.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 168.213.67.172.in-addr.arpa udp
US 8.8.8.8:53 52.182.67.172.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp

Files

\??\Volume{6479dd83-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{692bc860-7961-4659-b081-69a5a0fc47c6}_OnDiskSnapshotProp

MD5 87125b19052c3c5468e6e348f4979f6c
SHA1 b256859be4f57832776c22cb69e6a2168dde1ab7
SHA256 e36d4dccb01541944e6d5f8dba41c13cd45a90cb65abdbfbf93b50f685aae358
SHA512 c9640f3ad760ab3153fbd47ac1d44520144aa1fce0ee5cfbb5db8557e39b4e8eefe59eb9a81072e07fe601d1482c0b88278cdff48e695d835c98cfea855454dd

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 96c606ec97aa906737d2d5401dccbe1d
SHA1 87ca3e90cce3bd3b58781fe0d9a38dae8815843b
SHA256 3350ce1f0deb3d979dedfd48143fe9a69969bdddd3eba31856222bc560aaea10
SHA512 0979f42cf0f038f7775a2fb412503945f5d09ee8a35a195e90a178256035f134395be2f228cc052ccfd4cf118f7019f74edf98797a7776b0a90bd26caed0ce23

C:\Config.Msi\e5779c5.rbs

MD5 2951e4755f94832de11a56dad6339019
SHA1 2bab9d6b0a68bb326e683e6ed27459c28b7ccd65
SHA256 d49879164e14af59deeea72f89e583e04e88a39422aa9519143a9866f8d5b072
SHA512 250a933cdcbcf9ea9fd0079011a19ec723324c3ba22b80a113a7e78c5eed06308bf7190426df8413bcb6264dd971ecb8639e2ab7bfc876f520642229fb58a13d

C:\Windows\Installer\e5779c4.msi

MD5 3723f786d4fff9dbe179f2eb7c722118
SHA1 5773fa9085d04aa043a8289fd217f885824a3165
SHA256 e73fd512913ef6405cdd7f41057b3fa5f116ffca972da4c8fe8631d8c0a7db60
SHA512 5b9717f0cfcd66e9cda8a33ca119f3f947fd6881b15a31366986f78acdfe6084a6fff6f95b579930a16537c65500c052c588f506dc015f052e49092b88333d70

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 6d375e8ba7af357bd13bfcc5cd08e49e
SHA1 f73ec8dab6264fc67c2b216bc9df62b28f3c3945
SHA256 deeb3a5b6bd7f3cdbfa420c28d76645366284a3a57e2dc63ce7850a9ae155ade
SHA512 1d3b44174eb624389a781f4e41eef7e2f055a4b51ed1c26fcd551357bd642e3e22b3087a558948ac5c6b34afeb8c8ffcbb5f85ecc2581dd5d0b01712b74a827c

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

MD5 5efb2702c0b3d8eeac563372a33a6ed0
SHA1 c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99
SHA256 40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b
SHA512 8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

MD5 8e58fcc0672a66c827c6f90fa4b58538
SHA1 3e807dfd27259ae7548692a05af4fe54f8dd32ed
SHA256 6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d
SHA512 0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

MD5 cdfbe254cc64959fc0fc1200f41f34c0
SHA1 4e0919a8a5c4b23441e51965eaaa77f485584c01
SHA256 9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9
SHA512 63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

MD5 5182cfb12cd17dac9e8c371ce8e25e5f
SHA1 78aa6bd589ba7da16da7dedca791a5101ae46c58
SHA256 56680aa661e650d387f410db85fcbccd748b0d1ff6574257f9500662a29ba0f9
SHA512 e29b06b2c132bf40490e3ede7c2b43212f47662990e925db6f34773da7193d6fec7b1a2b3073e87222b853e7eec12d0d79f80b75725dd032a98b4c75f38ca439

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 8630b25bf4206be33728b92827eaa9b7
SHA1 30ace4adbf807289064d090f2bbee58ceb526ac7
SHA256 0e177c8d9d3cfadafee51e3e8d7048ccb41c7c9cabd99257daa304b626f7515f
SHA512 461a746352a91864f63b6f83d64b14d5a0040e6998a5b658ac3a1ddc89fac6b3b195b74a527281656407596eea6a26ee0d0e0950121018a9468fa5d1818ce1b6

memory/3520-75-0x0000000001190000-0x0000000001473000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 9f6c96fff7958530c9891017557b7da8
SHA1 c4fc536d83d06915b72c9805a653c901b402b24e
SHA256 0a7c1820e4c66a7d79164e7850e46fc38e9938d030f81d1eca23387fbd49effe
SHA512 96c3b59c4e4e117ec66efa49c2a7b8b07082aafce67c075de0811f2c25d4c2b9d091bfd722a4c54de5d21f52759da6acceaf897d41e4008c9a84c149b1cead7e

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

MD5 1be3c1262d06acbce1400889c28234d5
SHA1 1a5f3c89afc83b468e14451b94b2d6e916533b33
SHA256 8c7537d764b0533731143841e9075bf8c640838df6955b180fad90a54bf567c5
SHA512 78616089f5969e8d924f0e7f512d222a8e023307f01a3e8f250f4a07e38cb4afd1908023e1375a2d46c41f19e0ef33ba8bec97317d16f4e068ea2ec4e6d17ddb

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 81e242f512d2f2beebf4792479f1287e
SHA1 b270d1c42576e27e6965d9bd8cfe8d108cd2e2bd
SHA256 730963841d3a312cc09ff35585ad9f735ed5dfde3a0a6efe02014fd165e0e7be
SHA512 ca5040dc20170eb1e60b5bb0b308dde2f5439fde42618a3cc805ce1753e27e97055139803ef07500288f47b7737e69e28a62decc47ec32c5b3d168e484c2d721

memory/3520-78-0x00000000756A0000-0x00000000756ED000-memory.dmp

memory/3520-81-0x0000000075690000-0x000000007569E000-memory.dmp

memory/3520-84-0x0000000000E60000-0x0000000000E64000-memory.dmp

memory/3520-83-0x00000000752B0000-0x00000000752D8000-memory.dmp

memory/3520-86-0x00000000755B0000-0x000000007564E000-memory.dmp

memory/3520-87-0x0000000001480000-0x000000000149E000-memory.dmp

memory/3520-91-0x0000000000E60000-0x0000000000E6E000-memory.dmp

memory/3520-93-0x0000000075580000-0x000000007558E000-memory.dmp

memory/3520-95-0x0000000075200000-0x0000000075236000-memory.dmp

memory/3520-94-0x0000000000E60000-0x0000000000E65000-memory.dmp

memory/3520-97-0x00000000014A0000-0x00000000014B7000-memory.dmp

memory/3520-89-0x0000000075650000-0x0000000075683000-memory.dmp

memory/3520-99-0x0000000000E60000-0x0000000000E6D000-memory.dmp

memory/3520-98-0x0000000075260000-0x0000000075284000-memory.dmp

memory/3520-82-0x0000000000E60000-0x0000000000E64000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 04cb9f33d9a854cd49badf1a26c4bdbd
SHA1 1498e6dfd9e4b79d9b537511981c3295d37a7013
SHA256 c7cd06c4d7c7ccf46e60270d59c442e8100c9b1f5a76e76979a0f4affb58d4f2
SHA512 b9496a4ba3af69f8b480a4676ddda5a72583c3dade4a2108f3c28a9c269351283ba332aa4cb821fbaf77edf3694ec1b300ce547a4e740a9c630d70bd1a31f89f

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 bd71a16afa3d22d485d58fb07fe21a1a
SHA1 51b28f7cc77a2a09a5c3be620380964022146436
SHA256 08f2420cbdfdd50c761f0f30be0dde8662e1f93408f2d7d71a5e8c18c3cd7f0a
SHA512 65f5eacb3d5f570e222eff473ba05e85da36afc96c64a048a84011b6f4ad6cbf7d2933873bdaaaeda1da792a6cd5979ee44c01c366bf50942df6620e3bb3a197

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 a5da2ed45d4131e08665f76fed925f96
SHA1 9c8060bb1ddab3203721198ae8fb25415701df6c
SHA256 7eb158fff59729819577dce277c4f44de4551f8ea09a8edcd11eed5b237c526d
SHA512 63199af851f9596e8ed82c9cff728699d74adb711241dff064262f8d3315746840056a4914cc361843516388b1264fddfee95310e069b71f41ffe4d50d87433c

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

MD5 5199d6173a6deb45c275ef32af377c3c
SHA1 e8989859b917cfa106b4519fefe4655c4325875b
SHA256 a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3
SHA512 80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 24b1b98aaca441dbbbd7e086f0e7ab02
SHA1 e923aedfab046fcff7a31f033576e3dad24f84f3
SHA256 98e4dbd260c19c5bf3afdd754303f65f61502122a3ad0bc3ed8a6ee59bc49a7c
SHA512 f6341f6d0d46d3535ac96647d04866c27103a87435d84caa1f4acdf8d3e42978286df19529720a03b4be373def617e84b93c7c2b096aa02f9ec10a7dab32840d

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 4e7934c043eabefa1aeb37a459b959b3
SHA1 17a52c81a8281ab76c0745f0bf647d2ac54897df
SHA256 48a6140e2f6e07c31851f82127b150956042765b58c1222bd89af9f3eea702ec
SHA512 4eec51e8e708b355aced2653212ddcc9061b8a4e64dcf46d68904a4137b7c85f522e428f6d0b2792a86c495015d57863a914fdf6294da48548e05634de96c614

memory/3520-108-0x0000000074CB0000-0x0000000074DD5000-memory.dmp

memory/3520-110-0x0000000003090000-0x0000000003091000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 e8ab6afc4d1f7c9a28748951dfd49878
SHA1 2b16cf55b0ff533dfa3da2fd1967d8eabea53de7
SHA256 34bb5de8f4c85ded207e669b21adfab1f40fb0c1bb89dd1ca832ebed261d1b9a
SHA512 6f96280bb1314427a88bfbdb64f6638b7d9b725cde81054dcd510aaf1e73c2ae51a6b54913128419c7714192c8afab367fe6254bf6a12c80b26ecfa42ce5f8f8

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 29d84c491e603bc1a2baa9c554a1d044
SHA1 4b3c64393ef56b5608586414ad582333fe283915
SHA256 7a2c2b468865721b099309f7bc335aeed1523ba43281cc47cd406736ac8b5054
SHA512 f9505925a41336c6c65bb8900280f48dc6d3ce593b432bd06c168a1023046ee35cf6fc0851109a730e222a69638a6af1778eae9f4971b4cf8c1d3579d518e98a

memory/3520-112-0x00000000039A0000-0x0000000003A2B000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 e65681d8df633f3e378fc5f066346fa1
SHA1 636d039a3d279e5d6ce9afa7395aab876c01250a
SHA256 cb56fa07c139df9a1549196ef89dac9d1302b3c84cec836dee40a110e3bb9c08
SHA512 ce5df07ee1b86e99ccc344ae18b08cc609a358ea088033424cee9f90a1875664ff118013c28c2dc770cc71c6a12d920ae7ee04fbfad3e9ec8d06466880bdb956

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 7090c7c4a10f1e763e471ff794c07fbc
SHA1 eee208dced614e6ab2f841d94ea74b0f0d6a8a43
SHA256 44fe744dc26a4455811c86738d568126eb0ba9580adca2703804d03526760c3a
SHA512 c6c57a1c907db7353956510479a7b6dba94c24f16a302aeec105c1d778900e3d80d29ef246afcff26856e94970a3f45b3cad1d5a43cc25b2c888fa3a3df0eb17

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 60304d3b6b85b64ada55683a78ee2894
SHA1 40d970a60228e3105428fdf298d320d0462997a5
SHA256 c7267f4982c338891b43dad91f4c93c52ed979bcd7f00341775e7432c1ae48c9
SHA512 479e2402d756ec1cb61ca68074057a2706acb97ce8ee00c3e628e843f16ac40bd61baf27f1254c5ccb4623c59df6a32945c3ebaa49c8d24912059ee2b5f9d3d7

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

MD5 c14003b894a19f0eccaf196cdb1b740e
SHA1 b33345f8653e124f0ce416b60475564470772593
SHA256 123e39a6cf5263742333ab9968914f79d6ec7277e2e27e7b498073f842bfa2e1
SHA512 b0d6710cdae85fca7e00c99ca0ae90a698ea760210b9f94f5804578c08dc248945c1905dbd13d93e452a67651cd20bb614b286231d219495e5854154a85a8381

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 538b2d0a5d2787c1fb92f3144c485ef0
SHA1 e6a5b93643292798878722e7ef4e5eb581ec346a
SHA256 35e49b4a3f03eb4c80603a99d1bc4ea05ab54c8229873e4d3a978e6fa77e6f75
SHA512 2a4db6f8d782dd6660c780966e6d30a7708b4308150806ca9a5d07820dfe5c3cec2b9fedb00dc49292fb3399ac985c1184a7b87911f9f35ee276cea08c545939

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 e98f595caa5ee23e8a3e46d83211da9d
SHA1 a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017
SHA256 df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a
SHA512 e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

MD5 ff3d92fe7a1bf86cba27bec4523c2665
SHA1 c2184ec182c4c9686c732d9b27928bddac493b90
SHA256 9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8
SHA512 6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 9cf887b886af7c897e8cafe5dc70afb7
SHA1 98bb097b998dff54a1aea8917c236db17c0a9aef
SHA256 819702b3ed0647beac115c5a601fb8372d67633a8be4099b8b5360d22f9572f5
SHA512 d7f790d95bee1dcb5a3ae62c6a85fe7b36ab357fea83862a21e3a31ca1e27cfc9d46e4c6def80c7d439c30e93235141e1e3efdd84e77b8a87af06fa5b7ec24f9

memory/3520-121-0x0000000003E60000-0x0000000003EA0000-memory.dmp

memory/3520-119-0x0000000003090000-0x0000000003091000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

MD5 b6022150de5aeab34849ade53a9ac397
SHA1 203d9458c92fc0628a84c483f17043ce468fa62f
SHA256 c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d
SHA512 2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

MD5 d31da7583083c1370f3c6b9c15f363cc
SHA1 1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c
SHA256 cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506
SHA512 a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

MD5 d8ccb4b8235f31a3c73485fde18b0187
SHA1 723bd0f39b32aff806a7651ebc0cdbcea494c57e
SHA256 7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba
SHA512 8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

MD5 89e794bbd022ae1cafbf1516541d6ba5
SHA1 a69f496680045e5f30b636e9f17429e0b3dd653e
SHA256 7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9
SHA512 16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

memory/3520-123-0x0000000003E60000-0x0000000003EA0000-memory.dmp

memory/3520-124-0x0000000003E60000-0x0000000003EA0000-memory.dmp

memory/3520-125-0x0000000003E60000-0x0000000003EA0000-memory.dmp

memory/3520-122-0x0000000003E60000-0x0000000003EA0000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

MD5 46ede9ea58c0ac20baf444750311e3f8
SHA1 246c36050419602960fca4ec6d2079ea0d91f46e
SHA256 7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236
SHA512 d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

MD5 a6f27196423a3d1c0caa4a0caf98893a
SHA1 58b97697fa349b40071df4272b4efbd1dd295595
SHA256 d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222
SHA512 0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

memory/3520-128-0x00000000014E0000-0x00000000014E1000-memory.dmp

memory/3520-127-0x00000000030B0000-0x00000000030B1000-memory.dmp

memory/3520-126-0x0000000000E60000-0x0000000000E64000-memory.dmp

memory/3520-129-0x0000000000400000-0x0000000000BAB000-memory.dmp

memory/3520-130-0x0000000001190000-0x0000000001473000-memory.dmp

memory/3520-132-0x0000000074CB0000-0x0000000074DD5000-memory.dmp

memory/3520-131-0x0000000073AD0000-0x00000000747F3000-memory.dmp