babadeda | 3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2024 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ClipPlusCommunitySetup_ns.msi
Size

17.1MB
MD5

b82ada91e8742234257d9cad38deebfe
SHA1

d1278efa9729f955de1dbfcfe53550e67212ff9b
SHA256

3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834
SHA512

676d29697382b1375c7da26fcd6af20a7c5fb9f0f506c951c7280c7da12778d40fcfb1ef50653628123edf6cba8308d43a4945489a5f6b58e67dcc61d6fd373b
SSDEEP

393216:bnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vhp:wbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIn/

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav	family_babadeda

Executes dropped EXE 1 IoCs

Processes:

dsw.exe

pid process

4760 dsw.exe

Loads dropped DLL 19 IoCs

Processes:

dsw.exe

pid	process
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe

Drops file in Windows directory 8 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\e57857c.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8666.tmp	msiexec.exe
File created	C:\Windows\Installer\e57857e.msi	msiexec.exe
File created	C:\Windows\Installer\e57857c.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1336 4760 WerFault.exe dsw.exe

pid	pid_target	process	target process
1336	4760	WerFault.exe	dsw.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000083dd7964f79773090000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000083dd79640000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090083dd7964000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d83dd7964000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000083dd796400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msiexec.exe

pid process

4264 msiexec.exe
4264 msiexec.exe

pid	process
4264	msiexec.exe
4264	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exevssvc.exesrtasks.exe

description	pid	process
Token: SeShutdownPrivilege	4468	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4468	msiexec.exe
Token: SeSecurityPrivilege	4264	msiexec.exe
Token: SeCreateTokenPrivilege	4468	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4468	msiexec.exe
Token: SeLockMemoryPrivilege	4468	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4468	msiexec.exe
Token: SeMachineAccountPrivilege	4468	msiexec.exe
Token: SeTcbPrivilege	4468	msiexec.exe
Token: SeSecurityPrivilege	4468	msiexec.exe
Token: SeTakeOwnershipPrivilege	4468	msiexec.exe
Token: SeLoadDriverPrivilege	4468	msiexec.exe
Token: SeSystemProfilePrivilege	4468	msiexec.exe
Token: SeSystemtimePrivilege	4468	msiexec.exe
Token: SeProfSingleProcessPrivilege	4468	msiexec.exe
Token: SeIncBasePriorityPrivilege	4468	msiexec.exe
Token: SeCreatePagefilePrivilege	4468	msiexec.exe
Token: SeCreatePermanentPrivilege	4468	msiexec.exe
Token: SeBackupPrivilege	4468	msiexec.exe
Token: SeRestorePrivilege	4468	msiexec.exe
Token: SeShutdownPrivilege	4468	msiexec.exe
Token: SeDebugPrivilege	4468	msiexec.exe
Token: SeAuditPrivilege	4468	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4468	msiexec.exe
Token: SeChangeNotifyPrivilege	4468	msiexec.exe
Token: SeRemoteShutdownPrivilege	4468	msiexec.exe
Token: SeUndockPrivilege	4468	msiexec.exe
Token: SeSyncAgentPrivilege	4468	msiexec.exe
Token: SeEnableDelegationPrivilege	4468	msiexec.exe
Token: SeManageVolumePrivilege	4468	msiexec.exe
Token: SeImpersonatePrivilege	4468	msiexec.exe
Token: SeCreateGlobalPrivilege	4468	msiexec.exe
Token: SeBackupPrivilege	4756	vssvc.exe
Token: SeRestorePrivilege	4756	vssvc.exe
Token: SeAuditPrivilege	4756	vssvc.exe
Token: SeBackupPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeBackupPrivilege	3180	srtasks.exe
Token: SeRestorePrivilege	3180	srtasks.exe
Token: SeSecurityPrivilege	3180	srtasks.exe
Token: SeTakeOwnershipPrivilege	3180	srtasks.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe
Token: SeTakeOwnershipPrivilege	4264	msiexec.exe
Token: SeRestorePrivilege	4264	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

msiexec.exedsw.exe

pid process

4468 msiexec.exe
4468 msiexec.exe
4760 dsw.exe
4760 dsw.exe
4760 dsw.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

dsw.exe

pid process

4760 dsw.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

dsw.exe

pid process

4760 dsw.exe
4760 dsw.exe

pid	process
4468	msiexec.exe
4468	msiexec.exe
4760	dsw.exe
4760	dsw.exe
4760	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

msiexec.exe

description	pid	process	target process
PID 4264 wrote to memory of 3180	4264	msiexec.exe	srtasks.exe
PID 4264 wrote to memory of 3180	4264	msiexec.exe	srtasks.exe
PID 4264 wrote to memory of 4760	4264	msiexec.exe	dsw.exe
PID 4264 wrote to memory of 4760	4264	msiexec.exe	dsw.exe
PID 4264 wrote to memory of 4760	4264	msiexec.exe	dsw.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4468

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4264

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3180

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1648
3⤵
- Program crash
PID:1336

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4756

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x384 0x304
1⤵
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4760 -ip 4760
1⤵
PID:4500

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57857d.rbs
Filesize
12KB

MD5
473aea0519cfed05b74ad6b6b0b0397e

SHA1
62e8297f05c8127f95365c4c024071f7995e9be6

SHA256
f5bf0d94a92fda1a5ec7e323f4f096019ba79cdeb84187435e98aca814d18e0c

SHA512
47d9c0c9f69db08ae6c5ced90af801ace142d9cda62227963acf5546ec9343433dacfc8a51621275e9bee20c292ec3bec8043b7fc4244757837462318cf52fb8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
Filesize
186KB

MD5
923d81f8bbb2413c9be037ee13827349

SHA1
bc25befded50e1917c48300e2b15b5b1383c12d3

SHA256
412e9f2155635aa96aef857d96a70779bc579c89346e3183bedf465c86e4dcc5

SHA512
f0e63e4dc9e48f9f0e1b821cfdf552c16d529081acac12e0e92aae64b7bfa77d5bb812298868a9f27f804d77d57f28f2d794167d596e2e19d993d5a30efa103c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
Filesize
142KB

MD5
8a6b4dec2d026ebc3161a4c75fae34ad

SHA1
c50f297728101e9a71194f8154495e995afc4573

SHA256
c52c83b55735d637383fc95530384b7a05dae61124d452d85ab294f458609dd8

SHA512
7ab060c4395580a6be25d01c36dcb58e952100028bae2b6fcb98a76e84d1c327263825e7dfa4564995e3f84f7adc877e0d8364574414d84610be978b895bc0fe

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
Filesize
287KB

MD5
440bf5de394197f6ec040517958253c0

SHA1
3a552373ff26909737ad0cf499423cf9b9e51092

SHA256
a3b9d3527e06f75617c61895adebed166944bddce761874937981f3cf299706a

SHA512
cb3c5707ca3ffb526d529b6a76e12fcaca6f2480ae7dabd22d5a132e6d453c9de5bd0ec5eb44d4d7db5b852c9e0fac96fcd5ff2476c8261fcfbc867c6915b4ee

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
Filesize
255KB

MD5
229809e3a261e3659ea13f1b4b900dcc

SHA1
8fc804f724d77ce1f2a80f94684b734bc7d8b03b

SHA256
a8b4e71f214313fa4e3370997fd7a107f684670fe5f886927562f4733051fb48

SHA512
d67f35908481150afe045551d5a69f1ad7652dc4a65b3fe844db80204b439d29887a8961b0ccda2c54b8dd57ac03b66ae2a3b0b17f3e37abe61a420887e189ef

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
Filesize
247KB

MD5
eb64d8edb73cd6c5481ecdf614248f44

SHA1
60d5e57072c1f527909d74b3bf79242020d6c3ea

SHA256
03edc5ea668d633eeb49c0553b6be82d3f045f6de8a8ece71ab2c454f48de0aa

SHA512
4f4e919b04de1199d183ac0c5d7bf9d1daee83eb384ebede3bc8bd2dc94373cc032148b287c7e0061073e3820a1a5007e8a94de3f3fe2bd749a1f169af7500b6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
Filesize
319KB

MD5
8900960d56e7358a6c0c4b19c05350d5

SHA1
a680b9add961716c7a69a7776a374ac6b43d4b8f

SHA256
6dafe3a8afa58c24a6843256c4bd3ef9d8c8cf661ff107fd0be1081255c17a9f

SHA512
75eeff254bec8623cc15a60acf0006a496e48a18dffe598de6679cbd76f03909239c573b317c764eabadfa9b35a75ad4a7195ce5428d58e100f65675a16a4ebd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
Filesize
231KB

MD5
c0ea08dee4380df2690bb698ddca1003

SHA1
da4f778fdf22066c42a353cdc78ba9cdff8f5cd2

SHA256
a3332791eb47e37904a0fd101709373034052d5a012d32d47d8586757cdabbfa

SHA512
61be455eb1b31925f3ed95964a7c11b7bf420dabfdb59f7a70d82ff66fc91d66b91be9635da4809c35849daba69a0d081f3ac3ac86b274df5401c939809cdda5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
Filesize
81KB

MD5
6ca98d17f6a6f47a57b965cd6c8598c5

SHA1
508f0158cc1bd970bea75fa4a6e5a1c7885a1f32

SHA256
ab36808ca245b74b7b35adf33b12e31592964341a86d9a9c50e4c66f50b6ccaa

SHA512
e3026422d15d3a41428c6732593bf3ed18e5bb62727d4ddd7ae5bb81175acc4e3d06f1a3a70242d2427423642060b34366b71a937ffcce55c4ac876df132a602

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
690KB

MD5
44e1d57dbdc623f96e6080d7bcdf2abf

SHA1
508077c4ed69f59edbd32caa3635fb684cac483d

SHA256
5007f96f7a0a14119976e5a71af9296f4dc6605faaee537a02c1033d5724b155

SHA512
e8420835ccd302d968a6db689581d5f2aaaa1f0d695bbdffcd58cb382beef6072ae4bb9aa1d094ff5a4b0fed25baf1affab095482aa39b710a9229277958dfa7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
823KB

MD5
444eb8e582d40bb97895f01d158aa07d

SHA1
230c2eb27ce31923a8e615c9041bbee191545752

SHA256
65c0faa8d3246bfa569b6f4d3676ee067abd77ca585d2b924e0b728d6a84a8d3

SHA512
56dfb46157c1bdf8f46606d47177b5a14a14b3a488f90f7a863a892e31491d362ab8d65ebff9520ff059b7046664aad2ee2bf2b265c933def33826a92b8469e5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
799KB

MD5
c8c0b3da9b1af3c37a0bce1c523d8a08

SHA1
314a6b83a2a1d9aa3af9e40d5cce9e5121795b69

SHA256
b2293172ddfe734883b9c8ea785ed80f7ab86220c3721169205e12a31fa3a052

SHA512
537c839322742c7d08e12851e83d71c91002dc53ea29d7121998fd20fedca337bbd5460ec70a4e8f6f11dbdfd7f14685590f60ff023b103afe90e331d16fda23

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
Filesize
315KB

MD5
4b46ac18f3215fb0805be479b639760b

SHA1
f20d061a4793987260e813bf78c0d5d56c88b838

SHA256
e8849df9b962545e9854ac3abe3e181dcf95a47ffadf79cd16f6e0437ad04160

SHA512
0281044022dfa39f54a6f393c4b0c74b689f18cf651541de8c6d1b2ffa97c067c818da3bac5c9be57b526af24075753f8ec4e10f8faca89bbde7b8b62e5ef8b1

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
Filesize
268KB

MD5
c76c7109f8bfda0618308fa499204513

SHA1
a0ce5a92b1532c9b3023ed2bea2269ed32dc42f9

SHA256
8acaa17007501dba6114074981502dd10321792a40283e5308987a7eaf55f608

SHA512
665b7a637587281e229b5e9e6e66107e74a7e6a27e3303db18c43a3f9d9204c786ebc60a82dbe75595e49abe0bef5d035e94b232f11bec324ccb02e72efec887

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll
Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll
Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll
Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll
Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll
Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll
Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll
Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll
Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll
Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll
Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll
Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
Filesize
155KB

MD5
ffc56c2c8b3fc58428af84555ef1c17b

SHA1
53b70a64c47dc1e1679f6f230b240b8c01ba926b

SHA256
30704e3d02d93f85bd15fab04755b9a02904fd44f779c9cfdf9b9f5c2033e1e6

SHA512
bffa6f2317662453b91bc5eccca00bb549a0e2cafa5a594a3022eadbc089fe16d98833a72036b6a83f0dbbe14b03a6e7e2278c6aac758df4d817ae66ebfa6cf5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
Filesize
1.0MB

MD5
30f525e3aa396ade6c5683f9e7ba0bbe

SHA1
74f72bd45328b72a4842fc6a0340c4e04dc6467a

SHA256
8b81b5f1d4fb0479f25db2e254868893043961cd5fc02ff82b72356721b1e80c

SHA512
22673e7868238d5df3605c55ae807a8c466b8d62fe2a1fe82a347e7d7729310067f07fd34f57fe5093109252281b8ef79b9b52f1509c3180cfcb37ca160da730

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
Filesize
639KB

MD5
ce46bb65ed175df447b55fd6a8a98af8

SHA1
f5c00caf298fc7ab46050f969b760d9dbab14c04

SHA256
5087884499c94cf957fc276c03f6caab70af3658b72ff94cd50ff733795a201d

SHA512
d4ec82c44255fc0612874f4534f0f9b78d71756e627161d40cf3e68b5257cb1d180dd6070e665285aa8ec8d87a774f55f5731c8086ea9f23444339453f038c67

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
Filesize
934KB

MD5
50d8afb4df96af7fb4340ae86889bbcb

SHA1
7c264b8d89ea2fa18635805ae355be3974f213a2

SHA256
fdf63dcb5507b23724c4316b4905a4f3f4f64e14be5b716797d2c73d6d67953b

SHA512
96e287d5b7b9ea939f6099d8bf44fdc374af6e3be4f65fa2bd839da1725e4797ef0dc715f27bcfabd4072cd958daed7f2e54aff918bd426e320d9a985f158180

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav
Filesize
229KB

MD5
543fda6db476c7c9fb238280a1bbaf44

SHA1
f01c15e37c3177d798440b466b45e77fdd301f14

SHA256
b65c4c59e1098f8d2c7d040e80d5227d4ebdefe55bde89a7ac15e0923c05d448

SHA512
a3b935598f8aa4c9f9e0015240a642fed50fe91925e139799fbe09ec99a4cd264dcde3410872409bd6cc55fe689bb32479f111dc0999514c07dd244127c8b846

Download Submit
C:\Windows\Installer\e57857c.msi
Filesize
1.1MB

MD5
2b02d1faa7f45026ba82e297b80ad4e1

SHA1
021d9cc8c2bd0ab66c859f799765ddc5926bd164

SHA256
4b41e40afc00932897b88390fb18a17b509cf19c8a3ada33859f310db591948f

SHA512
d34ff3806fee903fc5dd667ac2fd9ab8e9dda2590d75f89c4fc54bd1e5e0f449f78a9a02f01a78dbbd63ebcfb8bb8d89c3a9de371b0031efeb7b78b7deb316d8

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
Filesize
3.3MB

MD5
2949e2544c9ec7d9c3ec1e8cfddd0e4e

SHA1
e5b496d588e87dd7f0cb21ba519693b20c076a66

SHA256
47338a65960bb4d79f3b4b05ada1318c3f4ecc3cd5de0defe67e8b299cc180e6

SHA512
537a3881ffb2af9a8d4ef8bb3bffc53c168458f972c5f2d9f7e59bd4e0028c2c8d0589f9385e0dc3ff2df3b5c51285b8a9429bfc1f5d19821d1d4224a1dc49ee

Download Submit
\??\Volume{6479dd83-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{6b3d44fc-3cc3-45f0-ad43-d71caa2e4729}_OnDiskSnapshotProp
Filesize
6KB

MD5
99fd63318f0d2c8ade30d6c6ca6314d3

SHA1
e15d64d80ea6e74a0bfe17d4b31332081efc9588

SHA256
379f1533edf9566af528de06dee2a5f83046af635678c9b2447e3d23cd5c3f9b

SHA512
bfdfb7ced8ee6d31726f1fdc3ee716e8896a10979643804cdf2fcd0ed4c5e04fc83ff2fcfb69c53fe945a6995c9b171fa946422b0510307cc2a8adff2a44fda2

Download Submit
memory/4760-97-0x0000000001470000-0x000000000148E000-memory.dmp

Filesize
120KB

Download
memory/4760-102-0x0000000001470000-0x000000000148E000-memory.dmp

Filesize
120KB

Download
memory/4760-101-0x0000000001470000-0x000000000148E000-memory.dmp

Filesize
120KB

Download
memory/4760-90-0x00000000755E0000-0x0000000075613000-memory.dmp

Filesize
204KB

Download
memory/4760-88-0x0000000001470000-0x000000000148E000-memory.dmp

Filesize
120KB

Download
memory/4760-87-0x0000000075620000-0x00000000756BE000-memory.dmp

Filesize
632KB

Download
memory/4760-98-0x0000000001470000-0x000000000148E000-memory.dmp

Filesize
120KB

Download
memory/4760-110-0x0000000074F30000-0x0000000075055000-memory.dmp

Filesize
1.1MB

Download
memory/4760-99-0x00000000754F0000-0x0000000075514000-memory.dmp

Filesize
144KB

Download
memory/4760-95-0x0000000075490000-0x00000000754C6000-memory.dmp

Filesize
216KB

Download
memory/4760-94-0x0000000001470000-0x000000000148E000-memory.dmp

Filesize
120KB

Download
memory/4760-112-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/4760-93-0x00000000755D0000-0x00000000755DE000-memory.dmp

Filesize
56KB

Download
memory/4760-114-0x00000000039B0000-0x0000000003A3B000-memory.dmp

Filesize
556KB

Download
memory/4760-82-0x0000000075900000-0x000000007590E000-memory.dmp

Filesize
56KB

Download
memory/4760-121-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/4760-84-0x00000000758D0000-0x00000000758F8000-memory.dmp

Filesize
160KB

Download
memory/4760-85-0x0000000001450000-0x0000000001454000-memory.dmp

Filesize
16KB

Download
memory/4760-83-0x0000000001450000-0x0000000001455000-memory.dmp

Filesize
20KB

Download
memory/4760-78-0x0000000075910000-0x000000007595D000-memory.dmp

Filesize
308KB

Download
memory/4760-79-0x0000000001450000-0x000000000146D000-memory.dmp

Filesize
116KB

Download
memory/4760-75-0x0000000001160000-0x0000000001443000-memory.dmp

Filesize
2.9MB

Download
memory/4760-125-0x00000000014A0000-0x00000000014A1000-memory.dmp

Filesize
4KB

Download
memory/4760-123-0x0000000001450000-0x0000000001455000-memory.dmp

Filesize
20KB

Download
memory/4760-124-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/4760-126-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/4760-127-0x0000000001160000-0x0000000001443000-memory.dmp

Filesize
2.9MB

Download
memory/4760-128-0x0000000073D40000-0x0000000074A63000-memory.dmp

Filesize
13.1MB

Download
memory/4760-129-0x0000000074F30000-0x0000000075055000-memory.dmp

Filesize
1.1MB

Download