babadeda | 03ab69f48bc2dbe9eed9c025444c98fd25ddc947c4b93c50ce19421e331a4d65

Analysis

max time kernel
90s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 03:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ClipPlusCommunitySetup.msi
Size

17.1MB
MD5

eb64b1dbb38961bdb4c0f4b724b1ed3d
SHA1

a375bc847388cdddc6cffd57dc7f0c3d6be72cdf
SHA256

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
SHA512

5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7
SSDEEP

393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral2/files/0x0006000000023247-108.dat	family_babadeda

Executes dropped EXE 1 IoCs

pid	Process
4332	dsw.exe

Loads dropped DLL 19 IoCs

pid	Process
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	4196	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7EE4.tmp	msiexec.exe
File created	C:\Windows\Installer\e577d8e.msi	msiexec.exe
File created	C:\Windows\Installer\e577d8c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e577d8c.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000005cf4f6141e81f6580000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800005cf4f6140000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809005cf4f614000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d5cf4f614000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000005cf4f61400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3920	msiexec.exe
3920	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4196	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4196	msiexec.exe
Token: SeSecurityPrivilege	3920	msiexec.exe
Token: SeCreateTokenPrivilege	4196	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4196	msiexec.exe
Token: SeLockMemoryPrivilege	4196	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4196	msiexec.exe
Token: SeMachineAccountPrivilege	4196	msiexec.exe
Token: SeTcbPrivilege	4196	msiexec.exe
Token: SeSecurityPrivilege	4196	msiexec.exe
Token: SeTakeOwnershipPrivilege	4196	msiexec.exe
Token: SeLoadDriverPrivilege	4196	msiexec.exe
Token: SeSystemProfilePrivilege	4196	msiexec.exe
Token: SeSystemtimePrivilege	4196	msiexec.exe
Token: SeProfSingleProcessPrivilege	4196	msiexec.exe
Token: SeIncBasePriorityPrivilege	4196	msiexec.exe
Token: SeCreatePagefilePrivilege	4196	msiexec.exe
Token: SeCreatePermanentPrivilege	4196	msiexec.exe
Token: SeBackupPrivilege	4196	msiexec.exe
Token: SeRestorePrivilege	4196	msiexec.exe
Token: SeShutdownPrivilege	4196	msiexec.exe
Token: SeDebugPrivilege	4196	msiexec.exe
Token: SeAuditPrivilege	4196	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4196	msiexec.exe
Token: SeChangeNotifyPrivilege	4196	msiexec.exe
Token: SeRemoteShutdownPrivilege	4196	msiexec.exe
Token: SeUndockPrivilege	4196	msiexec.exe
Token: SeSyncAgentPrivilege	4196	msiexec.exe
Token: SeEnableDelegationPrivilege	4196	msiexec.exe
Token: SeManageVolumePrivilege	4196	msiexec.exe
Token: SeImpersonatePrivilege	4196	msiexec.exe
Token: SeCreateGlobalPrivilege	4196	msiexec.exe
Token: SeBackupPrivilege	1672	vssvc.exe
Token: SeRestorePrivilege	1672	vssvc.exe
Token: SeAuditPrivilege	1672	vssvc.exe
Token: SeBackupPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe
Token: SeTakeOwnershipPrivilege	3920	msiexec.exe
Token: SeRestorePrivilege	3920	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4196	msiexec.exe
4196	msiexec.exe
4332	dsw.exe
4332	dsw.exe
4332	dsw.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4332	dsw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4332	dsw.exe
4332	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 2364	3920	msiexec.exe	95
PID 3920 wrote to memory of 2364	3920	msiexec.exe	95
PID 3920 wrote to memory of 4332	3920	msiexec.exe	97
PID 3920 wrote to memory of 4332	3920	msiexec.exe	97
PID 3920 wrote to memory of 4332	3920	msiexec.exe	97

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4196

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:2364
- C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
  "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4332

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:1672

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x150
1⤵
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e577d8d.rbs

Filesize
12KB

MD5
ec28e55c7f53214d698d9ca1ca65a392

SHA1
36a665d45539582898e8af521dd593b3158b16a4

SHA256
ead726ea904ff86c5fbb24ad1c6b595c77441964ad232890a883ac63a664d0ac

SHA512
16c972f0136c32359ceb41993336e31bdd21c15c0e5e8e34e9f57846c4750e20f2a1569f83ba580a03d6e0bd8c2432268640df7489bac7692ea9568b7399751c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
86KB

MD5
6c35bff5040bd2c2a924a1b10c9b6d41

SHA1
87d6469f8b3070229cf3ef1599ecd7d16e911ab0

SHA256
279e327d5db00a0c256134a137144a12039640deb5b9bc9dd1b59af448c9632e

SHA512
4c94ea98d05a80c0edd8b34552ca1a2f672675b1cc72e2caa2d93a0689737d515e6f0a7e286d050cb59cc052171d2cbf4e594eebaefe4eaae152ede5c10d26ae

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
67KB

MD5
870e325c4378dd076c90ec25d46c2424

SHA1
0e42336618e85775df56fdcc160b49d9d2e5a411

SHA256
d28ddbf3ae3abc4cf6c9b9a2b93c30114bd410cee6f048e1cb582f30520a4ffc

SHA512
4810ab569d5766e4bcd87179fa0d3e4185651b2da5acbe85abe6bb49c1a23e27d791883995ecbbc28f480f2eaf1cee14af859f4924794b817d2e48db917a68ca

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
93KB

MD5
85c6b037fe1704cc7cbf07aa179e9821

SHA1
3f775e3f4bbf618454cda32d02111a3a144d9c37

SHA256
7c40496330c955eea71af69ce628c41c7376ed604cdbf67754fffb8fcacac163

SHA512
ff8fc8fd9ef99fb1c44aebea499a6919e8d3bf9b74a11fbac60e5fa312dbfe2b53f7f28772d1d74c25d75a02bf9ed61a3a34e252e6fea21be9460b6552931f57

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
297KB

MD5
617b357279d6c4c198c687d2372edefa

SHA1
b7cf9faac5c673c23dced0e8f9c2260c9a05e4e3

SHA256
9a240bf65823241212245560ad0250b561169b6383c953f65e2f782ad450f6ba

SHA512
ed1c188af2255219b44fb2f283f5fda93999415b1983582cd75550aae913444e4382de0f365a1907dd2b80a5df71320d6a0f162fd1c0f1326913303d0970643d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
225KB

MD5
2e37b9aca3446447c440a3d2c16d5f43

SHA1
018ad743de8fdff9161d28875f06d03904df2b6c

SHA256
490b8c1541e09745179de0e8a50cb1d59c2029ad0405e3e0abf28c671e4d0a62

SHA512
f47d3d62af41cc45bee07d25163379feac1380bf59b5d68d60db5a76e7c9f730dcfa3e5d3d22f5b950cbd0065417794d510472b15bd68d01faa6e9735bc5cb89

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
18KB

MD5
1a2a4336b825c1cacfd23089fd8c2cc7

SHA1
cd0649f495d4cfda8777bad7699c3adbed00958d

SHA256
65d8f92074668d0830430a22653438b55110ed1e7afb634e8b41aa83c37e4b0d

SHA512
e535364cc4e2df0ab3c4de87979f3555443b81cfb0c5f5150fb44f8b224cec538e474058e454ac31f51c59d7d3694ee62a8041700dfe1f75fe00bf0118dd5c18

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
91KB

MD5
dc12ac27e836b7a664bebc2df2bf9559

SHA1
3b07ed67a6c9b87266205c2f6624f06090c5d36f

SHA256
ac8be5b31449b88452247580f21c8431a2365f365c04f98c14646f78f205e81e

SHA512
72ac294ffe2f5318c8227855ce3698becdab9a127c7162b1ab9f8056f11235cc92645927c0392a3497af57cba261ba896e8aee8b4c798b2eac9e40005a80142e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
69KB

MD5
60e4e9773a9e174fa53bf3a885f3dcce

SHA1
374c4b68ab56809fbcb2f8b8c7152a8b91dd262f

SHA256
516a47bf0468a37b71b8bbf3689e1ae1ae93be033d6c4ad80476c85e37f64c8d

SHA512
2137f0e39b3c6d92486852660814c8f510f5824b0f84812d3360620a5510d22cc5d1ab3ee7cd6a61a90e72c89833ac961fcc85ab6e3629862e4febc1523e2110

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
359KB

MD5
abdd67883989745b3b9c18e94a95ff3e

SHA1
93f8687c37809211ecd71036444edafc2015a4a6

SHA256
a8707ed6f1ce6ddc2ac7c4e46a73f81e4914434577f7a7a6958407cc16188b64

SHA512
88da416d624ec5aa1fe4dabdf400d28799b26dba8054508eed54514651642e7315a5f563064cc66791f15b8ae00f1307beaebbb92a03209a71b3d7ac9812975d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
48KB

MD5
4b47a18042190c7a113a5cf6c455d622

SHA1
f539267876add9732412821aec578f88f64262d1

SHA256
c7cb1951208b3b6957a749e7ae6c02442fcd7062cddd3e64de4596f37189da9e

SHA512
de3a84312a42f473f6decedc512eb9e81b90aab4db1d0acfef1b69e5b171735a235b34545052668a68aabdfb8fbb90cf45f340f713b6a77083246682166583df

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
18KB

MD5
18bb8401ae06a4a20b9451c0ca9e4f80

SHA1
722eaf26368e5d67f2ca7499a217c395a12ff789

SHA256
d58120488597f2ee11ce2124761106c8bd6c7ebe624a73ce95ada78e4f46f98c

SHA512
a0f62cef72c4c5c1db657ffc6c71d229a6ec5731226bf42d1ad5314c025597eb65f306f859c1333610efab43cb4a761018999b94acd743b2c9365b2499e75623

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
27KB

MD5
068ffb4af6dfc46472cc815cc0607020

SHA1
7b35e18e5f29e3179c241b16bc45156e2eb8f9ee

SHA256
24ea8d2df79456b5698448f4e032bcb04bf83a2703c270d373e641e6393babd8

SHA512
0f7ba89447fdf9565186f3113f6001c001409afb7dadd9f0268b5022815303385b63d51e9e2103ded503e515d4db951bf4c0f19808fde7efd7242537ce36ec54

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
78KB

MD5
3257ebbe60c6ac7a823ab7fdd7e4da67

SHA1
cbef27515bd3d19531afbf9462b5a9acdf946869

SHA256
e8f32292d53729329259eaa047419fbc38bf6ca6eecb24aa94ddfe518d201121

SHA512
a826439b7006f95f16f3cb26a01a683f984ab4cd7bc3279cdf3a2ce3c5373df97ca16b8906113df19385e2fae6e452317a6e4ea80cf1b6e98b14199cec4ffa2d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

Filesize
21KB

MD5
39fed737bc2d16fffe90b3c5fb01a419

SHA1
40d431b623e70e52d80510faf5d09d007980a0de

SHA256
0f95733e5db01cc557c5b12f6590ab899bd0bdb1243574fd42b8e5e6cede8972

SHA512
bb33ddae632ecb5edba0867ec0d88ac0ce2eb5caaf6ee9cd52cf465c8577957fa25633b5d65da59aa221d15d3baa68c7d5ea4aa392933dba76452ee164c38d2f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

Filesize
24KB

MD5
a1b58173ee91ef4023e69d364811a940

SHA1
c0881e97eb601dbb008dfc45b0e5bbc301270c13

SHA256
475fd3da1602cf339db3546c9a5b866cd9d232a9650eca282b4d9205df9a6f4b

SHA512
43c4b8ec5bcb323a97c8f8a117ae8311d74dbd7c786bc9cd7a9ce19154ff95bffdb3dbfe7f095bd16d3048b0bbeacaa39c6525646144c0c86e9d56a6ef264dfd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

Filesize
48KB

MD5
5983bf893fd653c74626cc6202983965

SHA1
eef54b3f64ad1b26280f2f7420ed6743702bcefc

SHA256
44d5aff4b625c34517075a8ee0cc983a08863e19e0106ca8f8a16e4edfc9ff27

SHA512
8e1715d18db2769248f40d0caa0769e7b5904b59349525257efaf461ee265300beae4f09b7f34528a51b10ef8b73b28892850591f830d6fa45bb150f15fa33f5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

Filesize
1KB

MD5
8af4da37cde32a74c1e2d9cd396895c7

SHA1
a45f1f90e680d777794924a8ea56add1e7e18d45

SHA256
193411aa2f1e6c1812b1882ffa10f9dd802c6b29e8432582773055cfebc7a4c3

SHA512
492512929edcf8b5c9a6f9e3b0443cf9756100cd145857f288895db814824c96bff864d73e876dd199f011a9e079c6ab7d44a8b100754093699f61dfe66e2c93

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
77KB

MD5
aaa772b24fbfd175ca32ece3f7f83d9a

SHA1
81837e85d7e496a0bfd455e524121484d73d09c5

SHA256
77dcc65db50361b46759bc2f2197ba3841b0e1ed88cde1871eb6c674807753ab

SHA512
b23a6f0297c79a03a02939e76d308d336b85d2932ff36f5de5a6899293bd9cbad8626a93c2eb69e672dd79a416a8aa20b56201c04331a227abecb098e2f0aa4b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
884KB

MD5
dd8e1f32da7049dd78ee3a951ab8ac61

SHA1
ead456ab231b05aa83c0583362a4e8002568a0bc

SHA256
4676268271892772a1ef643c75b1a345a5de282ebcc1e7232e4710438d586dfb

SHA512
79d04d1c4a29568b9f3246574e8b35a4ed79a44625adbc34c343ed0f795a7f4f0ebff5e97540bf6e6fb07c3b2b88443f431b13f207ef19f6aeba231537b2c757

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
19KB

MD5
c69b9bfcf1cc5327ecb5bdceaea77eda

SHA1
3c98d11698bbb0da7c7d32d2b80845631d570875

SHA256
c88c93d84fb32f593f4d49117f246431e22e5fa2988b335cd7bc7ffaefc524ef

SHA512
5d7740f5e0ec179decd089f85b90d101dac34291d348818c73b8ef9dd6ef9492072686bf34befc96aa6d86cc087209937d12e8fd379a45d6131b0e29ebd10b43

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
18KB

MD5
d339afacb12ae2683a30b337f8693771

SHA1
adc77cfd624c2048646f87ca116964ca4cde2319

SHA256
4c84bfe3c5e9bee3c4506bea38be3247315aedbbfbc8c17320719cb68dc2b0b3

SHA512
1f369ef567b010e207e7dcac33d7bcd3c4ad39396e176f6cc5018bb30128eebec601c18d39a31cb954eb1b76d4fee0fbf1f65a95903641d83f4ff71dd17b7c52

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

Filesize
19KB

MD5
0ffc7096ee81bde74ac963af642d562c

SHA1
f5d438f3115d9fbf1a64929f99754c636dab885f

SHA256
3fd93d0cb43c728da4fccb1013a7c4130a8f775cf3649b9aa657e6c4420a6911

SHA512
ccff168c211b6c14c90a8e0263df793694c9077d2a3b906be392edd980a58d8233d1cc5903d782b702b8be86fff5c19ac5fe0d6d29ebf4288eeca3b020a59a08

Download Submit
C:\Windows\Installer\e577d8c.msi

Filesize
399KB

MD5
5523cfe5c5eba73caa664cd794a117f0

SHA1
ce3e621dbd5514fbb51ae1b7155eff934bef31ef

SHA256
283002ab69cfb9f5f249d0cc0b27b0591e40161541aafb0503ec7db58dfa3bfb

SHA512
e6f89ca6213a82f29a28c91742288c6ee9dfaaaddc0cd25b38779a9f983c1954c8632704b5c780d3e5743e08fbb13b3c775916dee7c0ccc0d6c749d2bf6a7042

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
476KB

MD5
6cd84b2833b856c49365ee0ff923174a

SHA1
4270fb5ec5c83a2b927cac0b4dabe1f2e128733d

SHA256
c54de3187cc83d729c4c70a9b334d8708b73c9c03b6f399fb4590c284f04d598

SHA512
0b8b3e452f9c7f9c0bcee20d386f4a40f0b3f0bb2e27ec9bf55877abfcb2b48a4bf82284fa88c6adc87272538afb799d7f0d84055e080728ed1f8ab4d56dedf2

Download Submit
\??\Volume{14f6f45c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{b8d7a6b2-92ca-48d7-be8f-38d4c669bfa4}_OnDiskSnapshotProp

Filesize
6KB

MD5
b7b3ceb48356f8c70ded987cdb1b0ad4

SHA1
3ac7c460cad1f3b8e245d7b4c820aa28d9b795c9

SHA256
3f4bda4540733d52f2ef20f145e83ed60ba545175b631eb02e5bf69adce19600

SHA512
0955e3ef989ce386a05db0f97a4a1d2f9fdac241a43b857b2277d080e8d5296cb0d10f005c350bff8bed8cc8833af50de3eaa00364204cc12af9d1813c49a002

Download Submit
memory/4332-86-0x0000000075A60000-0x0000000075A88000-memory.dmp

Filesize
160KB

Download
memory/4332-111-0x00000000750E0000-0x0000000075205000-memory.dmp

Filesize
1.1MB

Download
memory/4332-113-0x00000000030F0000-0x00000000030F1000-memory.dmp

Filesize
4KB

Download
memory/4332-116-0x00000000037F0000-0x000000000387B000-memory.dmp

Filesize
556KB

Download
memory/4332-122-0x0000000000D10000-0x0000000000D2D000-memory.dmp

Filesize
116KB

Download
memory/4332-123-0x00000000030F0000-0x00000000030F1000-memory.dmp

Filesize
4KB

Download
memory/4332-125-0x0000000000D10000-0x0000000000D14000-memory.dmp

Filesize
16KB

Download
memory/4332-101-0x00000000756F0000-0x0000000075714000-memory.dmp

Filesize
144KB

Download
memory/4332-96-0x0000000075840000-0x000000007584E000-memory.dmp

Filesize
56KB

Download
memory/4332-91-0x0000000002C20000-0x0000000002C3E000-memory.dmp

Filesize
120KB

Download
memory/4332-88-0x0000000000D10000-0x0000000000D14000-memory.dmp

Filesize
16KB

Download
memory/4332-126-0x00000000030F0000-0x00000000030F1000-memory.dmp

Filesize
4KB

Download
memory/4332-102-0x0000000000D10000-0x0000000000D1D000-memory.dmp

Filesize
52KB

Download
memory/4332-97-0x0000000000D10000-0x0000000000D15000-memory.dmp

Filesize
20KB

Download
memory/4332-129-0x0000000002FD0000-0x0000000002FD1000-memory.dmp

Filesize
4KB

Download
memory/4332-128-0x00000000037C0000-0x00000000037C1000-memory.dmp

Filesize
4KB

Download
memory/4332-127-0x0000000002C20000-0x0000000002C3E000-memory.dmp

Filesize
120KB

Download
memory/4332-99-0x0000000002C40000-0x0000000002C57000-memory.dmp

Filesize
92KB

Download
memory/4332-98-0x0000000075720000-0x0000000075756000-memory.dmp

Filesize
216KB

Download
memory/4332-93-0x0000000000D10000-0x0000000000D1E000-memory.dmp

Filesize
56KB

Download
memory/4332-92-0x0000000075760000-0x0000000075793000-memory.dmp

Filesize
204KB

Download
memory/4332-89-0x00000000757A0000-0x000000007583E000-memory.dmp

Filesize
632KB

Download
memory/4332-85-0x0000000000D10000-0x0000000000D14000-memory.dmp

Filesize
16KB

Download
memory/4332-83-0x0000000000D10000-0x0000000000D2D000-memory.dmp

Filesize
116KB

Download
memory/4332-84-0x0000000075A90000-0x0000000075A9E000-memory.dmp

Filesize
56KB

Download
memory/4332-130-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/4332-131-0x0000000001190000-0x0000000001473000-memory.dmp

Filesize
2.9MB

Download
memory/4332-132-0x0000000073EF0000-0x0000000074C13000-memory.dmp

Filesize
13.1MB

Download
memory/4332-133-0x00000000750E0000-0x0000000075205000-memory.dmp

Filesize
1.1MB

Download
memory/4332-77-0x0000000001190000-0x0000000001473000-memory.dmp

Filesize
2.9MB

Download
memory/4332-80-0x0000000075B10000-0x0000000075B5D000-memory.dmp

Filesize
308KB

Download