Malware Analysis Report

2024-09-22 16:43

Sample ID 240202-by969aagc8
Target 89c3080450032840bb51a80be936d69e.bin
SHA256 75f193ede0c901a7898b88ec92096f151bd1dd4f5bcd45e80047d5e35fb38a55
Tags
babadeda crypter loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

75f193ede0c901a7898b88ec92096f151bd1dd4f5bcd45e80047d5e35fb38a55

Threat Level: Known bad

The file 89c3080450032840bb51a80be936d69e.bin was found to be: Known bad.

Malicious Activity Summary

babadeda crypter loader

Babadeda

Babadeda Crypter

Enumerates connected drives

Drops file in Windows directory

Loads dropped DLL

Executes dropped EXE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-02-02 01:34

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-02 01:34

Reported

2024-02-02 01:37

Platform

win10v2004-20231215-en

Max time kernel

141s

Max time network

150s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF760.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57f59d.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57f59b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57f59b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000237a6c0e57fb805f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000237a6c0e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900237a6c0e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d237a6c0e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000237a6c0e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 telldruggcommitetter.shop udp
US 104.21.5.9:443 telldruggcommitetter.shop tcp
US 8.8.8.8:53 9.5.21.104.in-addr.arpa udp
US 8.8.8.8:53 gemcreedarticulateod.shop udp
US 172.67.152.52:443 gemcreedarticulateod.shop tcp
US 8.8.8.8:53 secretionsuitcasenioise.shop udp
US 104.21.16.152:443 secretionsuitcasenioise.shop tcp
US 8.8.8.8:53 claimconcessionrebe.shop udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 52.152.67.172.in-addr.arpa udp
US 104.21.58.31:443 claimconcessionrebe.shop tcp
US 8.8.8.8:53 liabilityarrangemenyit.shop udp
US 104.21.83.220:443 liabilityarrangemenyit.shop tcp
US 8.8.8.8:53 152.16.21.104.in-addr.arpa udp
US 8.8.8.8:53 31.58.21.104.in-addr.arpa udp
US 8.8.8.8:53 220.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

C:\Config.Msi\e57f59c.rbs

MD5 f7e405fb2664ebef16f946fe1cf774f9
SHA1 30b7e560f769f8d002f62542ec8b21f095670610
SHA256 b442824665b9ea616e694047f8e15f73c8186da00f4a9fc2b0d344ea8753d8fa
SHA512 06aeb6aa3679a446a888de82983f2e0e60e78dfbb675eb9fc1f41fcc4b17e335a9e35254a09906dc6d2d79e8f6ae6e8ce6223531de9cec88747b8b49e86f839d

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 0e8ad093cf9434303d693c25747869a4
SHA1 4b0faa78cda9a49107ececdb33d9e97cdd7ea958
SHA256 0e9558526b01c45be378dd4f30f707186697194720a6adaac7612dfb8387eb51
SHA512 46b77060ce1f0d11e492d7dbcc676a75ee621bb86a9d9dd912f9c82d5808ec0eae9521c2beb257045761b92b58453fc5c772727c42df6bb7b3bae963f3cad89d

C:\Windows\Installer\e57f59b.msi

MD5 45b58747c5f7d43298a7f2e3ed36f7f8
SHA1 d164a5bcc434702f2ccbb2c262d7927af2f9a061
SHA256 8b76155e481e601ca7c178bece3b0af153008eb918817fa0f2e7cb4eaad4b366
SHA512 465ee4ff653627278e9e0c2dea7dae86f780cdd657a42deeaec65c2d6e114e6c781af5a00db48ea068a447f7ad37e8b2a9e5b1e8c8d12436ff80eda519743aad

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

MD5 5efb2702c0b3d8eeac563372a33a6ed0
SHA1 c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99
SHA256 40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b
SHA512 8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

MD5 8e58fcc0672a66c827c6f90fa4b58538
SHA1 3e807dfd27259ae7548692a05af4fe54f8dd32ed
SHA256 6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d
SHA512 0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

MD5 a6f27196423a3d1c0caa4a0caf98893a
SHA1 58b97697fa349b40071df4272b4efbd1dd295595
SHA256 d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222
SHA512 0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

MD5 b6022150de5aeab34849ade53a9ac397
SHA1 203d9458c92fc0628a84c483f17043ce468fa62f
SHA256 c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d
SHA512 2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

MD5 5199d6173a6deb45c275ef32af377c3c
SHA1 e8989859b917cfa106b4519fefe4655c4325875b
SHA256 a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3
SHA512 80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

MD5 ff3d92fe7a1bf86cba27bec4523c2665
SHA1 c2184ec182c4c9686c732d9b27928bddac493b90
SHA256 9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8
SHA512 6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

memory/416-73-0x00000000011A0000-0x0000000001483000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 8b0597ea7af654de134a9fce80a6be71
SHA1 698a57e3c7c5e3792455a51eaf0b43428ee9e472
SHA256 1e5fc56cc7484b2d02c7bd38ce8609dfcd57bd70170dc1703ed5a182f1601e84
SHA512 e7b7327b9c498356b6edebb9b6e0a3c64919ff22a5c3e891959f14f28fd6962ba6d8a5e5011d7883718aac8d613e13f6d6bd580c22b194de8cffcda47d728cd0

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 50c8771e25777a3809386f0f0eb28fd8
SHA1 c7f1ef1280d699546972de1c541bca1004190efb
SHA256 c7db4dc62295a631880fa78a55e273d7bb7f5db7718e2219bfa34d4d5884e66b
SHA512 e5ec58452038d746e69c901a5d6dfc73d6e65919f0558d980d2f5681d6719ae92a2817f55d75d5ee9ead31258dc6445aca9e5c869fad0a92f02f916fa0f5e344

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 1de1bc22b5555301ffbf71250322ed45
SHA1 df2f0ca480c8d744e77c0030e8336bb41964b918
SHA256 b34d4531c553373e430ea52a9c1b9ce1a5e9c1930ec15122a465a588151687ef
SHA512 a9d80659070fd734165e9f3e61a201e509bd33dcb4474ee0902d225db984d39fa883bdf2c25f4ddaa9feac1d261fbcbeccb0e6438ecfdcc6a959062bfdaebd16

memory/416-76-0x00000000758D0000-0x000000007591D000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

MD5 cdfbe254cc64959fc0fc1200f41f34c0
SHA1 4e0919a8a5c4b23441e51965eaaa77f485584c01
SHA256 9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9
SHA512 63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

memory/416-79-0x0000000000E60000-0x0000000000E7D000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 1f9e50f804f34eac74493d38a2969005
SHA1 5b0e57ea4ecb180cab805ecfb6c7df04da89009a
SHA256 2fe8bbb3e55b255b850efa2a6f8c7f3d05711e848c41def82f8ef2245eefb72d
SHA512 1621149fa51dc7e3f6c55a4de9d4576231d647e4dc84744cc6dfd29fb0af9a8c3dab9343d0bca9aa83c15647782b9dcfe0376f19973838c188f5b46b2c485639

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 50f986a346bd989233c7b5929b7bb678
SHA1 5226dd1a18db827f8b35e5177cd86fed03db71a1
SHA256 05e9f41129e1d99bceb0f4ae48dba760d5cb0afdcfa657ffdb0cdabf4cb9d867
SHA512 c7160f99b8fcfa9938149048f020f42be84916671d5c306a4ae34787922b76675d3fa9b3d052060fe760fb68bb218f1034760d13f2ad183762d424023cd6cb44

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

MD5 d8ccb4b8235f31a3c73485fde18b0187
SHA1 723bd0f39b32aff806a7651ebc0cdbcea494c57e
SHA256 7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba
SHA512 8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

MD5 d31da7583083c1370f3c6b9c15f363cc
SHA1 1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c
SHA256 cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506
SHA512 a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

MD5 89e794bbd022ae1cafbf1516541d6ba5
SHA1 a69f496680045e5f30b636e9f17429e0b3dd653e
SHA256 7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9
SHA512 16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

MD5 46ede9ea58c0ac20baf444750311e3f8
SHA1 246c36050419602960fca4ec6d2079ea0d91f46e
SHA256 7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236
SHA512 d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

memory/416-81-0x0000000000E60000-0x0000000000E65000-memory.dmp

memory/416-84-0x0000000000E60000-0x0000000000E64000-memory.dmp

memory/416-82-0x0000000075440000-0x0000000075468000-memory.dmp

memory/416-80-0x00000000758C0000-0x00000000758CE000-memory.dmp

memory/416-86-0x00000000757E0000-0x000000007587E000-memory.dmp

memory/416-85-0x0000000000E80000-0x0000000000E9E000-memory.dmp

memory/416-88-0x0000000075880000-0x00000000758B3000-memory.dmp

memory/416-89-0x0000000000E60000-0x0000000000E6E000-memory.dmp

memory/416-93-0x0000000000E60000-0x0000000000E65000-memory.dmp

memory/416-92-0x00000000757D0000-0x00000000757DE000-memory.dmp

memory/416-94-0x00000000754C0000-0x00000000754F6000-memory.dmp

memory/416-95-0x0000000000E60000-0x0000000000E63000-memory.dmp

memory/416-98-0x0000000001490000-0x00000000014A7000-memory.dmp

memory/416-99-0x0000000000E60000-0x0000000000E6D000-memory.dmp

memory/416-97-0x0000000075490000-0x00000000754B4000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 9ee6224077521a6a2d5dfc52adfe67bc
SHA1 baa53f7b3d652f134417aeba63792a3343c534fb
SHA256 f5bf854e113b39dcdea935f7b9eb0d09a7ab01a26b0578bb4fb470aa5ecbd914
SHA512 8ba024fc6856fd36dad5fd34b1c760ae3741a61fa91e81b581c0434effb49cab8c7c14e05887cd09313336eb59cad73b7ab341a0e27d6b4435e17e7e8fc4d003

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 50e612a7a5769e9caffdc62088f09a74
SHA1 6e476d7a88a1b004195707fc31c343863a179922
SHA256 81ecd1cbc75929d27d7c05e6004f7d9a4e5fb0f7338e7a6396809e835f08f4ce
SHA512 c25e7becfde9dbd81bb0838f4f2d43cdd1f5869d866a978b0c06a347d6a09c501c7e9b6c8a094012f9018889ddacab24e7f42ce5bb03416b15a21ae392a3949f

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 e98f595caa5ee23e8a3e46d83211da9d
SHA1 a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017
SHA256 df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a
SHA512 e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 658276a6bf6c17511f54254d56cd9022
SHA1 b9af3a23d41aa2bc2bf1f269e0deb8749896c584
SHA256 19b5b1a7be78f20a509b6283d89498f038a74337b803369cb37077e1ebb5fa2a
SHA512 4de906a5637512b40f91d49c798d2c2cea429077b53a7ed6e8eceaa6f0a1f56dbea1085c1a5afeeb689fd0c049d9041064c3d262a43b513f2288967292222fae

memory/416-108-0x0000000074EF0000-0x0000000075015000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

MD5 3978c2550c1e450c0b817854b69b3b82
SHA1 e0db6cb3d7182d16374db7fe6ce15ae7db3346db
SHA256 05a61eb335bf99882924caa6bff364811fda63efb3b76d23665e09b50835f1f6
SHA512 164e3c8922fd8fe2b8be0313e89c17840130946c1d73c7ebf3c7267f944b1a0cbe1517baa0f0e9daf0cf5f802caab6a231c9c412ebcb3111da8fa7f540622a08

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 438e94a331161185f536b61659d139dc
SHA1 440dde2a6b12019187e49e7d5af4daa8d3b5fa47
SHA256 12696df60e4252ae4d44c546ac709acb28341813c35125d2c66f1895c9e78539
SHA512 599ee201e6e1718d66074a99e50bbc0c95b8ce012d143da971ee8fd90fa03be5b739e690e3eb8148d98bedd7776d138409acfeb99601286500251fab4537aa4a

memory/416-111-0x0000000003710000-0x0000000003711000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 b38c9b2b76254fdf958769db2b9242a8
SHA1 b6374308a0338aac7509fc547e07908b98800625
SHA256 4dc4b7fcab02e7c53f69e5ec59eeff60be22bc1a7ccc7f0ef9828c9e3090fc91
SHA512 40d7bcc8f13a8a5f98843d10a92518e54279ed56ca010dddf5efe1a75c49703bc0bcdfa575e856adc0853cbd03b0ecf1ee0ff245671c0eed555ccc31ab6d2ef9

memory/416-114-0x0000000003DA0000-0x0000000003E2B000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 63c5b96b43e63c2fac1697fbe936e227
SHA1 898f30fc375882e977427cce521c88002146ddd9
SHA256 25051ff2c23b8efa5e2a9fc6226aca4975d7a6de165e1c0c04a7756469fc2c02
SHA512 b6495d6bebc3c73098826466786622fce587807dd3ea2978471db6aa2b05666c5bda5e9cc63686a2ace0def0e9f6115d05a79a28a27970ca9074fbffd7789416

memory/416-121-0x0000000000E60000-0x0000000000E65000-memory.dmp

memory/416-120-0x0000000000E60000-0x0000000000E7D000-memory.dmp

memory/416-122-0x00000000038B0000-0x00000000038B1000-memory.dmp

memory/416-123-0x00000000038B0000-0x00000000038B1000-memory.dmp

memory/416-124-0x00000000038B0000-0x00000000038B1000-memory.dmp

memory/416-125-0x0000000000400000-0x0000000000BAB000-memory.dmp

memory/416-126-0x00000000011A0000-0x0000000001483000-memory.dmp

memory/416-127-0x0000000073D00000-0x0000000074A23000-memory.dmp

memory/416-128-0x0000000074EF0000-0x0000000075015000-memory.dmp

\??\Volume{0e6c7a23-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{05dc9949-6e38-4235-aec8-cd66a38e7a0f}_OnDiskSnapshotProp

MD5 931c3dfe0495ffa40193ffcc83c43074
SHA1 7c1236083d1f27bb23780c7abf278990f623d2ed
SHA256 d2d280c446be8430329b597be175d610eedbf8a52219efca00eb99d24433aec0
SHA512 6b5eb11227464a9556278b2e732d31daeb54d9fab753c4d5d0dc08b8d87859143da904be8d66953b157222e5baeea36b7364658e3d026535792e6f473f4e6748

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 440a266e7f330ffb560b9ae681ffb7e2
SHA1 f6ea2b7694a20fba1a808f88cf7d4f8d54c1de65
SHA256 f2ec0bcf53fb15832ebdc9403a7f8a5fea33fa4fe45bbba295884561ca2787c7
SHA512 781d53ecd18255ed95ab6f41e3018fddfa34fffb3eb6698320a5f64f23eccba47b80213fa12d8804b8043397f6c6fda441854202e546e32072ba94af934a8659

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-02 01:34

Reported

2024-02-02 01:37

Platform

win7-20231129-en

Max time kernel

118s

Max time network

119s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\f762a4b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f762a4b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f762a4c.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f762a4c.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2B06.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f762a4e.msi C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005BC" "000000000000055C"

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"

Network

N/A

Files

C:\Config.Msi\f762a4d.rbs

MD5 bfd88a74dda85618213e19ce6d80b2e2
SHA1 78aac4ad59f8abe75c91d0f7b512360c30992229
SHA256 87b7592f5e112fc0cb95811e3797b3dc9ead95ac6c9e3fb36677927fcc6c5c28
SHA512 47596ae3e0eb729734300f17639247ab2d12ce9653b4847b5d1b6e85c5af8eebbcbef47afd6e637950bf67d7932252436a0be10ed26d5bf3f045d646fb661afc

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 cefd423df7a299b9cf378a8995dd5ad9
SHA1 abc8dea81cf74783bd6d016a3e2feb3839390dc4
SHA256 27944c044a4dcd975420e8b15560016602f83f4069520789628f81caa14a6dce
SHA512 4104609d770fdc3cc581b4699d86203ac3004989870d3a782eb400a012ce5bb2e4fb3ef8bbe3d48d551083b1530fcb7179bad8839c17d8c843a645cd75367473

C:\Windows\Installer\f762a4b.msi

MD5 f4237bd332d6a528a1a9f0fb3ae16679
SHA1 bed1b16e0da7ced0ba716ee0a81b5c6331e54c0e
SHA256 b5d9b9baa29b4d508675ca62dcba6da0468cd6999240cc02b0851f19a6959f3d
SHA512 0706aa13232cec87f360cf7421a75fc623d82ab1409dbef9848f06a2f9317fb06f042ea7f30126ef59af500699c8c147c4ae69c2f1f21135b220fa70f5c06076

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

MD5 5efb2702c0b3d8eeac563372a33a6ed0
SHA1 c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99
SHA256 40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b
SHA512 8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

MD5 8e58fcc0672a66c827c6f90fa4b58538
SHA1 3e807dfd27259ae7548692a05af4fe54f8dd32ed
SHA256 6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d
SHA512 0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

MD5 d31da7583083c1370f3c6b9c15f363cc
SHA1 1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c
SHA256 cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506
SHA512 a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 d3a84dfa3ab1f689988a70b5e8005bf9
SHA1 9b53991fb2902004264a96d392de7dd84e203db0
SHA256 67b5ad943611870c27d59db705c179f882b3dd0ffc431f727d50fa5953341037
SHA512 4dae2855644e9c1715ef4afc2326439fcac88fa73982bcb406cced6f56ba00582acfd53f8b7b411f8610cc3c423bba76715504a80990e6e1111d5694ffaadc0f

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 a56c36a7dd238d72672a57573bdb1833
SHA1 2a7db7c8e4b80e1bc9b384159d056c6b5cfc9a38
SHA256 c6138784ca37688e93932f4cdaeebac98522b974fed2d5109844e3c46448dd60
SHA512 a14a1f88f888223af231eda6bbca74449aac21aa5f46e8f2f4b34175d9b115656122e123e667ad70b7f7f8c7d7a338177a111afffa8c38e7f96e740fb4d7d46f

\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 4cfdd136b31e84bd1a9c178580715dbe
SHA1 38ede7f1729a1f56c9e17edd5dd7fde670f18a59
SHA256 8205002164f8f617cbba4baad7fd4a6af22d2c8adf7ec53c98c403dc648ccdc0
SHA512 2a65256eb784e3c598fba5f3686da310ef10b4101df6f27002e781faea53967807dd6eb5c3239d1768bcf6e6ff81a88c0bd7d442f118b945a8c50df9c79db24a

memory/2644-72-0x0000000000E00000-0x00000000010E3000-memory.dmp

memory/2644-77-0x0000000000230000-0x000000000024D000-memory.dmp

memory/2644-83-0x0000000074590000-0x000000007462E000-memory.dmp

memory/2644-84-0x0000000000230000-0x000000000024D000-memory.dmp

memory/2644-86-0x0000000000260000-0x000000000027E000-memory.dmp

memory/2644-87-0x0000000074550000-0x0000000074583000-memory.dmp

memory/2644-82-0x0000000000230000-0x000000000024D000-memory.dmp

memory/2644-89-0x0000000000230000-0x000000000023E000-memory.dmp

memory/2644-91-0x0000000074540000-0x000000007454E000-memory.dmp

memory/2644-92-0x0000000000230000-0x0000000000235000-memory.dmp

memory/2644-80-0x0000000074630000-0x0000000074658000-memory.dmp

memory/2644-79-0x0000000074660000-0x000000007466E000-memory.dmp

memory/2644-75-0x00000000748B0000-0x00000000748FD000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 f0cadf8548cff266e741a19219f447c0
SHA1 7cd4b19a5bb350487893b1bfde05965beebc83b9
SHA256 474d296b39086a5680a8fda9dd895cf4e1f5817b7538a813855e39210a3ec5ef
SHA512 6c059f5037311ac2b82d508d58bc6d8b4ce95b67e4dedc39437d1135e2e0bdc9e87a3f3e2307e80c27036288679ec5f0f6c2f587940aff4b181e4f55160fdf19

\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 a7d2119242e0e6ad2717030d4b62068b
SHA1 5702896034230cd88141b4ec551a97aa6be16e66
SHA256 63514bd2ac28db14736d4c33b3da92fbec3d3ef068af61f34a4acfdd2fb3266b
SHA512 4729a375b99d5fbe49657adb4c617f48b8fb9f068aa9452acdbe0f04b0635405716692cd6848a1f1dbb3e2a0f241246438d9c321b2568675efc9ea2e782ca711

memory/2644-107-0x0000000073E20000-0x0000000073F45000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 3621a8d82b5fd9540a8301d8ee551b68
SHA1 eed2053d6a6ea8b3f11326dabed953b63bfedc9f
SHA256 ea2b626cbfb644328a190d8371306f9a63322bda263a09dcec6e6af1ead77992
SHA512 0124177003d0ac6849d67446bf2c7b869c87f99cc3e11c481fa3d16624a585352e6587f5280656db716af735e5f228bb50ac7dc888498de8f790c865ed67090e

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

MD5 a4c63effcc46eaad8dd1a53e39b1f87d
SHA1 9a2a507b07ae859d74fd7777325439c09decc792
SHA256 a3cf1f0f880ea30aa4f9d8ecf767d86c0a8898e0f50c833dbb76a170c37eca13
SHA512 1c2cfcba081ba1d365cacb8406341d3255d300a8149487ad16d4a2c2213c7de5d8c22c118d8bf23e34cc8f9dea459e82da0b3f24e97cdc693dd531020e4a3ffa

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 290f2720961e73fd2335eecd7266256e
SHA1 d36959ef5b433f430336da17b1662d145d483b36
SHA256 fe073449d29745d2755022feb0d7e366e18cb8dc4f09c1ad57776974fd1d7930
SHA512 19d1b3ab8d6ebffd44b2cacd8c95be53ebd2d115903ced219f5a89b610a5df09af483aa6f1e04aa2bcf57cd3020d0e41a520fc757bd9f680afc19f30ec57e41a

\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 eed4c6521bcb41b4e109782b8a24410d
SHA1 a9ee67f0e2c372a244520774e7252c88a4272cad
SHA256 55f92e3d92d9d4a5df61f26365da4246ce427985a8c355baf3a8ae40ae4cc91f
SHA512 5779c548a21e0af32e0ddd6472a34fed385991ed3bec54395549eb315ea080404e8c6429a9bd59fff594e65b9597df02ced67f35eca09c8806116f0238c5a318

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 ac2f0fe88ecba8cb3ae56b8be3601648
SHA1 942a79027fc9535d19d54a6a6c4442b041752368
SHA256 9e227d35510cc6b4ed2f396e2a8856ec710b50b4fffe288c3e91057501a38a38
SHA512 53fe5c737d618f666667d6ee42d45e556e6497ccd3e120f88b6c7a3decbec66f16844f14bb566f034358937fa693de4f4a221c423a42990d5adfb2a24faaeb6c

\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 f20602c73f1ef3af1d4bc548bd9b0742
SHA1 1264b76d0618e49350393c8fff9bb2b909b452bf
SHA256 2a74e26525d0c7501babee140f9ecaa3e71fbe993c1dedbe4b8bb3391a516911
SHA512 c13053eae9eca1750169ed03f7900ac8263bf9672c08f059a07489821cbcf4a773add635aa0a616b1fc16913147a9726ac4ce10615e575df51317ce2390e18c9

memory/2644-109-0x00000000002D0000-0x00000000002D1000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 b8eb4b304bb2caf1b488abdd98d09aa7
SHA1 34c8ba442caa17c756cbdfead8e9b1d3b4640502
SHA256 d83be5ada79acd47c19ccf777a94886458e7a15cd04041f49ab273bec3cb1bfb
SHA512 97171a55679ebf4e3fc04a35d270c7ace822e92d9b97c5970df500a28a98ab70ae78eb285b1922ca97c6ddff213ae5361fb0abe7ae32f6b3e80e40a0d5d4679c

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 c2c069dfca0017a8c66a1d2b508bc139
SHA1 6b6e91396d1ec99106e632a1447491f4d7d2264d
SHA256 6225cccbc8ed767909eb0c637f9b066ead3ff692dec625bc04a921fb0b8ebdab
SHA512 9d073733b8ebaac71f3433df79f3e04f7f068b0925f150fc48c3460dd7d3c1e25076667a1e9e47e71cc7de66b5190120e909646e67fe28dc5c56a9e3c96ea086

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 377752cd24ac17669a2604f69febdba1
SHA1 5c3a132270b87a04c533a30ec7700cee69c1a9e3
SHA256 314a4fd29b291a0d6155248ca2d3c2dd320d41d6544f70db3a442de1e312cae1
SHA512 d61b962ce0a5460a0b1847e826c35be7e471dfdb1008a066a4fa1243f140c222cb26ab556f0dd4f4207389632410461e4cadf2a834cf2a4bd16d36185b5fe492

memory/2644-99-0x0000000000230000-0x000000000023D000-memory.dmp

memory/2644-113-0x0000000003780000-0x000000000380B000-memory.dmp

memory/2644-118-0x0000000000400000-0x0000000000BAB000-memory.dmp

memory/2644-120-0x0000000004530000-0x0000000004531000-memory.dmp

memory/2644-121-0x0000000072800000-0x0000000073523000-memory.dmp

memory/2644-119-0x0000000000E00000-0x00000000010E3000-memory.dmp

memory/2644-122-0x0000000000230000-0x0000000000235000-memory.dmp

memory/2644-123-0x0000000073E20000-0x0000000073F45000-memory.dmp

memory/2644-98-0x0000000000260000-0x0000000000262000-memory.dmp

memory/2644-97-0x0000000000230000-0x0000000000233000-memory.dmp

memory/2644-95-0x0000000074440000-0x0000000074464000-memory.dmp

memory/2644-93-0x0000000074470000-0x00000000744A6000-memory.dmp

\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 444ad68918251b4cc32f07219a5a6c31
SHA1 14b6572c4fc075ad5164ace11f098b7f735a6a17
SHA256 deb374d90eec719785c54576422fd28acad8e98544a1deec4d29c03506db638b
SHA512 dda97c60eadab52b249d5c470d446d05d8b8f6fdc758bfe659143b272d18373d54521fb0eef1a6cc3654af0aeb9e7a51471baa1aa57c54c066121159ae0c7b3a

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

MD5 5199d6173a6deb45c275ef32af377c3c
SHA1 e8989859b917cfa106b4519fefe4655c4325875b
SHA256 a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3
SHA512 80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

MD5 b6022150de5aeab34849ade53a9ac397
SHA1 203d9458c92fc0628a84c483f17043ce468fa62f
SHA256 c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d
SHA512 2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

MD5 cdfbe254cc64959fc0fc1200f41f34c0
SHA1 4e0919a8a5c4b23441e51965eaaa77f485584c01
SHA256 9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9
SHA512 63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

MD5 d8ccb4b8235f31a3c73485fde18b0187
SHA1 723bd0f39b32aff806a7651ebc0cdbcea494c57e
SHA256 7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba
SHA512 8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

MD5 46ede9ea58c0ac20baf444750311e3f8
SHA1 246c36050419602960fca4ec6d2079ea0d91f46e
SHA256 7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236
SHA512 d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

MD5 89e794bbd022ae1cafbf1516541d6ba5
SHA1 a69f496680045e5f30b636e9f17429e0b3dd653e
SHA256 7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9
SHA512 16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

MD5 ff3d92fe7a1bf86cba27bec4523c2665
SHA1 c2184ec182c4c9686c732d9b27928bddac493b90
SHA256 9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8
SHA512 6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

MD5 a6f27196423a3d1c0caa4a0caf98893a
SHA1 58b97697fa349b40071df4272b4efbd1dd295595
SHA256 d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222
SHA512 0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0