Malware Analysis Report

2024-09-22 16:47

Sample ID 240319-vhk2zaha95
Target cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
SHA256 cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
Tags
babadeda lumma crypter loader stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

Threat Level: Known bad

The file cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d was found to be: Known bad.

Malicious Activity Summary

babadeda lumma crypter loader stealer

Lumma Stealer

Babadeda Crypter

Babadeda

Blocklisted process makes network request

Enumerates connected drives

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-03-19 16:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-19 16:59

Reported

2024-03-19 17:02

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

157s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d.msi

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Lumma Stealer

stealer lumma

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA45E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57a25c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57a25a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57a25a.msi C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000007667065a040ee7130000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800007667065a0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809007667065a000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d7667065a000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007667065a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x394 0x2ec

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 21.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 telldruggcommitetter.shop udp
US 172.67.132.181:443 telldruggcommitetter.shop tcp
US 8.8.8.8:53 181.132.67.172.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 195.177.78.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 17.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 gemcreedarticulateod.shop udp
US 8.8.8.8:53 secretionsuitcasenioise.shop udp
US 188.114.96.2:443 secretionsuitcasenioise.shop tcp
US 8.8.8.8:53 18.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 claimconcessionrebe.shop udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 liabilityarrangemenyit.shop udp
US 8.8.8.8:53 modestessayevenmilwek.shop udp
US 188.114.96.2:443 modestessayevenmilwek.shop tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 23.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 triangleseasonbenchwj.shop udp
US 172.67.204.169:443 triangleseasonbenchwj.shop tcp
US 8.8.8.8:53 169.204.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 3.17.178.52.in-addr.arpa udp
GB 96.17.179.30:80 tcp

Files

C:\Config.Msi\e57a25b.rbs

MD5 11c83f77380187474f15b0517041a5eb
SHA1 3bd47d95bebe7f81ee6367b45ca0880f439bd38d
SHA256 53f96150eb08278eb79e4d158db2c7e3628dce081b71437fa1fbf0d2bd73f9c8
SHA512 9e77f237f38178f33b959e412673f7e8f9850e2c83d21728e291e55b1431ed40f43b0c5941b818a28669f4a0b646e96dd98fc4f73b8a29d1834988a1dd2583a8

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 873bc1e83540800f3cf5d1c9250dcef6
SHA1 37048176cb782bab1cfce935563db5600236d1ff
SHA256 fa9089d25c55a58850c66706f6f3b2a9771b3d31e7e86e62d9f0ade555f5b48e
SHA512 f04d39c33a75d6bf285416501833fb773547eeee1591c5cb30cc236d501add373fd0f3663c49e1d760847cb32392be3d2947cb7947ed65c67018c051735efe26

C:\Windows\Installer\e57a25a.msi

MD5 a7246054651489f6a3afab3c9132b0b5
SHA1 a2b72f6fa36f48b244c4b19db82093a91a5270c1
SHA256 a13acc876d02e0b4355218520b61233eb1fa495bbf8db98909ce812401396430
SHA512 40d8386c2092bf3b0a56a2194fbdb1444497f052929fcc7eaf369070894f136e33fdc2b29d727f47e1e42c9b872beca96ccb6d149124432e67711e32bb5db9c8

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

MD5 8e58fcc0672a66c827c6f90fa4b58538
SHA1 3e807dfd27259ae7548692a05af4fe54f8dd32ed
SHA256 6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d
SHA512 0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 50f986a346bd989233c7b5929b7bb678
SHA1 5226dd1a18db827f8b35e5177cd86fed03db71a1
SHA256 05e9f41129e1d99bceb0f4ae48dba760d5cb0afdcfa657ffdb0cdabf4cb9d867
SHA512 c7160f99b8fcfa9938149048f020f42be84916671d5c306a4ae34787922b76675d3fa9b3d052060fe760fb68bb218f1034760d13f2ad183762d424023cd6cb44

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

MD5 5efb2702c0b3d8eeac563372a33a6ed0
SHA1 c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99
SHA256 40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b
SHA512 8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

MD5 5199d6173a6deb45c275ef32af377c3c
SHA1 e8989859b917cfa106b4519fefe4655c4325875b
SHA256 a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3
SHA512 80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 b3078233c30f19b243044b01179eae8a
SHA1 179e32d03b9217cf646c89a56020aac14b03b3f3
SHA256 73674f192c0a1076a70f6a6554f8fd5570f98fec809b1c0550ddf1747020d646
SHA512 7243021181d8927f72d15c5091367299ad5ab62a14a1eaf5462f4a45cd1de768c33237d643646841671f74ad5e8735368b94c7588009fb45914f4febd0b2c8fb

memory/4804-77-0x00000000011A0000-0x0000000001483000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

MD5 ae941259a23f165e239d7bed5e778b41
SHA1 fde53927897538d4da7e7446d569cf23c5c96853
SHA256 7e6b6c223f724ae584128d8b855fdebff4f3f89ed8b2f4cbc7c0a29ecf308342
SHA512 7f657dc008fae9c210103aaf57b7c3086968cd5b46a388a93e86762bd78324c06c3433e61db1faffd7245cdb113d9e5503d527b1b79b1d529ca129bb8dd53523

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

MD5 8005704e351f0d05bea84099b3b666da
SHA1 accd08a194e90d4a9036019c420aa2825ca7e7b1
SHA256 c2934ec2b9fb41a32e2693196f1e3ed794f145bcb4576154dfbc88a99f07e00d
SHA512 ef4a0fce1a90292b65f8a1282bd604a0a345c3cf2e5a7f0ac5b16547b91dc5c0e737bc75d9c17a64880930ebdea4df878399f4353b535c4b0b155626180bab8c

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

MD5 b6022150de5aeab34849ade53a9ac397
SHA1 203d9458c92fc0628a84c483f17043ce468fa62f
SHA256 c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d
SHA512 2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

MD5 cdfbe254cc64959fc0fc1200f41f34c0
SHA1 4e0919a8a5c4b23441e51965eaaa77f485584c01
SHA256 9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9
SHA512 63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

MD5 d8ccb4b8235f31a3c73485fde18b0187
SHA1 723bd0f39b32aff806a7651ebc0cdbcea494c57e
SHA256 7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba
SHA512 8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

MD5 89e794bbd022ae1cafbf1516541d6ba5
SHA1 a69f496680045e5f30b636e9f17429e0b3dd653e
SHA256 7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9
SHA512 16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

MD5 ff3d92fe7a1bf86cba27bec4523c2665
SHA1 c2184ec182c4c9686c732d9b27928bddac493b90
SHA256 9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8
SHA512 6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

MD5 d31da7583083c1370f3c6b9c15f363cc
SHA1 1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c
SHA256 cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506
SHA512 a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

MD5 46ede9ea58c0ac20baf444750311e3f8
SHA1 246c36050419602960fca4ec6d2079ea0d91f46e
SHA256 7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236
SHA512 d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

MD5 a6f27196423a3d1c0caa4a0caf98893a
SHA1 58b97697fa349b40071df4272b4efbd1dd295595
SHA256 d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222
SHA512 0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

memory/4804-80-0x00000000758D0000-0x000000007591D000-memory.dmp

memory/4804-81-0x0000000000E30000-0x0000000000E4D000-memory.dmp

memory/4804-84-0x0000000075890000-0x000000007589E000-memory.dmp

memory/4804-85-0x00000000757D0000-0x00000000757F8000-memory.dmp

memory/4804-86-0x0000000000C90000-0x0000000000C94000-memory.dmp

memory/4804-88-0x0000000075730000-0x00000000757CE000-memory.dmp

memory/4804-90-0x0000000075810000-0x0000000075843000-memory.dmp

memory/4804-91-0x0000000000E40000-0x0000000000E5E000-memory.dmp

memory/4804-93-0x0000000000C90000-0x0000000000C9E000-memory.dmp

memory/4804-95-0x0000000075800000-0x000000007580E000-memory.dmp

memory/4804-97-0x0000000075430000-0x0000000075466000-memory.dmp

memory/4804-98-0x0000000001490000-0x00000000014A7000-memory.dmp

memory/4804-100-0x0000000075400000-0x0000000075424000-memory.dmp

memory/4804-101-0x0000000000C90000-0x0000000000C9D000-memory.dmp

memory/4804-96-0x0000000000C90000-0x0000000000C95000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 557a907d86fe402237871060d337b291
SHA1 e7b31075ba4c0bccfece2b1074eff227f7895228
SHA256 2d7ca3d75e390c6a68b15a1e917de5567f19bd3ccfe3bca0ba9de73ecce6fd14
SHA512 fb31f6f759edab0ee8d21b14b7925b0af889f579e250984e099e2cbd01cd83e7fca36a37cf6db10d29f2375357f1700f6cde8a57f9ae17fee775204e20a7cc39

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

MD5 0b1397a7aba086e84e1df964889f1205
SHA1 024dc459b897358265a463ec2366a40c34dcc29d
SHA256 5ba60395f8e944c12d46704d108f00e2c7a56167101233fac8081dab0c4bc715
SHA512 70647a1b9466053e8ad3f856f1c45d6a21ad023e47aae6ece4151befd43239c356cac1aebb2fdb22344b3dd09607aeb6709d5cd44dc05efbf0467974086b70dd

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

MD5 9d34d205adbe5780272ba81f95df4229
SHA1 e0d19b646225e02def1fa310612bee5ebc5ce76f
SHA256 364a54ba0a147057961e4340828bf2dce2c278e24361bb0a1001c6e8100dec9e
SHA512 c08f59416b64fea5053ccaca01671898508daf9d621dfb8071b2382b053ef15f8947d7bf1ccdc92321ed638abaf89787dcbfc7bf8298b63a220e97228c23c077

memory/4804-110-0x0000000074EA0000-0x0000000074FC5000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

MD5 84365155ffc3e864eba46fb712640d96
SHA1 9aedf21abb08ce74ec7eb2df1e7312c4799939b0
SHA256 d34426341d0850f1ca0067e6785feaa1773fb07fe9fd9ef1f3d1236df07f79e5
SHA512 307b3d7be43644306f462e63b4eed9deaba514c1e3bbf8070752ad69021570f1a31bc719c1799b850d18080588cfe2b052a3389e7cdb5daeb15f818feea15681

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

MD5 e98f595caa5ee23e8a3e46d83211da9d
SHA1 a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017
SHA256 df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a
SHA512 e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

memory/4804-113-0x0000000003800000-0x000000000388B000-memory.dmp

memory/4804-114-0x0000000001510000-0x0000000001511000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 c5dc102852ff5103b1608f9b3f1f5d94
SHA1 03f670ea4ce8f0b859b3625f72fd020ad4113c7b
SHA256 88c1e9997cdc38462c697ff1d42b75613b9346b9625e08978c77335f1ba63efe
SHA512 1c09989efd037ead5261d1323b08c0a1057a6ec9238efaeee926b60bb02984eb674d6d52dacfa0ebffc910e5174c3679ad092cc5c2b752b2d67c1d53336a7f3c

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 1f60cb8ccce403328fc3df6b51d64f7f
SHA1 e4d90723414d16f086f74d0dd7dc52aac07fa76a
SHA256 fce99709ea2345d11ccfdcf0d75210f1c3562c1b994cffa3725e3582c0b7aa33
SHA512 9666ad6a3cef7caf23ba9c400c90efd8a6b88577b9715f5885f7fdf3fd35e659ab441565a97c5923a25baee269087a86bade0f679e0180704a5af6efca08ca63

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

MD5 b38c9b2b76254fdf958769db2b9242a8
SHA1 b6374308a0338aac7509fc547e07908b98800625
SHA256 4dc4b7fcab02e7c53f69e5ec59eeff60be22bc1a7ccc7f0ef9828c9e3090fc91
SHA512 40d7bcc8f13a8a5f98843d10a92518e54279ed56ca010dddf5efe1a75c49703bc0bcdfa575e856adc0853cbd03b0ecf1ee0ff245671c0eed555ccc31ab6d2ef9

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

MD5 819b3ca01fca1dee00493a8a9c41d8ab
SHA1 3e5ecf4035e51c673800daed18d8c63948d2e919
SHA256 e8ff65b38667a0bf37e3bc6878d5ae19bd232a9e88c19993627e46942b7205de
SHA512 16d859155955840aa13041c4fc76d7aa1aa5bc7d1e728ca429841f2ecbffec9f10e29f16698633f9edc4f7715ef5e13014e1d38532fc079439f8afacd63488e5

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

MD5 37dd25d6bc0ef765d8c46fd70d134e37
SHA1 19510428f3d2398705687e0bd9a183ebebae4d6f
SHA256 9a75b0d07172f201d373d235025eb75e96627b75ff910a4c060b0c370536a560
SHA512 b925fd0791d0be28c9fb02e0c78ae4e8caa487e2a8d3ff9bd71e8e701406acf0652c195b985e9f209674dee83c94b447534f67c9b64f8569f517f0790e55c5b0

memory/4804-122-0x0000000003F60000-0x0000000003F61000-memory.dmp

memory/4804-123-0x00000000037D0000-0x00000000037D1000-memory.dmp

memory/4804-124-0x00000000014E0000-0x00000000014E1000-memory.dmp

\??\Volume{5a066776-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{5d2604e8-ed3d-4bb0-8c12-ebd158c7807d}_OnDiskSnapshotProp

MD5 4234aa19c17b39bd992e54803fbe722d
SHA1 f934992c8a4622aa86f29a03755bfa7b79c0cf57
SHA256 eb120cd59a58f2c09e90018415a8a59adce86de21ec016c3833d49dea29d3bc1
SHA512 169dd58151641acba7fad392d076511e2cd197af698f766ec75f084758316e42860cd09e2f9665f0947593a506576a7a7edf7234fdf7c793eea152a72a8342d4

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 c19db318823a83a43409ac329483d4df
SHA1 4819a619b9e1da1991e9a4b1f05c6a173b618599
SHA256 8ca5dda8c099a9a20e51d6674e7ad886c717acf7acda2e0b983c139808d2664b
SHA512 3b80284995b4ade86a477dd22848e4ff4426b67e01f3fdef30c4af7f1ec4bc12e663f6d59edab6ee2ee36d08b93a35fd5bac3d805eacc20936c11bd33900084f

memory/4804-127-0x0000000000400000-0x0000000000BAB000-memory.dmp

memory/4804-128-0x00000000011A0000-0x0000000001483000-memory.dmp

memory/4804-129-0x0000000073CB0000-0x00000000749D3000-memory.dmp

memory/4804-130-0x0000000000C90000-0x0000000000C94000-memory.dmp

memory/4804-131-0x0000000000E40000-0x0000000000E5E000-memory.dmp

memory/4804-132-0x0000000000C90000-0x0000000000C95000-memory.dmp

memory/4804-133-0x0000000001490000-0x00000000014A7000-memory.dmp

memory/4804-137-0x0000000001510000-0x0000000001511000-memory.dmp

memory/4804-141-0x0000000003F60000-0x0000000003F61000-memory.dmp