babadeda | cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

Analysis

max time kernel
138s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2024 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31012024_2156_CommunitySetup.msi
Size

17.1MB
MD5

eb64b1dbb38961bdb4c0f4b724b1ed3d
SHA1

a375bc847388cdddc6cffd57dc7f0c3d6be72cdf
SHA256

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
SHA512

5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7
SSDEEP

393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral2/files/0x0003000000000745-115.dat	family_babadeda

Executes dropped EXE 1 IoCs

pid	Process
812	dsw.exe

Loads dropped DLL 19 IoCs

pid	Process
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe
812	dsw.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
7	1420	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI696E.tmp	msiexec.exe
File created	C:\Windows\Installer\e596356.msi	msiexec.exe
File created	C:\Windows\Installer\e596354.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e596354.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000003462af5746133e160000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800003462af570000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809003462af57000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d3462af57000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000003462af5700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4708	msiexec.exe
4708	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1420	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1420	msiexec.exe
Token: SeSecurityPrivilege	4708	msiexec.exe
Token: SeCreateTokenPrivilege	1420	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1420	msiexec.exe
Token: SeLockMemoryPrivilege	1420	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1420	msiexec.exe
Token: SeMachineAccountPrivilege	1420	msiexec.exe
Token: SeTcbPrivilege	1420	msiexec.exe
Token: SeSecurityPrivilege	1420	msiexec.exe
Token: SeTakeOwnershipPrivilege	1420	msiexec.exe
Token: SeLoadDriverPrivilege	1420	msiexec.exe
Token: SeSystemProfilePrivilege	1420	msiexec.exe
Token: SeSystemtimePrivilege	1420	msiexec.exe
Token: SeProfSingleProcessPrivilege	1420	msiexec.exe
Token: SeIncBasePriorityPrivilege	1420	msiexec.exe
Token: SeCreatePagefilePrivilege	1420	msiexec.exe
Token: SeCreatePermanentPrivilege	1420	msiexec.exe
Token: SeBackupPrivilege	1420	msiexec.exe
Token: SeRestorePrivilege	1420	msiexec.exe
Token: SeShutdownPrivilege	1420	msiexec.exe
Token: SeDebugPrivilege	1420	msiexec.exe
Token: SeAuditPrivilege	1420	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1420	msiexec.exe
Token: SeChangeNotifyPrivilege	1420	msiexec.exe
Token: SeRemoteShutdownPrivilege	1420	msiexec.exe
Token: SeUndockPrivilege	1420	msiexec.exe
Token: SeSyncAgentPrivilege	1420	msiexec.exe
Token: SeEnableDelegationPrivilege	1420	msiexec.exe
Token: SeManageVolumePrivilege	1420	msiexec.exe
Token: SeImpersonatePrivilege	1420	msiexec.exe
Token: SeCreateGlobalPrivilege	1420	msiexec.exe
Token: SeBackupPrivilege	4072	vssvc.exe
Token: SeRestorePrivilege	4072	vssvc.exe
Token: SeAuditPrivilege	4072	vssvc.exe
Token: SeBackupPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeBackupPrivilege	2916	srtasks.exe
Token: SeRestorePrivilege	2916	srtasks.exe
Token: SeSecurityPrivilege	2916	srtasks.exe
Token: SeTakeOwnershipPrivilege	2916	srtasks.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1420	msiexec.exe
1420	msiexec.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
812	dsw.exe
812	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 2916	4708	msiexec.exe	96
PID 4708 wrote to memory of 2916	4708	msiexec.exe	96
PID 4708 wrote to memory of 812	4708	msiexec.exe	98
PID 4708 wrote to memory of 812	4708	msiexec.exe	98
PID 4708 wrote to memory of 812	4708	msiexec.exe	98

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\31012024_2156_CommunitySetup.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1420

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2916
- C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
  "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:812

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e596355.rbs

Filesize
12KB

MD5
0bdba05c4da4fa53e7f31e888944727b

SHA1
e234d1ae8593f6c41a228b5fc3a2f586469b10c3

SHA256
c75ebea54a225c4df2770d33c0fca707705c0b31a19fb619af29f53c00369d16

SHA512
9d1b826fd3df933454706d620a2f598ec5939cbbfeb065085d832941ebc6b3a57bce7f0103b65942abd503531b9cb7199c51f9f693f4c986b2bd9b1fd3d7294b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
5.2MB

MD5
a277c69bc722f41a3c65a7b44776ab64

SHA1
e8c21db7ea987c1e4394e5c97a1058f201b259f1

SHA256
9f33619e4e536071cba74d3d4ff4be83c7775497d014cd9202a9217881c9abb0

SHA512
0bbd018d6a6cc65ce15d33e920ec9e916f1aea9c1e64ac6d477bd1aa1f7272fb05e5e6dff96bb28505cf5e01efb2ad8725eef99ec4e075c778fbd6298d35075e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
12.9MB

MD5
438e94a331161185f536b61659d139dc

SHA1
440dde2a6b12019187e49e7d5af4daa8d3b5fa47

SHA256
12696df60e4252ae4d44c546ac709acb28341813c35125d2c66f1895c9e78539

SHA512
599ee201e6e1718d66074a99e50bbc0c95b8ce012d143da971ee8fd90fa03be5b739e690e3eb8148d98bedd7776d138409acfeb99601286500251fab4537aa4a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
379KB

MD5
e98f595caa5ee23e8a3e46d83211da9d

SHA1
a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

SHA256
df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

SHA512
e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
3.2MB

MD5
b278fda5d580f8f7ca448567354e8737

SHA1
1761e7feec004f967b2d3e8b0efe97d622dc56e3

SHA256
f58f37417258a79f7f0485e903563e61fe2761594a51c2b9ab8b05a4f4cc1871

SHA512
ea871f5a64434ce788427565a014c32d00ff96a0e4d9870618190ade37f066e89f1db0d279972a9f3208952318fa6c0386d98b3d108af808b1c7c7bdca5f8f2c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
4.1MB

MD5
ddb07869ab419e25929751e89f5742af

SHA1
76573afadbe102f2fe1514ae92216b4a88e2f3f5

SHA256
508a24c3ed4a0332db91113205f459bd7333f5656f223b7fc9ba205c7647ca43

SHA512
ff66ee2c2651d77c2f38ac35cd213d02fb7c39d5bbab6a0fa3d10cf7bbc24cb747f6875182aeabc36e9329015e1a00c3df8790935a14b74c463484389f323858

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
4.9MB

MD5
b38c9b2b76254fdf958769db2b9242a8

SHA1
b6374308a0338aac7509fc547e07908b98800625

SHA256
4dc4b7fcab02e7c53f69e5ec59eeff60be22bc1a7ccc7f0ef9828c9e3090fc91

SHA512
40d7bcc8f13a8a5f98843d10a92518e54279ed56ca010dddf5efe1a75c49703bc0bcdfa575e856adc0853cbd03b0ecf1ee0ff245671c0eed555ccc31ab6d2ef9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
2.7MB

MD5
13142bb6f925a719b4b72e7bd4cfc14a

SHA1
a77f5ee0bf6eb2b3ef380b15cf3e0f2ff3b689da

SHA256
057b57a6f08e1334de783dfda243373aa7f58f81d00f4ffd05b9569c1fcca471

SHA512
939d2f0adc9c26395f89f1ffb1511bffbc79242817f91eb41e0965233e875b603a9133eaccef592f23f334c3243a27c3d5650c57848bab65c20927cf29ea318b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
1.1MB

MD5
658276a6bf6c17511f54254d56cd9022

SHA1
b9af3a23d41aa2bc2bf1f269e0deb8749896c584

SHA256
19b5b1a7be78f20a509b6283d89498f038a74337b803369cb37077e1ebb5fa2a

SHA512
4de906a5637512b40f91d49c798d2c2cea429077b53a7ed6e8eceaa6f0a1f56dbea1085c1a5afeeb689fd0c049d9041064c3d262a43b513f2288967292222fae

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
7.4MB

MD5
63c5b96b43e63c2fac1697fbe936e227

SHA1
898f30fc375882e977427cce521c88002146ddd9

SHA256
25051ff2c23b8efa5e2a9fc6226aca4975d7a6de165e1c0c04a7756469fc2c02

SHA512
b6495d6bebc3c73098826466786622fce587807dd3ea2978471db6aa2b05666c5bda5e9cc63686a2ace0def0e9f6115d05a79a28a27970ca9074fbffd7789416

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
1.2MB

MD5
eeb2c9f79926c1074703c378fb27215c

SHA1
df632ea453d0986aebb5961a7874c25426e5885b

SHA256
ba71994c06091dfdc0f1c51eda9e41be888224d165fc0d62d7d882384569600c

SHA512
0ffb563a20b1bf6659ae78d79fe28379e9560c91e4a258dd12046c4659aaf30772b1dcbd426466fee513f42711bc55c70f3f8c8f9ebfc533173b5e9cc3b80406

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

Filesize
1.8MB

MD5
3978c2550c1e450c0b817854b69b3b82

SHA1
e0db6cb3d7182d16374db7fe6ce15ae7db3346db

SHA256
05a61eb335bf99882924caa6bff364811fda63efb3b76d23665e09b50835f1f6

SHA512
164e3c8922fd8fe2b8be0313e89c17840130946c1d73c7ebf3c7267f944b1a0cbe1517baa0f0e9daf0cf5f802caab6a231c9c412ebcb3111da8fa7f540622a08

Download Submit
C:\Windows\Installer\e596354.msi

Filesize
15.2MB

MD5
608d584486e4b1ae0947e8afa3c7d684

SHA1
eecbd18b488c6ffa2e811c53f93e835348289b4e

SHA256
20cbb426257be79c84d691d88f1affce684f0c936a729992032b03948bb301ab

SHA512
112f5637e211b14082e3613aa7f99191b1151059f5bcb304d954349fb4f5522ef08978cdb274d4f99c4887ac4a219179b73548cf7593ce18b66dd314df3bcd5c

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
ec39ee484108996713578eb3f3d438fb

SHA1
b9f52ed16e207fa3845d05bd609a5a21da518c33

SHA256
483158242fdb96115e2d9e442d3768db8fe97ca77e2a915c887b15beeb75c643

SHA512
1945393e1c25a5ccadd4f5acaeef71b06662cbe8b0ffaa7d9da04bb7dfe8c523e23c1c2ac1b699afcf79eb25854ea123c09148bd74c18f1b8b75148630204d16

Download Submit
\??\Volume{57af6234-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{d8035913-6d9e-40ed-9713-152d8276bd23}_OnDiskSnapshotProp

Filesize
6KB

MD5
f7b402e820a1f94c75e88983a921326a

SHA1
1c1fa971646a8f020e85b37746874af57298f475

SHA256
2f393f1921e1b8e8bf49081e82b53d0131c4caa3ab6f306e773caa477a79227e

SHA512
e53fafc41c1421fae82861def3638a7a6f8a452159b08f53ad9caf8a62eb775565c19f4b4c3a293ce497ecb6fb9c8e472f243a72948b55df26318e9d9dda879c

Download Submit
memory/812-98-0x0000000074DC0000-0x0000000074DF3000-memory.dmp

Filesize
204KB

Download
memory/812-92-0x0000000074D60000-0x0000000074D88000-memory.dmp

Filesize
160KB

Download
memory/812-99-0x0000000000D60000-0x0000000000D6E000-memory.dmp

Filesize
56KB

Download
memory/812-102-0x0000000074B10000-0x0000000074B1E000-memory.dmp

Filesize
56KB

Download
memory/812-103-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/812-107-0x0000000000D60000-0x0000000000D63000-memory.dmp

Filesize
12KB

Download
memory/812-109-0x0000000000D60000-0x0000000000D6D000-memory.dmp

Filesize
52KB

Download
memory/812-108-0x0000000074A00000-0x0000000074A24000-memory.dmp

Filesize
144KB

Download
memory/812-105-0x0000000002D90000-0x0000000002DA7000-memory.dmp

Filesize
92KB

Download
memory/812-104-0x0000000074A50000-0x0000000074A86000-memory.dmp

Filesize
216KB

Download
memory/812-94-0x0000000000D60000-0x0000000000D64000-memory.dmp

Filesize
16KB

Download
memory/812-96-0x0000000000D80000-0x0000000000D9E000-memory.dmp

Filesize
120KB

Download
memory/812-95-0x0000000074E00000-0x0000000074E9E000-memory.dmp

Filesize
632KB

Download
memory/812-91-0x0000000000D60000-0x0000000000D64000-memory.dmp

Filesize
16KB

Download
memory/812-118-0x00000000744C0000-0x00000000745E5000-memory.dmp

Filesize
1.1MB

Download
memory/812-83-0x00000000011D0000-0x00000000014B3000-memory.dmp

Filesize
2.9MB

Download
memory/812-90-0x0000000074DB0000-0x0000000074DBE000-memory.dmp

Filesize
56KB

Download
memory/812-120-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/812-87-0x0000000000D60000-0x0000000000D7D000-memory.dmp

Filesize
116KB

Download
memory/812-86-0x0000000074EF0000-0x0000000074F3D000-memory.dmp

Filesize
308KB

Download
memory/812-124-0x0000000005680000-0x000000000570B000-memory.dmp

Filesize
556KB

Download
memory/812-130-0x0000000003F00000-0x0000000003F01000-memory.dmp

Filesize
4KB

Download
memory/812-131-0x0000000003F00000-0x0000000003F40000-memory.dmp

Filesize
256KB

Download
memory/812-132-0x0000000003F00000-0x0000000003F40000-memory.dmp

Filesize
256KB

Download
memory/812-133-0x0000000003F00000-0x0000000003F40000-memory.dmp

Filesize
256KB

Download
memory/812-134-0x0000000000D60000-0x0000000000D64000-memory.dmp

Filesize
16KB

Download
memory/812-135-0x0000000000D60000-0x0000000000D7D000-memory.dmp

Filesize
116KB

Download
memory/812-136-0x0000000003F00000-0x0000000003F40000-memory.dmp

Filesize
256KB

Download
memory/812-137-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/812-138-0x00000000011D0000-0x00000000014B3000-memory.dmp

Filesize
2.9MB

Download
memory/812-139-0x00000000732D0000-0x0000000073FF3000-memory.dmp

Filesize
13.1MB

Download
memory/812-140-0x00000000744C0000-0x00000000745E5000-memory.dmp

Filesize
1.1MB

Download