babadeda | 1120c72e96423635515bd260a0d9b219a6a7d17eca7f21d2ab63e3a6d2319539

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2024 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ClipPlusCommunitySetup_ns.msi
Size

17.1MB
MD5

b82ada91e8742234257d9cad38deebfe
SHA1

d1278efa9729f955de1dbfcfe53550e67212ff9b
SHA256

3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834
SHA512

676d29697382b1375c7da26fcd6af20a7c5fb9f0f506c951c7280c7da12778d40fcfb1ef50653628123edf6cba8308d43a4945489a5f6b58e67dcc61d6fd373b
SSDEEP

393216:bnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vhp:wbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIn/

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral2/files/0x0006000000023223-105.dat	family_babadeda

Executes dropped EXE 1 IoCs

pid	Process
3228	dsw.exe

Loads dropped DLL 19 IoCs

pid	Process
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI789B.tmp	msiexec.exe
File created	C:\Windows\Installer\e5777c2.msi	msiexec.exe
File created	C:\Windows\Installer\e5777c0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5777c0.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000da362e54a03ebf190000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000da362e540000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900da362e54000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dda362e54000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000da362e5400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3356	msiexec.exe
3356	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3628	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3628	msiexec.exe
Token: SeSecurityPrivilege	3356	msiexec.exe
Token: SeCreateTokenPrivilege	3628	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3628	msiexec.exe
Token: SeLockMemoryPrivilege	3628	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3628	msiexec.exe
Token: SeMachineAccountPrivilege	3628	msiexec.exe
Token: SeTcbPrivilege	3628	msiexec.exe
Token: SeSecurityPrivilege	3628	msiexec.exe
Token: SeTakeOwnershipPrivilege	3628	msiexec.exe
Token: SeLoadDriverPrivilege	3628	msiexec.exe
Token: SeSystemProfilePrivilege	3628	msiexec.exe
Token: SeSystemtimePrivilege	3628	msiexec.exe
Token: SeProfSingleProcessPrivilege	3628	msiexec.exe
Token: SeIncBasePriorityPrivilege	3628	msiexec.exe
Token: SeCreatePagefilePrivilege	3628	msiexec.exe
Token: SeCreatePermanentPrivilege	3628	msiexec.exe
Token: SeBackupPrivilege	3628	msiexec.exe
Token: SeRestorePrivilege	3628	msiexec.exe
Token: SeShutdownPrivilege	3628	msiexec.exe
Token: SeDebugPrivilege	3628	msiexec.exe
Token: SeAuditPrivilege	3628	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3628	msiexec.exe
Token: SeChangeNotifyPrivilege	3628	msiexec.exe
Token: SeRemoteShutdownPrivilege	3628	msiexec.exe
Token: SeUndockPrivilege	3628	msiexec.exe
Token: SeSyncAgentPrivilege	3628	msiexec.exe
Token: SeEnableDelegationPrivilege	3628	msiexec.exe
Token: SeManageVolumePrivilege	3628	msiexec.exe
Token: SeImpersonatePrivilege	3628	msiexec.exe
Token: SeCreateGlobalPrivilege	3628	msiexec.exe
Token: SeBackupPrivilege	1964	vssvc.exe
Token: SeRestorePrivilege	1964	vssvc.exe
Token: SeAuditPrivilege	1964	vssvc.exe
Token: SeBackupPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe
Token: SeTakeOwnershipPrivilege	3356	msiexec.exe
Token: SeRestorePrivilege	3356	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3628	msiexec.exe
3628	msiexec.exe
3228	dsw.exe
3228	dsw.exe
3228	dsw.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3228	dsw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3228	dsw.exe
3228	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 2856	3356	msiexec.exe	100
PID 3356 wrote to memory of 2856	3356	msiexec.exe	100
PID 3356 wrote to memory of 3228	3356	msiexec.exe	102
PID 3356 wrote to memory of 3228	3356	msiexec.exe	102
PID 3356 wrote to memory of 3228	3356	msiexec.exe	102

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3628

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:2856
- C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
  "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3228

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:1964

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2f4
1⤵
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5777c1.rbs

Filesize
12KB

MD5
083cd0819801917565c6830b92d6b245

SHA1
6caab1ce223bc4e3de9c1eba5889ace591856e8d

SHA256
a00600b79233bd1c832202bbed07f12000d42de794fdc43c2163fc6791817f4c

SHA512
25b3dae8921f92c6f66643fcda1218c05340297e492f0de79d734adc7c55b2e34b6e6cc9f0c928a85a15789e369c7339589797e87790d90517299e17f72f19ce

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
203KB

MD5
25e84e9d3e603009fdfaeeb4637fe769

SHA1
543d6cf97d8de469071542a23b02613f2680fd32

SHA256
991c61bbe262457c0acf5998c8eec2a1076aff5facabc2fe55b9b4f916ba3b62

SHA512
c92074ed7e3138ac8e6f670baa9ceb7f4113119d3d6d075a2caa45612101e0f246f884fc3e6d497e133a3eecfab0f02e37a0801d6fb87a6226692979a35a57bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
195KB

MD5
fb9c4d81546bf8d1b42f1f9dbe0f42b1

SHA1
7d8633b52dd9d9c9a84358a379ea057bba59d3a2

SHA256
691410f30fcb06131dc3d69a94152103e340a2cb9f248c5c35107b4a7da2934e

SHA512
3ba0bd4b4890b4c216a5a45b91f65d3a27786a5986e27934a7b68c3bd8f84620c2434fe9d8c323f9320a9a92f49da4e158bf678dc97ede5731d645bd3470125f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
182KB

MD5
b9d172e6b4d7c9c5111ee350ba9b6948

SHA1
4d714c0564574b4a86fdbba9c05e4d7082e96a2f

SHA256
83747ce1a9d7fc18b35fe5a1c9f40acc116c5003ec4a64bbd929660d1499eb93

SHA512
a64c0c519c57f86edb0745a8033c8970d065b2d069ff449c2c2127e65ce3cba2e4efe5c77743e54e203e6ef8b5c84948d043ce90376760724907132146172da9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
262KB

MD5
95f4cbc0cdaef94235b94f8a7d347877

SHA1
acc8ad8568861945a7fca123ade0ccc8819a72a4

SHA256
515abf1ef8a43e248481bf1e28a8832a8c0b29c89e86ce2bb200b1f0ff7b0d48

SHA512
cb86235c60b89bc5c92f7083f46f38c839420c9875180c0570da933a5308918044364c9378ebb3e3d3ca8f86863692fb0136eaf952ca255a8b87a5849c9ce264

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
413KB

MD5
4f28193683c5eb1fea85be013b66a55a

SHA1
6cdb0171e6017a45927c42d4d6b785084e22059a

SHA256
6f4bd840d7b0a80017095bf7d1a13dbccecb62ca48238312aa0eca7895f4d508

SHA512
756cd701c4a8642bf79fcd95d8e82905f88b9ad6350870b922c0c304a7b33c28cd9fd49c887b1c8a374b5b661a24a3fbc4ff079825df12097619091926bd10ff

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
401KB

MD5
e3763bae191249e45f8bcb089f50687f

SHA1
42266668f3e64fb9a548910a5b841c9e24df60a0

SHA256
021b383f4d98766e559d416a0343b7c9b66864046b4c4c1624c0108aef458c8d

SHA512
b4d5a72b1c84701d8c1646664950c58bb3947567aae4ff1257033eae6fb5f9d93bfc308208e75da24226c1bd4c42ed903a2459230062aae0e9a4a7e053a83ce4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
297KB

MD5
18660d3d9b459fffe2b60d3fdb0c0429

SHA1
109056e4a93c6aa8dfa56ba8b262f650d53a38af

SHA256
6108f5b6a6866c928ec868916616c6018b6dd97c39dc2aae6d572ef665eec178

SHA512
73e25f1a038125cbb91dc3326fb489acd419907fe414f79e067a113ad416c3b4d62af2f63622c085056f0df70b49283491241b1e582ad7739424640e2285fa3e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
217KB

MD5
b0dc7bc150d8b6dc46009f890188e629

SHA1
5b736325d75fdc4f41d59c6664ddbc7bd9aa9ab4

SHA256
af9e8d6c5dee7a4e704af612c3319ee79614db72f97b87689370ddbe6f0f630b

SHA512
585968c328c6d4a36cae9bbbb5c80b0ed04b6f2fe9762bd0f9e73555d339210aa4042f0aaec17d2e01ceeddc8544322883127da8c585280a781bb91834d10f25

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
5KB

MD5
a89e40f60461351753b1cd6f62165bc7

SHA1
70dd1fbb31b67d1b963301fb49aa4cd1ac51bc93

SHA256
c45ec0eeaffad0d82d00cef43ffb9158886c3c64d18d94cb6a19591456e94fa5

SHA512
1e5b7e86693c531135196f2a9f43935c7629d6ed4306718c40d95c45bd48dd2022f7ac97a1e7131957be53fac4157939ebcfd9dd53e73f54daba4c5a97ffd370

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
14KB

MD5
9a3ab30d8197993493a5e3ae9b14e2f3

SHA1
d4ce1cf643ddf8e8edcfbb3fea66287325e09fc6

SHA256
a89ce3625a67d59ed9f2100f8644cebfb9ecfa4ec69024f8aad5d1dc23e86b60

SHA512
cd666bb4afb694fd310d8e7819f88339675dad79e607c1030ef0d6874ad78676e4bfa2bb530ea45604297706ddfe1380de62cd83a6fbe805f1af804319c2c6ae

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
5KB

MD5
0daa950b6a36a8d35e2cdb0ed958ae35

SHA1
9ad07c1b19417c3e52b99c89cb0c1d1d6806de4f

SHA256
817815c72f5e51b8645608b85e435b5434551b8a6c02f9922f7e2e0c628a82ec

SHA512
cd8874ee97f5558a75782d55c48cd6c06bea40cbb84f00cd9dda780ebf548eadd450a93b5debfe2638c309b99a7f1d5f1f68d6febe49f7dc10ed98d87ba91448

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
269KB

MD5
439decc1029b796a4da374b574fd2ec8

SHA1
c0b34cb1cd1bfdd62227a40bcb6f9c26d93189db

SHA256
96ec15d3063378e1816acf75cef7492908c918f83bf58349cad38c84a4842001

SHA512
ac3421b76cc5164f305710dc3dea44aa15cf25e9023309a609cd5e5f2bf272652cb5ad99722d808d1ab6f804b2e5234fc3d1f133b0e2bfdf4a32aafc763087ac

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
304KB

MD5
6fb3cd685a8df746a1aa872624d01245

SHA1
417c950437b0f6bccea7bce63a41303b8c797674

SHA256
47f5505a48b5afa765cddcb772966aaeaf5b2c29d60d4c09a7837448b34454fe

SHA512
fae8b2c35e1189902b220270b41856cbc321ffcc0bb1998b0ff7e5dc46b8e40ea788509ef4d791204072a152f28f227d7fe4f9903593b41ab72dccc20723c5d4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

Filesize
15KB

MD5
e67116de5e161f9232e3c99c1cd53786

SHA1
81b068a9ab4fe51e0f09e559a201a55bbd196812

SHA256
1067033a7c25160024947edfe2d37f3bf172df65c70b793cdbbe78e6eb3ff797

SHA512
ab6515644ade105b946f4c436575e841c0c2bc6070b7f7eb4dcfbfa4778d243481389e373b9585846ba562201b922c0704d6d2a0a538836000ed90bb26eeb4a8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

Filesize
31KB

MD5
bfd2bb4af1509ffd946550db86dba334

SHA1
c12de3a6335d87297e70d3d0b0006fe292fc60a1

SHA256
5102a5bdd91ea0c65766e6e6f535d29f1c5700f1224c12782105262c0194d708

SHA512
bc46a06b197624ac9abb28aa8e3c340459bff13db195e2059d8ca0a45fdc028643b6e80156664a780242325df6765293d1e9bb057687cdb60db72260aaecfc5b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
226KB

MD5
2be6d141002ec6432a7c7ba8987beb8e

SHA1
bc8eb7fa385aeece3aa177c2736f4d1ccd63efd5

SHA256
e339e1c72854ab7421b5f3dd832577997ef5fe8f16b87e66bd7f845efd24afda

SHA512
3f2b005601d5aa53046bf8f539d9740bf2b953b83520e4f485fa3456df676e5d5035df2055b5b20a49c810cd276073f5c05fc6d9c50e82d5422c88ffda1c304c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
1024KB

MD5
8c34685e9782b007e086ef37beb52946

SHA1
b05707c57e474577196c336d02e274f51c223688

SHA256
9623f69b1921ba6e39eba32539cced1f65fb8c835d73e4ec5c0afd7eff884892

SHA512
1da7f7f94a6b1de4f2ba4edd62b14222175a62bd3006e57c0381b5cb1f7a5c927dd633ffb4bce2849d096e074a634bd9ce52367418749762e692c0ad9bd21250

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
409KB

MD5
07ba154b29443bbeba7f32807c17820b

SHA1
65808f674dd114964a59191675e795f2404ae373

SHA256
6ebc360c8951a94ff4d4cf3afa572495a63ba37ae185612a9470164d649d4cc2

SHA512
047289e2a7b70b74084bae203779b4f40f87f42ff4662a1d67994a46bb4d7d422660b2a2bccd358e1afc35ef3e3e71ee38f6133f55e34d84e7496717f9e4ec6d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
266KB

MD5
7cca55f767532354ca21d105c8e1fedf

SHA1
94f8548e26ed41a3edea28b705b145a79e4a74ae

SHA256
bcb9fefb0ec484cce90ccb8ad3bee8694e5c003f59415ea906ab0e61a7306c37

SHA512
7c5fa2cf243c9d4c58b50371fe1a02fc03a201a445e60c21a6dd3433b66a552782a02419c1cb8dbecb15099ca063ab34525db774f0b7baedf00add0f19013a29

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

Filesize
320KB

MD5
fe7d1b3dd312fc0e814d65ea7ba18f07

SHA1
fcca30787a933fb69f44903bca28ce1f0e878d3f

SHA256
12c98a36dc4077b11acac91e33decdbd47d15844c81804cecc573ea1ba2d04e4

SHA512
7fa63353f3e10b341e53f6e73219de67938ddb95509b8870939b90f05ae912d9bb097f9b108da5e270dd5dbd8fae5384f9d5009e5a91d1d9c6f97f372323f7de

Download Submit
C:\Windows\Installer\e5777c0.msi

Filesize
296KB

MD5
8bb2902f98ceed7035a67b01a3825bd1

SHA1
30cf7d6c921969a65b68cc1d6ff67a869d239ede

SHA256
5cbfd8fe8c42e142b0d5902e1af711efe1c35a64a59d0ef972e268bc5aa95d5f

SHA512
154cd31a25aa0fb7c682fae91528e7c95e069ec7ad980607ec741bf4a0d7534ae5cf3336ad662a2d7d8608d6a7278f9b8351e7ff34d9a883648ca0be48779603

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
245KB

MD5
0e6a534b9aa0fbde772e5410fc4efc54

SHA1
37d47713278669c2fb6eefe5ce2ed22fab316546

SHA256
e6debbfcf347dd4644ca957fb7aa8a0b33cd6aeec46b78d8e367757be90c7e6c

SHA512
84fe736e8e617c65f522b820b47b3083e45021f0a44b4fc042af6d6dd9ffb2240117b127ce9c069e3f479dc9358b7e285e1f8201a6431e831cee81d7ec3200ff

Download Submit
\??\Volume{542e36da-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{9a9b23ad-5d47-493c-987a-45d5327f0874}_OnDiskSnapshotProp

Filesize
6KB

MD5
a5f7aaf4e0e08bccfec975a4e4e2f870

SHA1
1fb5c5cad148e5a435eeb91d4d744f44f99e12db

SHA256
7b31e2249ce8e1c25e65cfb7191f3185264498925aec39d268dd0d3a97776076

SHA512
c675b04ad274928b54c3e68d4553f9a62401e41dd541bad29acdca8f2f861d03fb89f9fb695e158a4319ddeefdb026f49703311281c6f45726ecaff821ead5ae

Download Submit
memory/3228-83-0x0000000075110000-0x00000000751AE000-memory.dmp

Filesize
632KB

Download
memory/3228-96-0x0000000000CD0000-0x0000000000CD3000-memory.dmp

Filesize
12KB

Download
memory/3228-114-0x0000000003F70000-0x0000000003FFB000-memory.dmp

Filesize
556KB

Download
memory/3228-85-0x0000000000CD0000-0x0000000000CD5000-memory.dmp

Filesize
20KB

Download
memory/3228-80-0x00000000751B0000-0x00000000751BE000-memory.dmp

Filesize
56KB

Download
memory/3228-119-0x0000000003E30000-0x0000000003E31000-memory.dmp

Filesize
4KB

Download
memory/3228-86-0x0000000000CD0000-0x0000000000CD4000-memory.dmp

Filesize
16KB

Download
memory/3228-95-0x00000000014A0000-0x00000000014B7000-memory.dmp

Filesize
92KB

Download
memory/3228-121-0x0000000004010000-0x0000000004011000-memory.dmp

Filesize
4KB

Download
memory/3228-123-0x0000000004010000-0x0000000004011000-memory.dmp

Filesize
4KB

Download
memory/3228-122-0x0000000004010000-0x0000000004011000-memory.dmp

Filesize
4KB

Download
memory/3228-87-0x00000000750C0000-0x00000000750F3000-memory.dmp

Filesize
204KB

Download
memory/3228-94-0x0000000074DC0000-0x0000000074DF6000-memory.dmp

Filesize
216KB

Download
memory/3228-76-0x0000000075230000-0x000000007527D000-memory.dmp

Filesize
308KB

Download
memory/3228-89-0x0000000000D80000-0x0000000000D9E000-memory.dmp

Filesize
120KB

Download
memory/3228-73-0x00000000011B0000-0x0000000001493000-memory.dmp

Filesize
2.9MB

Download
memory/3228-90-0x0000000000CD0000-0x0000000000CDE000-memory.dmp

Filesize
56KB

Download
memory/3228-93-0x0000000075100000-0x000000007510E000-memory.dmp

Filesize
56KB

Download
memory/3228-81-0x0000000074D70000-0x0000000074D98000-memory.dmp

Filesize
160KB

Download
memory/3228-78-0x0000000000CD0000-0x0000000000CED000-memory.dmp

Filesize
116KB

Download
memory/3228-108-0x0000000074800000-0x0000000074925000-memory.dmp

Filesize
1.1MB

Download
memory/3228-98-0x0000000074D40000-0x0000000074D64000-memory.dmp

Filesize
144KB

Download
memory/3228-99-0x0000000000CD0000-0x0000000000CDD000-memory.dmp

Filesize
52KB

Download
memory/3228-127-0x00000000014E0000-0x00000000014E1000-memory.dmp

Filesize
4KB

Download
memory/3228-126-0x00000000037D0000-0x00000000037D1000-memory.dmp

Filesize
4KB

Download
memory/3228-125-0x0000000000CD0000-0x0000000000CD4000-memory.dmp

Filesize
16KB

Download
memory/3228-124-0x0000000000CD0000-0x0000000000CED000-memory.dmp

Filesize
116KB

Download
memory/3228-129-0x00000000011B0000-0x0000000001493000-memory.dmp

Filesize
2.9MB

Download
memory/3228-131-0x0000000074800000-0x0000000074925000-memory.dmp

Filesize
1.1MB

Download
memory/3228-130-0x0000000073610000-0x0000000074333000-memory.dmp

Filesize
13.1MB

Download
memory/3228-128-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/3228-111-0x0000000003140000-0x0000000003141000-memory.dmp

Filesize
4KB

Download
memory/3228-92-0x0000000000CD0000-0x0000000000CD5000-memory.dmp

Filesize
20KB

Download