babadeda | 91a2438e2f0b0572836b4e501bb22141c6908746b3891a41401a7276a03c1030

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-01-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ClipPlusCommunitySetup.msi
Size

17.1MB
MD5

eb64b1dbb38961bdb4c0f4b724b1ed3d
SHA1

a375bc847388cdddc6cffd57dc7f0c3d6be72cdf
SHA256

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
SHA512

5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7
SSDEEP

393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral2/files/0x0006000000023224-108.dat	family_babadeda

Executes dropped EXE 1 IoCs

pid	Process
3068	dsw.exe

Loads dropped DLL 19 IoCs

pid	Process
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	1404	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI7290.tmp	msiexec.exe
File created	C:\Windows\Installer\e57713a.msi	msiexec.exe
File created	C:\Windows\Installer\e577138.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e577138.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000cdbedf05adb60d680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000cdbedf050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900cdbedf05000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dcdbedf05000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cdbedf0500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2280	msiexec.exe
2280	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1404	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1404	msiexec.exe
Token: SeSecurityPrivilege	2280	msiexec.exe
Token: SeCreateTokenPrivilege	1404	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1404	msiexec.exe
Token: SeLockMemoryPrivilege	1404	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1404	msiexec.exe
Token: SeMachineAccountPrivilege	1404	msiexec.exe
Token: SeTcbPrivilege	1404	msiexec.exe
Token: SeSecurityPrivilege	1404	msiexec.exe
Token: SeTakeOwnershipPrivilege	1404	msiexec.exe
Token: SeLoadDriverPrivilege	1404	msiexec.exe
Token: SeSystemProfilePrivilege	1404	msiexec.exe
Token: SeSystemtimePrivilege	1404	msiexec.exe
Token: SeProfSingleProcessPrivilege	1404	msiexec.exe
Token: SeIncBasePriorityPrivilege	1404	msiexec.exe
Token: SeCreatePagefilePrivilege	1404	msiexec.exe
Token: SeCreatePermanentPrivilege	1404	msiexec.exe
Token: SeBackupPrivilege	1404	msiexec.exe
Token: SeRestorePrivilege	1404	msiexec.exe
Token: SeShutdownPrivilege	1404	msiexec.exe
Token: SeDebugPrivilege	1404	msiexec.exe
Token: SeAuditPrivilege	1404	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1404	msiexec.exe
Token: SeChangeNotifyPrivilege	1404	msiexec.exe
Token: SeRemoteShutdownPrivilege	1404	msiexec.exe
Token: SeUndockPrivilege	1404	msiexec.exe
Token: SeSyncAgentPrivilege	1404	msiexec.exe
Token: SeEnableDelegationPrivilege	1404	msiexec.exe
Token: SeManageVolumePrivilege	1404	msiexec.exe
Token: SeImpersonatePrivilege	1404	msiexec.exe
Token: SeCreateGlobalPrivilege	1404	msiexec.exe
Token: SeBackupPrivilege	2872	vssvc.exe
Token: SeRestorePrivilege	2872	vssvc.exe
Token: SeAuditPrivilege	2872	vssvc.exe
Token: SeBackupPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeBackupPrivilege	2328	srtasks.exe
Token: SeRestorePrivilege	2328	srtasks.exe
Token: SeSecurityPrivilege	2328	srtasks.exe
Token: SeTakeOwnershipPrivilege	2328	srtasks.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe
Token: SeTakeOwnershipPrivilege	2280	msiexec.exe
Token: SeRestorePrivilege	2280	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1404	msiexec.exe
1404	msiexec.exe
3068	dsw.exe
3068	dsw.exe
3068	dsw.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3068	dsw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3068	dsw.exe
3068	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2328	2280	msiexec.exe	97
PID 2280 wrote to memory of 2328	2280	msiexec.exe	97
PID 2280 wrote to memory of 3068	2280	msiexec.exe	99
PID 2280 wrote to memory of 3068	2280	msiexec.exe	99
PID 2280 wrote to memory of 3068	2280	msiexec.exe	99

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1404

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2328
- C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
  "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3068

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2872

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468 0x50c
1⤵
PID:3444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e577139.rbs

Filesize
12KB

MD5
555faba3770ececce7becd894d600c6e

SHA1
69bf9295a23cd1387fc0b44518a11600a956f1f4

SHA256
6f8d4820f52d7a693da27488409049b245900e3b21242a5c2b83c0ecfa9612e2

SHA512
349ca6efaeb5578842abde960c7d38408b56f336bf90878cf96eec83096e8e301e5f982499e093ac36c49a0a85028f105967a756a1293d5942cc67d07bf84579

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
552KB

MD5
091053f71156e239052b52f31e48248f

SHA1
1fa7c4ddac58f88f752ffc8a1425f7ccc06b2ed1

SHA256
2df6ea2b5df0054cb3b766bd479ffdfc081f6e1776af32bee34699466d6788b8

SHA512
629b471bb8cb311ad655671052f4016b11a5e30562557a0fb5eefb9df48ae2ddb424bf7fe1e7bc9f120a9ba2a44cfcf1b84c296516814a7f7b7959d27f279fd8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
672KB

MD5
14c6741545350231ee7e379fa5592fd9

SHA1
ecfb0ee4e1bd83c3b6ccda0da59d3a05b007b6ba

SHA256
949e11ded8ff99146d488cf4271d964e818fe339a772e2377dd6a57b6cbb9c55

SHA512
f3141d9326e8804a55ff51c9870cd515e20f0c6837e04da61fdd3400405a4b6ea2ef86501034a1740bb9549189f9a797a8c8eadf32e97fe231bc69cdb028ba22

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
379KB

MD5
e98f595caa5ee23e8a3e46d83211da9d

SHA1
a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

SHA256
df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

SHA512
e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
429KB

MD5
b3da955657d44c8affa44c101d7f131a

SHA1
0e3eaa33d61d4549fb4725619f221dc5aa57391b

SHA256
cb940a98dc93762ccd81ae7a226e0dd2e92e45c1fa998715680918a798ef86fa

SHA512
60e4a41abc2dc2dba2e747121833dac59c571dfee2b00ed52244f8edd0ad9f2959623b2b46b9a0aea7934b295cd0068c9cd50e22f972b99494698d644d21bd04

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
911KB

MD5
88209a13c999a19bb5c17f5cbe997bc9

SHA1
6963783ef807c6c0f6f8304073f3a276b75ada5b

SHA256
c2b65335310a1cb9c086f3282c38534432bdbe322359513c8b7f7f9b7d9f8841

SHA512
656adaa3843860c501bdd9d2c653393e0426d6bbf40179393a6cd557e98406a354128535d4c5e4595f56e6ce69792855e9578f9d7da35ce9841c5618dae39ce6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
368KB

MD5
3ab43683e32bd3c4504da23e1e598c7e

SHA1
f4592ba1f0996a2a1062993423aab4c60b1a9b87

SHA256
c6f2ddcf3fc0f689b68ab80c22bf38a892e97d2c2d5b30cf51e17578dc649e51

SHA512
9105fc2163a36bfa5464ee675b333189bdcd88f3c32fe851eaa7d34aa850dceaae5e68fb9ca59b8f992543d87ce79a0fbf707d98dd09a907beab2064a390cd76

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
532KB

MD5
b5c4be51eddb6dcc707cb1f91eed6bd9

SHA1
0def17a411e5a96cde0cd683591deb71f8ee2392

SHA256
b64256bf3b1ec272668f5a23f5f3960497cb8808bd523e48dff740b0a4b58465

SHA512
8dbad335b3b939c9dcb620d87cf652144b7ac592ca407cf2d99f1a8e533e0e31af72ddd130167f50ea4fc308fd486f74868555accaffbcd60cb435571501f018

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
1.2MB

MD5
ad184d1c890c84cecbe635e12cb89625

SHA1
b8eaa33c96ab33dd2c00c9ce8dd2c09dac0ef1dd

SHA256
a25c1d1b7b7019f6057f46b4f6772e9db9cd3143c716abdd4e677b920b61d025

SHA512
f49dcd19bf84b12f7d5f75949776c66053015408e8cdb0dfc46896049225006ceb8580a72f8668b2e2b48d39cc748e2d0f5f6528be6b8d84b534f94105760634

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
1.0MB

MD5
2e2421726326ca4373f7aaf45b53b734

SHA1
4521ea343cc0a6220c2bb815bc4f3255c285a14e

SHA256
c328494c83785cbd83bed8c878eb49be8060539ce0b94da6431473888271d1f4

SHA512
4a7f75b317693259cb6f1925e3b794ef9a67df52b712e35de1c79595917a14e7d9f82babc8391fe49f31b72b1d71b4e3fa3ba17a6b743998340a5262d585b11c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
1.0MB

MD5
3ce6ca9446d768d0d3c02f8289dfd9c0

SHA1
05466b3b41d82d551418cb9177e67480d3685f35

SHA256
35acb04d0ad3525acb2bfefe1fba245e4082780a62c4f51c8ce6c833c4f5dc75

SHA512
491aabcb63f7f75074f91dae512cf304afe3038e73b3432c613b52e59dad3cb6cb6cb24e13f8a0d1d2117ed54281b042d4bce6c77f95ce1e71bd6a99afb58d81

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
603KB

MD5
caa12f0f363ca1c1a6cb385a4853d423

SHA1
e10fbff7cfe2b0fd91b6fbd6c152c3f00e848015

SHA256
3e8632dd79087684635900addb5f558249dded4602e333f4c0ce2c84474bfc22

SHA512
618f553a98409df34907bb22fe4112c833c071a0486212b84598bacac5c9aa33adf19d0d943c1109269793e5a631d9e6d931163e334192795f19a6f02793e926

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
471KB

MD5
e77465437daa81ff9b943d4e47b671e4

SHA1
5f3fe7c9ea262e9db3499098ae2f972ed8b9c596

SHA256
4b692bb512e96708e6d22dbde618382e4577074d3e9c7b028a7c16804b6eeafe

SHA512
9e4bbfb91671b28b0f87510987f29a66842eefe19e355480e400b13867f707451d471ab1fa2b7eaf54d2d224da86cbfc094c46775af96c7a39f9660040e5326b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

Filesize
156KB

MD5
e05ae3eeca6aa42654b94e5f9eb4129f

SHA1
2178037101d99db10cc90f23a868a0f73093d23e

SHA256
f131aa3ea3fcd66d98854a8d522a88449e05cbdc7a5eaa8ea38a4967d4cad8e0

SHA512
a61424dc063a35476cd1436ed2fcd87663cf619a833b052ea3e8b1396b297e3375bfbb44fb801b46c0ea5e2636e490ae5e0d884c2eaeab2587608cd3f6cc8a67

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

Filesize
128KB

MD5
335f904d10fa78c10e14ccca65430852

SHA1
f2e8e15ecc4b6de64211e7382631b16868eb5fcd

SHA256
cc5ab14a3a10d60f9eb5c1b79b249ec9dc34ebfb4357f4d9203889f8c46a8e5a

SHA512
565b3465ae56a13522098a413345350f01dce42c1d2e0f71f68817231ad2993c724b9307c3f0c2d7937eeef4644b661f8e4831f6ee819247c9f79c8d31a51b49

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
303KB

MD5
d9e05919ac42e223f6e6c9ca9da1bf56

SHA1
78b9854e7e104c219d565a9b27b1fc3863e82571

SHA256
2a65181c209b5b0a0f47ad0791cfac89e970f76ab638690528a32b86830e41a8

SHA512
99c1203887ebad495933399c22bc319a7a94ae2eedff79a9ee43721643f3253fa6acedf50a389a01cd3214bacbe6818de6e64db939510b271002fb82b882f157

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
395KB

MD5
4dc28e177906abcf9ac84c2652819036

SHA1
ea288fa3e013806b31a0de853940f216dd06379c

SHA256
65cd1f19805b4e7b1a20ae1f619d0b9cf2f04e382e113f305f62c91945cc1dc7

SHA512
59a2338ced27ee4c5d952b23e5978c4728bbc50224112837757fcfc26edfb053f3393069b1587b79e11e595ced040560d27bb824d4544e30c5928a67a07d13d5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
188KB

MD5
4a9486a0b055fb062920533b7ca6fbc6

SHA1
1110913f8a3cfe87cef5777ba1d26e1d92580bf1

SHA256
c5372dde9bc07e546cce59d90f8a07b004d1744a67930792b42c6cf652b8028b

SHA512
2a0207d1372332c4f7ee254703f99673576698f074df7f859db42fa48180bff78f461a417c7ddba12c246816bbf2653c2e243a3c821acedf421eecc8badee46d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
208KB

MD5
c13e306c752c8657ca8640f255eb1a2a

SHA1
9bd8b1ded0f00eb7693f69ef24073319da37501e

SHA256
c7901aef15d3d188c72c1a1e77641b1395b09d6c8e8b511360b3c1b625f7a4c3

SHA512
b4e9501af537cde16279ee7cad2210ac9db722e869081fad145d5eb45792f3bb46ce583afb11a3400156b569de0fd7917a5090b2900d476b44610217d360e123

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

Filesize
520KB

MD5
487f8f4a34ae01884abeca289bd6511c

SHA1
13d43c059351b98976d4cbd1429753b3c3d2c47c

SHA256
05e827ad4f6bfc3ffb35bb9592d942e42e330974ee5a0bce6a032dd4745cea94

SHA512
ef19fe62ae05c6a68d6369399299e8316affcada03bb9e600340397ed00298c1014cf85c03770a3456d591dc44036169ef91120264e1bd422ff31f2735c8d003

Download Submit
C:\Windows\Installer\e577138.msi

Filesize
327KB

MD5
7f9a4afbdb2f9c717e639c92aa74796e

SHA1
4952c7631b6ed345d42a775d3d44af2d186175d2

SHA256
3c99dfebd2111ab1cc62dda5b16550799b3797e9ae7c6061e45867d7b89172c3

SHA512
9b1d65d41098b4334a8d7de224cdfdf28fee71f0211c9e52071abadd9fc7ea3be1c3d57cb622277080ec847b34fa11f2d887f732d07f411f8e49cfbe8d24d7b1

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
3.2MB

MD5
5d0768caf1fb32ab8e0e41c88648f390

SHA1
d449b121eb84d41331881350e8b607d66c2b3e08

SHA256
ebf01549c76007a0d7d3dfd1d31217a54e5a1477e62bb33defa691a0b2295626

SHA512
9f659ffc640cf9f59abebe13444f276a7a6e088db05bc71f9d1d0d1d466e1cc969b57cb56dd93d899d77854e986ea44e280ed05de6a9bd2e11f09aa95b9510bc

Download Submit
\??\Volume{05dfbecd-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{5ae1a925-89b5-49d0-a5dc-742713475fca}_OnDiskSnapshotProp

Filesize
6KB

MD5
b2b70813296baaf7ff717b3293d77c27

SHA1
6f4b16bd7a51c20629a916f6c5a4d616acccbe08

SHA256
79eacae834379a9fe76ff5f46f44cd260c113c5bdd5f689bb7ad3e72a0c07304

SHA512
2e60b1016a5adf468400897a7dda2f99d35e34837fa18573deb8d195c630fe46c63a2a74cd441cae828859658b0f95c0bcbd8197b2188393299feacbdf49438d

Download Submit
memory/3068-100-0x0000000002C40000-0x0000000002C57000-memory.dmp

Filesize
92KB

Download
memory/3068-89-0x0000000075780000-0x000000007581E000-memory.dmp

Filesize
632KB

Download
memory/3068-122-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/3068-117-0x0000000003C50000-0x0000000003CDB000-memory.dmp

Filesize
556KB

Download
memory/3068-111-0x0000000074E60000-0x0000000074F85000-memory.dmp

Filesize
1.1MB

Download
memory/3068-79-0x00000000011B0000-0x0000000001493000-memory.dmp

Filesize
2.9MB

Download
memory/3068-93-0x0000000000D70000-0x0000000000D7E000-memory.dmp

Filesize
56KB

Download
memory/3068-97-0x0000000000D70000-0x0000000000D7E000-memory.dmp

Filesize
56KB

Download
memory/3068-102-0x0000000000D70000-0x0000000000D7D000-memory.dmp

Filesize
52KB

Download
memory/3068-101-0x00000000753E0000-0x0000000075404000-memory.dmp

Filesize
144KB

Download
memory/3068-98-0x00000000753A0000-0x00000000753D6000-memory.dmp

Filesize
216KB

Download
memory/3068-96-0x0000000075700000-0x000000007570E000-memory.dmp

Filesize
56KB

Download
memory/3068-91-0x0000000000D70000-0x0000000000D8D000-memory.dmp

Filesize
116KB

Download
memory/3068-113-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/3068-92-0x0000000075710000-0x0000000075743000-memory.dmp

Filesize
204KB

Download
memory/3068-85-0x0000000000D70000-0x0000000000D8D000-memory.dmp

Filesize
116KB

Download
memory/3068-86-0x00000000756D0000-0x00000000756DE000-memory.dmp

Filesize
56KB

Download
memory/3068-87-0x0000000075750000-0x0000000075778000-memory.dmp

Filesize
160KB

Download
memory/3068-82-0x0000000075890000-0x00000000758DD000-memory.dmp

Filesize
308KB

Download
memory/3068-125-0x0000000002FD0000-0x0000000002FD1000-memory.dmp

Filesize
4KB

Download
memory/3068-124-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/3068-127-0x00000000011B0000-0x0000000001493000-memory.dmp

Filesize
2.9MB

Download
memory/3068-126-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/3068-128-0x0000000073C70000-0x0000000074993000-memory.dmp

Filesize
13.1MB

Download
memory/3068-129-0x0000000074E60000-0x0000000074F85000-memory.dmp

Filesize
1.1MB

Download