babadeda | cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-01-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ClipPlusCommunitySetup.msi
Size

17.1MB
MD5

eb64b1dbb38961bdb4c0f4b724b1ed3d
SHA1

a375bc847388cdddc6cffd57dc7f0c3d6be72cdf
SHA256

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
SHA512

5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7
SSDEEP

393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral2/files/0x0006000000023151-114.dat	family_babadeda

Executes dropped EXE 1 IoCs

pid	Process
556	dsw.exe

Loads dropped DLL 19 IoCs

pid	Process
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	2340	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e58a36f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58a36f.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA728.tmp	msiexec.exe
File created	C:\Windows\Installer\e58a371.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3476	556	WerFault.exe	99

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000003462af5746133e160000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800003462af570000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809003462af57000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d3462af57000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000003462af5700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4544	msiexec.exe
4544	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2340	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2340	msiexec.exe
Token: SeSecurityPrivilege	4544	msiexec.exe
Token: SeCreateTokenPrivilege	2340	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2340	msiexec.exe
Token: SeLockMemoryPrivilege	2340	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2340	msiexec.exe
Token: SeMachineAccountPrivilege	2340	msiexec.exe
Token: SeTcbPrivilege	2340	msiexec.exe
Token: SeSecurityPrivilege	2340	msiexec.exe
Token: SeTakeOwnershipPrivilege	2340	msiexec.exe
Token: SeLoadDriverPrivilege	2340	msiexec.exe
Token: SeSystemProfilePrivilege	2340	msiexec.exe
Token: SeSystemtimePrivilege	2340	msiexec.exe
Token: SeProfSingleProcessPrivilege	2340	msiexec.exe
Token: SeIncBasePriorityPrivilege	2340	msiexec.exe
Token: SeCreatePagefilePrivilege	2340	msiexec.exe
Token: SeCreatePermanentPrivilege	2340	msiexec.exe
Token: SeBackupPrivilege	2340	msiexec.exe
Token: SeRestorePrivilege	2340	msiexec.exe
Token: SeShutdownPrivilege	2340	msiexec.exe
Token: SeDebugPrivilege	2340	msiexec.exe
Token: SeAuditPrivilege	2340	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2340	msiexec.exe
Token: SeChangeNotifyPrivilege	2340	msiexec.exe
Token: SeRemoteShutdownPrivilege	2340	msiexec.exe
Token: SeUndockPrivilege	2340	msiexec.exe
Token: SeSyncAgentPrivilege	2340	msiexec.exe
Token: SeEnableDelegationPrivilege	2340	msiexec.exe
Token: SeManageVolumePrivilege	2340	msiexec.exe
Token: SeImpersonatePrivilege	2340	msiexec.exe
Token: SeCreateGlobalPrivilege	2340	msiexec.exe
Token: SeBackupPrivilege	3380	vssvc.exe
Token: SeRestorePrivilege	3380	vssvc.exe
Token: SeAuditPrivilege	3380	vssvc.exe
Token: SeBackupPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeBackupPrivilege	1004	srtasks.exe
Token: SeRestorePrivilege	1004	srtasks.exe
Token: SeSecurityPrivilege	1004	srtasks.exe
Token: SeTakeOwnershipPrivilege	1004	srtasks.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe
Token: SeTakeOwnershipPrivilege	4544	msiexec.exe
Token: SeRestorePrivilege	4544	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2340	msiexec.exe
2340	msiexec.exe
556	dsw.exe
556	dsw.exe
556	dsw.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
556	dsw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
556	dsw.exe
556	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 1004	4544	msiexec.exe	97
PID 4544 wrote to memory of 1004	4544	msiexec.exe	97
PID 4544 wrote to memory of 556	4544	msiexec.exe	99
PID 4544 wrote to memory of 556	4544	msiexec.exe	99
PID 4544 wrote to memory of 556	4544	msiexec.exe	99

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2340

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1004
- C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
  "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:556
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 2092
    3⤵
    - Program crash
    PID:3476

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3380

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x14c 0x4a0
1⤵
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 556 -ip 556
1⤵
PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58a370.rbs

Filesize
12KB

MD5
0c3079a6cb67e993313542aeabc9c80f

SHA1
699d635534b7876ef7dc8868da1f4f6d3b6e4c62

SHA256
5728bc0fa255341ecdb95ada079cc4641368078d796aa1d7c4eca5459fe6b6e0

SHA512
0df4175019863382852f5658012678356e78ca8176e9c892e3a120971355ab7c0653162e20056bb0a6de84d34a1f3aef73f2db9fdd8412ab7b82de2d9fc259b3

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
4.2MB

MD5
097fc344ea333423fcdcfd0d37a1dc10

SHA1
8e3f16393c06e97fa210939120ceb16a85692f54

SHA256
2a92d6352d375eb2cd52a1ebb8c6d730921c616af151c249cde4539e540a8adc

SHA512
a469a81ad49c226dca46524ac6cad5568a0d25be49126099540a4c7c4f4a19495f8caa34de67e00ba7148c2bfd87ac0be352978e04fd60a8bfdf6f349f55f295

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
5.6MB

MD5
c2e2cbdcbc59ee994a881dc3ef9d6042

SHA1
6cbd0f1ef81f810fe5ecb059e83f5f57f5e38387

SHA256
7cfba06915e2c7e616fed5af0d68d30ca68c2d5bc9167435e4720b6bcfd37a9c

SHA512
d1c477afca72e770a3be4c3dfa6f7bd1399edfe003874549c0d7bfada2f6fa9b7ab658495b482a1e9240f03d8008df85ce2c599dd22d760bbadcaffbe27378a4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
379KB

MD5
e98f595caa5ee23e8a3e46d83211da9d

SHA1
a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

SHA256
df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

SHA512
e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
5.7MB

MD5
33082bf128b1700be41bbc0377520abb

SHA1
b8aa3500d08ed31cdb13313311496e6e706967f3

SHA256
f5914cf345f20177203e72987eca4a442ddd50934eb6273aa433c177e9640a41

SHA512
f513af6cdc480a4e0963976618ffa95763960311e257478fcb06b0210ab12704e53d5bccdf1d9331481acc10b819661c5c36df62d69610aa206678da302a5251

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
4.9MB

MD5
b38c9b2b76254fdf958769db2b9242a8

SHA1
b6374308a0338aac7509fc547e07908b98800625

SHA256
4dc4b7fcab02e7c53f69e5ec59eeff60be22bc1a7ccc7f0ef9828c9e3090fc91

SHA512
40d7bcc8f13a8a5f98843d10a92518e54279ed56ca010dddf5efe1a75c49703bc0bcdfa575e856adc0853cbd03b0ecf1ee0ff245671c0eed555ccc31ab6d2ef9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
1.7MB

MD5
47681c933286ed283379ad0adff34dc0

SHA1
ca6b34d8dff2aca58b3441551fce555bb02e9cd2

SHA256
d657ac84549b0e80635ef53c8dbd3af7884a0af9f18f2123e177e3e57a5e70a2

SHA512
5e4c3edc72162e3bc7023bcee5100201dd572b3d3b5895cd2adaa897d5433f09c79c187a52f10bcf8888fc063fbe4e46318cc135d06424ce9f6b47cdbd812ca4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
1.1MB

MD5
dd6906c41746336419878e886f8a0012

SHA1
9f5aedcfacb3669c0878fd45c81e82bdc83a3514

SHA256
ca74870c9f9eb2cffa81f92269db9503cac15ef09e47d9f42243f47859b6606d

SHA512
0ee624c269a005f920537c12d7b5ba05f57ce6a7ad0c6fa4846d0590282cd25a9abdd704e57a4cc124e0d99bb9c92e5963603ce766e4911e4f20cdc3ec6c79ac

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
192KB

MD5
079f5b210c15e3983be3506305f999c4

SHA1
0d80a02229230edfd249a59e35c17a2f0b1fb567

SHA256
4a3c06c473d27f647ba3c3fa9f9c3c2a33c90a6e10128152368e178fce7df11e

SHA512
7ac1d43ef78e3d6b91511941564fb56982badab3b7685e67bad870a345e28a21d8abdfa934eb05ae34ba975f90e073623ce57feba2b8c14a912885d8dde40828

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
1.1MB

MD5
658276a6bf6c17511f54254d56cd9022

SHA1
b9af3a23d41aa2bc2bf1f269e0deb8749896c584

SHA256
19b5b1a7be78f20a509b6283d89498f038a74337b803369cb37077e1ebb5fa2a

SHA512
4de906a5637512b40f91d49c798d2c2cea429077b53a7ed6e8eceaa6f0a1f56dbea1085c1a5afeeb689fd0c049d9041064c3d262a43b513f2288967292222fae

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
7.4MB

MD5
63c5b96b43e63c2fac1697fbe936e227

SHA1
898f30fc375882e977427cce521c88002146ddd9

SHA256
25051ff2c23b8efa5e2a9fc6226aca4975d7a6de165e1c0c04a7756469fc2c02

SHA512
b6495d6bebc3c73098826466786622fce587807dd3ea2978471db6aa2b05666c5bda5e9cc63686a2ace0def0e9f6115d05a79a28a27970ca9074fbffd7789416

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
640KB

MD5
8ebffbb76e14ff2a1114080e4333df6b

SHA1
298648cc7f65dd8a1e4c998da87ad7182cffd6b9

SHA256
03285388052cc1d10933dc5a162913f3d70cf3d77abda58e4674877588ffb949

SHA512
abe369758303b6920a3207c7ae6c4035cbc702eb6e4d6eb42bca97151a81f96cdb73b27638b063db44cda519ae01be9cac86570a3d017ac00df6b9b3d495c4a7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

Filesize
1.8MB

MD5
3978c2550c1e450c0b817854b69b3b82

SHA1
e0db6cb3d7182d16374db7fe6ce15ae7db3346db

SHA256
05a61eb335bf99882924caa6bff364811fda63efb3b76d23665e09b50835f1f6

SHA512
164e3c8922fd8fe2b8be0313e89c17840130946c1d73c7ebf3c7267f944b1a0cbe1517baa0f0e9daf0cf5f802caab6a231c9c412ebcb3111da8fa7f540622a08

Download Submit
C:\Windows\Installer\e58a36f.msi

Filesize
13.8MB

MD5
f30af07229bf1ad773dbca5a79c25d91

SHA1
53c803904c1650a2a365ffab080b70ae6f810baf

SHA256
d42d812382924af5a414e99beb34d853f02b097805bdfd00ad26519efa0ce30e

SHA512
a489d85c7fff9c189b4a82a71d71d624c9d23b02392e7bc9fb8763fd3522f861b6ef9c213e76242ce4306c156059e6d02d54c8799ca4a8790af30cd6d575a841

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
fbf69266cc7c9c38762edb18d7a9997a

SHA1
b30cfa5f3bb6c0f663d5ffbfd6ccabcca976ca45

SHA256
c25ee7cdc4ba5d3608692823f516f35a8581890058f938c79a923170c2517f1d

SHA512
64c20ee0974cd48dd68dad039ea6824bcfa6404320572254f7ed65f1724c38e74b5b0007e15fc3da8912b7fe689eb6386d99aa0fabb71b62b93d6c096c5d3375

Download Submit
\??\Volume{57af6234-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{2331ac07-b19a-4199-bd47-feab017e6153}_OnDiskSnapshotProp

Filesize
6KB

MD5
f541b03086d9d36c04ed9ba436da7632

SHA1
a2b48aeec2ac1fed030e60f9f5f65fe980029194

SHA256
12c7227a640fa0fa046b9eaa72c03dfd0925065f83bf54caa50c57bc52affabd

SHA512
1db479decf3ebcc157f8c9987ced0a73166b87142ed99cb82fbc2b1347e38cd21cf6eddba031491d226ccf52ea97147ace7fd0656144483472fbc901f3c78ff5

Download Submit
memory/556-96-0x0000000074F00000-0x0000000074F9E000-memory.dmp

Filesize
632KB

Download
memory/556-91-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/556-99-0x0000000074EC0000-0x0000000074EF3000-memory.dmp

Filesize
204KB

Download
memory/556-98-0x0000000000D60000-0x0000000000D6E000-memory.dmp

Filesize
56KB

Download
memory/556-102-0x0000000074EB0000-0x0000000074EBE000-memory.dmp

Filesize
56KB

Download
memory/556-103-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/556-104-0x0000000074B40000-0x0000000074B76000-memory.dmp

Filesize
216KB

Download
memory/556-106-0x0000000000DA0000-0x0000000000DB7000-memory.dmp

Filesize
92KB

Download
memory/556-107-0x0000000074B80000-0x0000000074BA4000-memory.dmp

Filesize
144KB

Download
memory/556-109-0x0000000000D60000-0x0000000000D6D000-memory.dmp

Filesize
52KB

Download
memory/556-83-0x00000000011F0000-0x00000000014D3000-memory.dmp

Filesize
2.9MB

Download
memory/556-92-0x0000000074FA0000-0x0000000074FC8000-memory.dmp

Filesize
160KB

Download
memory/556-93-0x0000000000D60000-0x0000000000D64000-memory.dmp

Filesize
16KB

Download
memory/556-95-0x0000000000D80000-0x0000000000D9E000-memory.dmp

Filesize
120KB

Download
memory/556-117-0x0000000074600000-0x0000000074725000-memory.dmp

Filesize
1.1MB

Download
memory/556-90-0x0000000074FD0000-0x0000000074FDE000-memory.dmp

Filesize
56KB

Download
memory/556-86-0x0000000075000000-0x000000007504D000-memory.dmp

Filesize
308KB

Download
memory/556-88-0x0000000000D60000-0x0000000000D7D000-memory.dmp

Filesize
116KB

Download
memory/556-122-0x0000000003040000-0x0000000003041000-memory.dmp

Filesize
4KB

Download
memory/556-123-0x0000000003DD0000-0x0000000003E5B000-memory.dmp

Filesize
556KB

Download
memory/556-128-0x0000000000D60000-0x0000000000D7D000-memory.dmp

Filesize
116KB

Download
memory/556-129-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/556-130-0x0000000003040000-0x0000000003041000-memory.dmp

Filesize
4KB

Download
memory/556-132-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/556-133-0x00000000011F0000-0x00000000014D3000-memory.dmp

Filesize
2.9MB

Download
memory/556-134-0x0000000073410000-0x0000000074133000-memory.dmp

Filesize
13.1MB

Download
memory/556-138-0x0000000000D60000-0x0000000000D64000-memory.dmp

Filesize
16KB

Download
memory/556-139-0x0000000074600000-0x0000000074725000-memory.dmp

Filesize
1.1MB

Download