babadeda | 91a2438e2f0b0572836b4e501bb22141c6908746b3891a41401a7276a03c1030

Analysis

max time kernel
137s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-01-2024 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ClipPlusCommunitySetup.msi
Size

17.1MB
MD5

eb64b1dbb38961bdb4c0f4b724b1ed3d
SHA1

a375bc847388cdddc6cffd57dc7f0c3d6be72cdf
SHA256

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
SHA512

5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7
SSDEEP

393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral1/files/0x0006000000023177-122.dat	family_babadeda

Executes dropped EXE 1 IoCs

pid	Process
2156	dsw.exe

Loads dropped DLL 19 IoCs

pid	Process
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe
2156	dsw.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	4476	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e590538.msi	msiexec.exe
File created	C:\Windows\Installer\e590536.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e590536.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9E9.tmp	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000003462af5746133e160000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800003462af570000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809003462af57000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d3462af57000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000003462af5700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4844	msiexec.exe
4844	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4476	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4476	msiexec.exe
Token: SeSecurityPrivilege	4844	msiexec.exe
Token: SeCreateTokenPrivilege	4476	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4476	msiexec.exe
Token: SeLockMemoryPrivilege	4476	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4476	msiexec.exe
Token: SeMachineAccountPrivilege	4476	msiexec.exe
Token: SeTcbPrivilege	4476	msiexec.exe
Token: SeSecurityPrivilege	4476	msiexec.exe
Token: SeTakeOwnershipPrivilege	4476	msiexec.exe
Token: SeLoadDriverPrivilege	4476	msiexec.exe
Token: SeSystemProfilePrivilege	4476	msiexec.exe
Token: SeSystemtimePrivilege	4476	msiexec.exe
Token: SeProfSingleProcessPrivilege	4476	msiexec.exe
Token: SeIncBasePriorityPrivilege	4476	msiexec.exe
Token: SeCreatePagefilePrivilege	4476	msiexec.exe
Token: SeCreatePermanentPrivilege	4476	msiexec.exe
Token: SeBackupPrivilege	4476	msiexec.exe
Token: SeRestorePrivilege	4476	msiexec.exe
Token: SeShutdownPrivilege	4476	msiexec.exe
Token: SeDebugPrivilege	4476	msiexec.exe
Token: SeAuditPrivilege	4476	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4476	msiexec.exe
Token: SeChangeNotifyPrivilege	4476	msiexec.exe
Token: SeRemoteShutdownPrivilege	4476	msiexec.exe
Token: SeUndockPrivilege	4476	msiexec.exe
Token: SeSyncAgentPrivilege	4476	msiexec.exe
Token: SeEnableDelegationPrivilege	4476	msiexec.exe
Token: SeManageVolumePrivilege	4476	msiexec.exe
Token: SeImpersonatePrivilege	4476	msiexec.exe
Token: SeCreateGlobalPrivilege	4476	msiexec.exe
Token: SeBackupPrivilege	3356	vssvc.exe
Token: SeRestorePrivilege	3356	vssvc.exe
Token: SeAuditPrivilege	3356	vssvc.exe
Token: SeBackupPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeBackupPrivilege	2168	srtasks.exe
Token: SeRestorePrivilege	2168	srtasks.exe
Token: SeSecurityPrivilege	2168	srtasks.exe
Token: SeTakeOwnershipPrivilege	2168	srtasks.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe
Token: SeTakeOwnershipPrivilege	4844	msiexec.exe
Token: SeRestorePrivilege	4844	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4476	msiexec.exe
4476	msiexec.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2156	dsw.exe
2156	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 2168	4844	msiexec.exe	97
PID 4844 wrote to memory of 2168	4844	msiexec.exe	97
PID 4844 wrote to memory of 2156	4844	msiexec.exe	99
PID 4844 wrote to memory of 2156	4844	msiexec.exe	99
PID 4844 wrote to memory of 2156	4844	msiexec.exe	99

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4476

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2168
- C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
  "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2156

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e590537.rbs

Filesize
12KB

MD5
34d7e45ea0c3e388662f93fd2e36db89

SHA1
323d9da670bb9d3cf2d1a02c30530dfb824bc98d

SHA256
4e14985d424b401ee4af057f07894d0bd6ec27539a69b2ff43b58902a8a80ab3

SHA512
b4a53f674708e1ef229e5ebafcb72a798382e364b4f08f59da62dfcaec73143aa08339c126661fb771af2d41dde47cd8db945274d8ea4c9eaffe7d158f117277

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
3.2MB

MD5
c270b14c624eb5f9e4f24f1f69b1109a

SHA1
af143c44a68023c9e5d600fa81420b7f9b3aa8d8

SHA256
883cc6c59ec2e9927465ecdf43bd2b99af6b13dfdbc95bef803b90a55f60c17b

SHA512
979a512391504681a7d4163563aaf1f3075f59acbdeb1c6633b5972513d8ec8e0dac94e2b26ecc78818a440ee7a8f5f514aef7dcb7cda7485e9614bf6b1bc8d7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
2.1MB

MD5
ef418b636f4e9e9531bc2c3ee43cd4cd

SHA1
56057c5497cad7f8f669724de7174da1311fa50a

SHA256
99ce8a37d8e0e5035fd4debad399a4c48dbd69268a4aab3de0d1ea4649412ba7

SHA512
76b1f6d30f365d5f251f903f1a2f0164870ba4730afc8bf2f30715b91ef0f35d946bd471c12c6ba4f9b92eef9353cedaf290bea73d974ef4851d65a14ad651dc

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
379KB

MD5
e98f595caa5ee23e8a3e46d83211da9d

SHA1
a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

SHA256
df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

SHA512
e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
5.7MB

MD5
33082bf128b1700be41bbc0377520abb

SHA1
b8aa3500d08ed31cdb13313311496e6e706967f3

SHA256
f5914cf345f20177203e72987eca4a442ddd50934eb6273aa433c177e9640a41

SHA512
f513af6cdc480a4e0963976618ffa95763960311e257478fcb06b0210ab12704e53d5bccdf1d9331481acc10b819661c5c36df62d69610aa206678da302a5251

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
3.8MB

MD5
38fe48beece24ad43a45835625ba38f0

SHA1
74458c28e80a1c36b34aff5bb2f3a40ecdec7c48

SHA256
278a7e824bf99b6104134e11e9ef8bdc3401d0ad808d334a3bee4d1aec72b3ce

SHA512
fef3e47560f4f0f78bf4cf76d13d5c9baa588b592089cdce350f985d783ac07e380fa78a166fcb461bfacc1bc24ed615fff93efb4c63af2fedf6af12cf4c2cd8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
2.2MB

MD5
2f40e83d15b51a6899b6aeee459acfe8

SHA1
e4ecdf3e8894775b38bea6f8a5694be30fd7981c

SHA256
600230d229c78ad4d328a7ac40abe90377c07739296ac933a1e5bfa5d672a012

SHA512
4e184d5eb21f28e1fb53b32dd3958206ea3e34bbc56aaa1693aaec607046abc66536ebcda1478b1b004ccc087b8a02638fa9d74beaff44f372e62b744a81df88

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
640KB

MD5
0816e9db0b8b31eeb85c81a3789d7a94

SHA1
e4206b72eab9a35c0869808fb07ef2d179d39743

SHA256
667cc8ac149577d50d7f38d83f54258cd0667b2079d793ba92a8577641606c05

SHA512
c864e64f56e8ef0aea81d78726a02049de904d4bf85563c84308fc3c6c22ff677fc9d145e02ba46b0d84f167b622af3009dffe93b927b497034a34ae85c8eb8f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
960KB

MD5
962225ec9aa729282c26b0afd19d1ece

SHA1
8e7893716065b32affb2b35ed58d18dc52063ba4

SHA256
fa0ce8571a642a33f56a465f7ad47e333003f22ac83f3e8c2ab397d6aca31474

SHA512
a1e0ad4338af6c25cf5e1d51ae4a1320acbc25f775a3f41b0125fb2c6925a4f79525c533181357a559c7fe08ac15c223cd002216b0c2c48e2e87c71209cbaa43

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
896KB

MD5
a6f5a2285d723d4648b6864a4de09d94

SHA1
6570edff51b457439c9722a8dec60550587e25bc

SHA256
8063432cbf99ef16d2cbed153610b1cf615e1783d3236dad76d0964b35d3f72a

SHA512
aabebd72796d590bac0bfafc81eb95c0ecdf7c4a3d983b2254cd52950f40bbfd5419d8954c20365bc883f1e26d28e091f4b36c239a580ce05efdf4d647597fc1

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
1.1MB

MD5
658276a6bf6c17511f54254d56cd9022

SHA1
b9af3a23d41aa2bc2bf1f269e0deb8749896c584

SHA256
19b5b1a7be78f20a509b6283d89498f038a74337b803369cb37077e1ebb5fa2a

SHA512
4de906a5637512b40f91d49c798d2c2cea429077b53a7ed6e8eceaa6f0a1f56dbea1085c1a5afeeb689fd0c049d9041064c3d262a43b513f2288967292222fae

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
2.9MB

MD5
82cb6c147ac404315b9cd99e9236171d

SHA1
75d7875d78361fe6bb5c068bfa65993ac46742c7

SHA256
72628b1d4f34ff6b2c933fdaa08e155ac4b7c1248ba9bcea314bee87d440afd6

SHA512
e6472b68376602d53a062a1b9d99157d0490396925a4fca28c50bafc178a39c51ae6eaa62bb7cf2fa71f84b5c8b03e6ef3eaa720771094c5826eeff1f3a07db7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
7.4MB

MD5
63c5b96b43e63c2fac1697fbe936e227

SHA1
898f30fc375882e977427cce521c88002146ddd9

SHA256
25051ff2c23b8efa5e2a9fc6226aca4975d7a6de165e1c0c04a7756469fc2c02

SHA512
b6495d6bebc3c73098826466786622fce587807dd3ea2978471db6aa2b05666c5bda5e9cc63686a2ace0def0e9f6115d05a79a28a27970ca9074fbffd7789416

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
768KB

MD5
b6b5d8b10b1c4ea726d9eb84e419e8fe

SHA1
8b8fafc8d6e87925b2da6d184fb8424669aebbc8

SHA256
a201b8ee882c6591f0e467daeea788c79ee98e319dc43c8b417781df38871bc6

SHA512
4e0aa7bd4327d2fabb7968a20a84f8583d4ac825beebf8d8c95ad5b326dd5fe3dbc8f08d431f01cde63370b57c99aee97cb9f664457fe5e365eb02cd3c07380d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
832KB

MD5
089ac62372bcfe59003ef0bf5b6542ca

SHA1
547ba2d58a12e856237a418d35b3e2e10156ad2a

SHA256
19e5896e00e797d553d991ad055ce521ccb5066fe67e6e12b873e37a349e9bef

SHA512
a7161ffdc598778d3718d5587c7f66b6a5cfdcf70622e996b27ae1017a65ed12006b3e26042d2f925227d4f27a6012c55fdc052219b85017f195007bc32ce0a6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

Filesize
1.8MB

MD5
3978c2550c1e450c0b817854b69b3b82

SHA1
e0db6cb3d7182d16374db7fe6ce15ae7db3346db

SHA256
05a61eb335bf99882924caa6bff364811fda63efb3b76d23665e09b50835f1f6

SHA512
164e3c8922fd8fe2b8be0313e89c17840130946c1d73c7ebf3c7267f944b1a0cbe1517baa0f0e9daf0cf5f802caab6a231c9c412ebcb3111da8fa7f540622a08

Download Submit
C:\Windows\Installer\e590536.msi

Filesize
9.4MB

MD5
5e4c627f78cfdaf70aac43ab91a6b4ef

SHA1
17fa233845f193abaf9e45468981e6f6da2cf948

SHA256
df72c5d1b7cbd4979ab00c6aba17d7b72c25bd010d042420f8e1636f02e1cd43

SHA512
2e453422770a7b91df15e1b5750d84340c970b7c576e89c5053b8961bb8a353a33f28a6c12b3eeeb58de4feb184ff63c8372799f3b8d6e633ea7271ee0f5557b

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
95161f7d117c7f91cd7ce40662e5305b

SHA1
cab56a96f4300d0b77282eebbd8254c31a4c37cf

SHA256
6e2ce6238817c9cfb3d80ea612c66279bda09571b3921e86e6263b43d38e866e

SHA512
8321a919aa5dc7525edb06aac63bd3c36a773c6acdb8ff309654362c5b7ccceebe7ebd93ccb8339771b195832809755c9760ba5faec864b3cc2f7dbca7c7cfae

Download Submit
\??\Volume{57af6234-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{e1513828-76f1-4001-989f-bea9138cc01c}_OnDiskSnapshotProp

Filesize
6KB

MD5
f22315e7968d65e56411efb9a6a6cf8e

SHA1
e2be9f7022fc15fd1aa976679d7b6f9f3cc5e7de

SHA256
bf88a3b897218daecbc6642de04972d7dcbceaa9a0f3b7ee65a4c7df95bb9a17

SHA512
67b0fb62116fca451c2a39e53201fcf26adb1d8ca04adcd778f9a81b46bc102f789e8832fffcb6e2d71dad8c6d008326089c5a11e06f5db898f6a1426d6300ed

Download Submit
memory/2156-109-0x00000000752C0000-0x00000000752CE000-memory.dmp

Filesize
56KB

Download
memory/2156-143-0x0000000074A00000-0x0000000074B25000-memory.dmp

Filesize
1.1MB

Download
memory/2156-90-0x0000000001170000-0x0000000001453000-memory.dmp

Filesize
2.9MB

Download
memory/2156-104-0x0000000001470000-0x000000000148E000-memory.dmp

Filesize
120KB

Download
memory/2156-106-0x0000000000D60000-0x0000000000D6E000-memory.dmp

Filesize
56KB

Download
memory/2156-99-0x0000000075290000-0x00000000752B8000-memory.dmp

Filesize
160KB

Download
memory/2156-110-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/2156-111-0x0000000074F90000-0x0000000074FC6000-memory.dmp

Filesize
216KB

Download
memory/2156-115-0x0000000074F60000-0x0000000074F84000-memory.dmp

Filesize
144KB

Download
memory/2156-114-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/2156-117-0x0000000000D60000-0x0000000000D6D000-memory.dmp

Filesize
52KB

Download
memory/2156-113-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/2156-95-0x0000000001460000-0x000000000147D000-memory.dmp

Filesize
116KB

Download
memory/2156-93-0x0000000075400000-0x000000007544D000-memory.dmp

Filesize
308KB

Download
memory/2156-105-0x0000000075300000-0x0000000075333000-memory.dmp

Filesize
204KB

Download
memory/2156-125-0x0000000074A00000-0x0000000074B25000-memory.dmp

Filesize
1.1MB

Download
memory/2156-102-0x0000000075340000-0x00000000753DE000-memory.dmp

Filesize
632KB

Download
memory/2156-142-0x0000000073810000-0x0000000074533000-memory.dmp

Filesize
13.1MB

Download
memory/2156-101-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/2156-129-0x0000000003800000-0x000000000388B000-memory.dmp

Filesize
556KB

Download
memory/2156-128-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/2156-97-0x00000000752D0000-0x00000000752DE000-memory.dmp

Filesize
56KB

Download
memory/2156-98-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/2156-136-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/2156-137-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/2156-141-0x0000000001170000-0x0000000001453000-memory.dmp

Filesize
2.9MB

Download
memory/2156-139-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/2156-140-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/4476-15-0x0000029C39200000-0x0000029C39299000-memory.dmp

Filesize
612KB

Download
memory/4476-67-0x0000029C39200000-0x0000029C39299000-memory.dmp

Filesize
612KB

Download
memory/4476-4-0x0000029C39200000-0x0000029C39299000-memory.dmp

Filesize
612KB

Download