babadeda | cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CommunitySetup.msi
Size

17.1MB
MD5

eb64b1dbb38961bdb4c0f4b724b1ed3d
SHA1

a375bc847388cdddc6cffd57dc7f0c3d6be72cdf
SHA256

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
SHA512

5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7
SSDEEP

393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral1/files/0x000700000002321a-108.dat	family_babadeda

Executes dropped EXE 1 IoCs

pid	Process
4916	dsw.exe

Loads dropped DLL 19 IoCs

pid	Process
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	4692	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7BA8.tmp	msiexec.exe
File created	C:\Windows\Installer\e577a04.msi	msiexec.exe
File created	C:\Windows\Installer\e577a02.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e577a02.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b201ae15c8733f580000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b201ae150000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b201ae15000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db201ae15000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b201ae1500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1292	msiexec.exe
1292	msiexec.exe
1292	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4692	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4692	msiexec.exe
Token: SeSecurityPrivilege	1292	msiexec.exe
Token: SeCreateTokenPrivilege	4692	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4692	msiexec.exe
Token: SeLockMemoryPrivilege	4692	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4692	msiexec.exe
Token: SeMachineAccountPrivilege	4692	msiexec.exe
Token: SeTcbPrivilege	4692	msiexec.exe
Token: SeSecurityPrivilege	4692	msiexec.exe
Token: SeTakeOwnershipPrivilege	4692	msiexec.exe
Token: SeLoadDriverPrivilege	4692	msiexec.exe
Token: SeSystemProfilePrivilege	4692	msiexec.exe
Token: SeSystemtimePrivilege	4692	msiexec.exe
Token: SeProfSingleProcessPrivilege	4692	msiexec.exe
Token: SeIncBasePriorityPrivilege	4692	msiexec.exe
Token: SeCreatePagefilePrivilege	4692	msiexec.exe
Token: SeCreatePermanentPrivilege	4692	msiexec.exe
Token: SeBackupPrivilege	4692	msiexec.exe
Token: SeRestorePrivilege	4692	msiexec.exe
Token: SeShutdownPrivilege	4692	msiexec.exe
Token: SeDebugPrivilege	4692	msiexec.exe
Token: SeAuditPrivilege	4692	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4692	msiexec.exe
Token: SeChangeNotifyPrivilege	4692	msiexec.exe
Token: SeRemoteShutdownPrivilege	4692	msiexec.exe
Token: SeUndockPrivilege	4692	msiexec.exe
Token: SeSyncAgentPrivilege	4692	msiexec.exe
Token: SeEnableDelegationPrivilege	4692	msiexec.exe
Token: SeManageVolumePrivilege	4692	msiexec.exe
Token: SeImpersonatePrivilege	4692	msiexec.exe
Token: SeCreateGlobalPrivilege	4692	msiexec.exe
Token: SeBackupPrivilege	2768	vssvc.exe
Token: SeRestorePrivilege	2768	vssvc.exe
Token: SeAuditPrivilege	2768	vssvc.exe
Token: SeBackupPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe
Token: SeTakeOwnershipPrivilege	1292	msiexec.exe
Token: SeRestorePrivilege	1292	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4692	msiexec.exe
4692	msiexec.exe
4916	dsw.exe
4916	dsw.exe
4916	dsw.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4916	dsw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4916	dsw.exe
4916	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 4300	1292	msiexec.exe	98
PID 1292 wrote to memory of 4300	1292	msiexec.exe	98
PID 1292 wrote to memory of 4916	1292	msiexec.exe	101
PID 1292 wrote to memory of 4916	1292	msiexec.exe	101
PID 1292 wrote to memory of 4916	1292	msiexec.exe	101

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\CommunitySetup.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4692

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4300
- C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
  "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4916

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x504
1⤵
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e577a03.rbs

Filesize
12KB

MD5
72c9cb89142f243053c83dc3b2c3fd33

SHA1
e90a2bcdbc634b0e7e15d6d56e38d958471794af

SHA256
dbdf6b1b5958388be5fbd2382d9b93d7211876f68baa25918ebaf212af26af79

SHA512
f8e785e4111cc5a52bf7bdd9e652b1efffb82d28823cd0bf3ff57b308965950dd09157bd1e43e0e9cff986a4a4138dc29a93ae3e4292740cbec5da062200cc1a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
183KB

MD5
78653f04446386cbd2f306be518a417d

SHA1
32c089214b3279b7b257d0a537628c1e9cf633ff

SHA256
966364b720503fc23e85903e9d725e8482e499c252d5b14b1fc3567369964e68

SHA512
48d18ea2543b7feef215b6dc3b03232905f44f58c54a3cd019ee1f3b669d375fd8f5a9f9af9604e7df903980bb85b3ae0cfeb81afbcf3afaa41f7c14a5f859ca

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
129KB

MD5
52cabf42e56e5e847fb5eb789081c2b7

SHA1
62451b5885f029586158a09c3d4db85477f487da

SHA256
ce84cf696a731c6eda9ce028715df9367d26d2d9b539d1e5ecc6c19debc078d3

SHA512
4e39088876929fc20f82e4a88c3312da1a2ca96cbcac400c14df4f28a39222a98937bc729d5e445824ce475aea1134e22ec3e773f562f20b551079a392670215

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
368KB

MD5
b5120304467c5909f99a2955ed2a925c

SHA1
a37c5a64be6f3ea1c3577cbd1a112eee686b9277

SHA256
6ce564a1c5cddea5cd9eca2c4c4d0b761c07a067b24fd6bc78e125c5622b0fc7

SHA512
918ac6cbe8009a6f0913e67bccfbbcc5dbb50e4d05a063702ad2302f58ed3419518d834dcbb943bc97139c5313ae0443db11c86d83ec10201c296deaa25bbe3b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
379KB

MD5
e98f595caa5ee23e8a3e46d83211da9d

SHA1
a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

SHA256
df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

SHA512
e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
403KB

MD5
1491b81bdddbb52d27ee0de276cde1b5

SHA1
dea05c238eed173b93640b7db24dcd7dc61423e8

SHA256
2a1450bdfb924d08dcd013790b5e143666600ebf19a67295de18f48d800a3a0f

SHA512
86868391e7921e181072e1e24b886682b706f00d55286fc67f54583a1e3fc77f47d618a9f6fbda1009de6638dc56d424f870f81e478295917e75568c5f77bdc6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
789KB

MD5
97d2c90b577e22ce151b01453d9bb859

SHA1
b7aa18a4e7caa714411cf8131092a1751701ddbe

SHA256
876d1372eee9207207e377702047c525e801e7b7b7f1b2ae16f9ea6f5d881f69

SHA512
89b5dfb2c74bca31618d09e2caa084f8c112acfedb6b6796ea1257dbda6c218678d79e3708ccae278e34010685306a74ec515075a3e7e1b57c2f38d93281e66c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
128KB

MD5
cf36f83492f6faccf425cb50522647de

SHA1
9fea2fddac97c8c99e930b6d78d9148a128f29a6

SHA256
334d28f89f747eba066b2604b82b441ee9fafc3276e9cf85b2736af1b4328ce3

SHA512
50a32fd07fad34ed8b4602f6cb6e8b87cd64ab819bf860112ff218a70bb6abbad260e8b53ee3769eeaf25eb6575ca50aa4a59fa4d01b9b88922ea0e5390b29b6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
279KB

MD5
4caf4f86f2e8abb3142a7a6ce24e3a96

SHA1
ed1247b5b5e5cb2805891a1f0136071d878db134

SHA256
c78f828e6eb3f82a0e744ea001094724d37ae6a32ad16d80b92355a7dbc68487

SHA512
b09153a8d45786d1bf3cf3be07510205e950c113735b2161c2e59921cfac7c0e3a771f824e474c1150cdcd9c5135bde80e191fc1f4ca42f187bcc8f8ff7f78bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
89KB

MD5
d909b650776ce29d7ad41f1dac99dd86

SHA1
c662ba50b1d128c91f6bdc76a279a07c62f1d96a

SHA256
d3a1ee7fe7a925799252b2bbf51d4e142960cca39ed85f7944b7c2b4aaaba622

SHA512
8b6c2c881812ac1ddfafb73faf01db1a60d704874706b528b05fb9f992f044dca1b5b599d86b409e5eb76d46d53ab16b2dc63ddc78d31a261958f0646cc1be6c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
454KB

MD5
fa229d16826bf6f4633c7c9f85d452dc

SHA1
ab87c4eb2fca1bb7d6970fc899c929da690cb28b

SHA256
796ee81498ab16a87c677a713367a67f2e648ebb7990fef7885cef612c1be595

SHA512
f57dc888ed675d132c1880716f0db7f6ed7cce4b485591c067663ed5828fc3f75ab7f8e88bf85b763ea0500a9e5377ff98951d4f9a09399a9039bbaf01f2cd61

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
29KB

MD5
e1d3dc6b034c7efab828136be076cf4f

SHA1
79485302ad3b5d3d90f348aef5fa0ef4518cec5c

SHA256
0497371c949081c026a92bffa55f4325d513a90af428199eafc53fdec9c59ff4

SHA512
06685073027420a51d14ab3e4537dca44c4e31c3826bd5f3447ee4bb67403ec4d33270514edd0a1f41897b1dc73a37bec18bddf0d8fe3b2515636c9a0144a878

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
235KB

MD5
5cad12666767ac36ad79eef6478ef0ca

SHA1
11334d4294ffa04511dbc43a6b0ab9f8a5bf3812

SHA256
8715050a7098ed798c51b9acc702ec4c4fc349cc930ba17b05cb7dda3e4cadf8

SHA512
87983c4fdcf0cfcabc097e3dd6e9b0c822f129ede4c2c7512aeac70d08650a61f1e10a4bb8ef8a9e829b5d4120375aa0d5f285b837e3cc2ed93538569534004f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
223KB

MD5
316f0cb70050cef11d2d0ce9611dad3a

SHA1
548e47ccc7c79b8efd03d1c58aa0625de45e867e

SHA256
a53c3ae7c74390b7ed7ab7f4c56f44fdc6be54a8807ce7bad13731f91f9178f2

SHA512
08310324d3aa3a3b911330220a60915f97d7903c5cfe4518cde5b458080af09b4cfe4dfb22a5941779b953b65b37b6fcd747d3b1600cfb3912f1b29a6d04119d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

Filesize
14KB

MD5
6bbbd2e95a44c93571d1842ff8defb72

SHA1
1f0edbe02b2f2419b1e5c27b410ef400cfb866e7

SHA256
111e31171b3178eb223b73dc039c6c92847c3259d20de59843212d983a9498fc

SHA512
058b6d6808845250364e0bd015acddce9b882c4b34a5bfb50988943120cbcad09684da3b5e9752b16d2e51068e8fb0940ca7a9e98d0dd196a29e26f7ca350f1f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

Filesize
72KB

MD5
a62a72e0afd7efb02e0fa531bdfba858

SHA1
f892168837a7dc6ca03f580345ca5483a73c703d

SHA256
d02b02de78e20cf0af7d351e8b806913c71e13b834b576c57ddce31613d0a090

SHA512
00eef0da10f949d4045ccde4baad59cdf5c824d34237e4b8c4d202896fc21126b7aa46c9e7dfe0cd8562dc050a44edf46c78096168e48731925b346baca79789

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
286KB

MD5
fc2cdeade23bcf37975720de88b5c633

SHA1
2bf97c59da64ec120c461a3348371a2b9dcb14bc

SHA256
2b138dba25c4d9352486a3852a3d971431325f33f6c3107e8c7073bfea40a6e9

SHA512
96d6ddc4c96ec6fec698dfa2ccee5ec5f8526e5057821c6af34d01bf13b14135318289ed91b6a8fd01c8883f47dbdfbfa66b65373cd3f213759f4720092edcc4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
1.1MB

MD5
a6514adeed9676bad4c2b8a205047e0e

SHA1
ccfe35b92cf3d20dee442d985b0beadabf0b5c18

SHA256
8c050af42784ecefc72cb5999ee849f028bb634601525d69b88074e5fa67cdc5

SHA512
c10f0e27241a07ae083db09aedc31f95ecd61d6e2ee0227ab394365455ea63d7cebd216a29d5e3d2292bd7203b1a9763ddf1fc7f1409ffb395e24aa3789a8ed5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
12KB

MD5
f3f66f348a258c88e2d0cd9aaadf1d6a

SHA1
55aded5e67e96783828ea2b4ea1f36d19137b46f

SHA256
08bc7bcd21657966bb2dc1da104146a57ef7ba184483c9c2316da241527d0328

SHA512
92eb183f7ba5ca5d34d8e8adbde0bda3e8ffb89db8ea50109b560af9ae328a548d2a78242dc425928f4ee4707485d3d1bca5e1992794b33ef60676d489f89eea

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
42KB

MD5
3d01a794a692680f97e1ab1ba7e980c3

SHA1
e3216c0484b3e1398a51e8289db1a56b00dfbf54

SHA256
f179ac5e40c27c7394a3d551b3479e8f0d0963041c8e1eb9369b641b635ade7d

SHA512
198c0e8d5177f06c08c8f25371ba92f033f722c57ff26778169e349122aa760ba75fb2b7de63cb95d35d72bccdff2c599433b51bf54207607b7d462f93eae8d6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

Filesize
256KB

MD5
9929fa8e80e073112e6df702f6e56468

SHA1
3f8e1ef93f9b0cb2f846ab10902b69d090b6f876

SHA256
98fcb7c28891f96afbbca1d894623c83007ae9527549e3c427b3f8a597698fd2

SHA512
1907f743343eb4df29883094b23c9bccd345312fd88e519c4002800df86c69eaa57ec48c67baeff6730d2168bb406bce7bab2118c017eada98cb4789f825c28f

Download Submit
C:\Windows\Installer\e577a02.msi

Filesize
373KB

MD5
f464d92e830f80a65493e184b579cb02

SHA1
813eb77d566db307c98f6564706a50fd5d46444f

SHA256
e912bfecc22e002ec9e90af1c9130f3dcb0ae94937f2f9e81c01c9e1a356c5de

SHA512
71644ae297fadc1a4c8a10dd35340d8dc743f70245a45f39a3c2ecba93e0f40bad27683c36181c1785997f79f6a385056cc0796f38a17489512800cb94790687

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
160KB

MD5
820aeb121b9099ab9950bcfdeb991209

SHA1
8b9f0055755af9c90074382aa995896cd1d23f98

SHA256
cb7a268a814a90ef39ee7b2d9e1ba58ffe07958259a6734d6f30743b3c4a1e01

SHA512
5c4a45511650d3eef1eacadd5cb1e38461c2f15a75aeced44ffe3384e17b7abde786aceb8d8afea1ff2bac30157a3d264a68222e6617b594f4c1e4a63c2c949a

Download Submit
\??\Volume{15ae01b2-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{bb68b8e3-46ef-404c-a2d5-15ed87cb89b7}_OnDiskSnapshotProp

Filesize
6KB

MD5
c1d9a339c933ab5effb8bcf5da92c289

SHA1
e370a7a3f44412716a6d2de2fdc1bf03e27f91b1

SHA256
9c71297f6c9018d36f75bf3c4f9f27fa1a90a6a320c5e0f914e54e3e2b468148

SHA512
0a3538e9156c65af421a49ea2294fdef400087d18f652828803768c1dcc06bcaf9e2155dea8bca13568dce9f56d04c1b2f7a60894b35553e04cc3a74577efdb7

Download Submit
memory/4916-114-0x0000000001560000-0x0000000001561000-memory.dmp

Filesize
4KB

Download
memory/4916-94-0x0000000000D60000-0x0000000000D6E000-memory.dmp

Filesize
56KB

Download
memory/4916-92-0x0000000001480000-0x000000000149E000-memory.dmp

Filesize
120KB

Download
memory/4916-91-0x00000000753D0000-0x0000000075403000-memory.dmp

Filesize
204KB

Download
memory/4916-87-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/4916-103-0x0000000000D60000-0x0000000000D61000-memory.dmp

Filesize
4KB

Download
memory/4916-101-0x0000000074FC0000-0x0000000074FE4000-memory.dmp

Filesize
144KB

Download
memory/4916-124-0x0000000003A20000-0x0000000003B60000-memory.dmp

Filesize
1.2MB

Download
memory/4916-90-0x0000000000D60000-0x0000000000D64000-memory.dmp

Filesize
16KB

Download
memory/4916-122-0x0000000003D40000-0x0000000003E80000-memory.dmp

Filesize
1.2MB

Download
memory/4916-88-0x00000000752F0000-0x000000007538E000-memory.dmp

Filesize
632KB

Download
memory/4916-125-0x0000000003B60000-0x0000000003BA0000-memory.dmp

Filesize
256KB

Download
memory/4916-84-0x00000000753C0000-0x00000000753CE000-memory.dmp

Filesize
56KB

Download
memory/4916-85-0x0000000075410000-0x0000000075438000-memory.dmp

Filesize
160KB

Download
memory/4916-83-0x0000000000D60000-0x0000000000D7D000-memory.dmp

Filesize
116KB

Download
memory/4916-80-0x0000000075480000-0x00000000754CD000-memory.dmp

Filesize
308KB

Download
memory/4916-96-0x0000000075390000-0x000000007539E000-memory.dmp

Filesize
56KB

Download
memory/4916-113-0x0000000003810000-0x000000000389B000-memory.dmp

Filesize
556KB

Download
memory/4916-77-0x0000000001190000-0x0000000001473000-memory.dmp

Filesize
2.9MB

Download
memory/4916-97-0x0000000000D60000-0x0000000000D65000-memory.dmp

Filesize
20KB

Download
memory/4916-98-0x0000000075000000-0x0000000075036000-memory.dmp

Filesize
216KB

Download
memory/4916-129-0x00000000014E0000-0x00000000014E1000-memory.dmp

Filesize
4KB

Download
memory/4916-128-0x00000000030B0000-0x00000000030B1000-memory.dmp

Filesize
4KB

Download
memory/4916-127-0x0000000000D60000-0x0000000000D64000-memory.dmp

Filesize
16KB

Download
memory/4916-126-0x0000000000D60000-0x0000000000D7D000-memory.dmp

Filesize
116KB

Download
memory/4916-130-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/4916-131-0x0000000001190000-0x0000000001473000-memory.dmp

Filesize
2.9MB

Download
memory/4916-132-0x0000000073890000-0x00000000745B3000-memory.dmp

Filesize
13.1MB

Download
memory/4916-133-0x0000000074A80000-0x0000000074BA5000-memory.dmp

Filesize
1.1MB

Download
memory/4916-111-0x0000000074A80000-0x0000000074BA5000-memory.dmp

Filesize
1.1MB

Download
memory/4916-99-0x00000000014A0000-0x00000000014B7000-memory.dmp

Filesize
92KB

Download