babadeda | 88430144366f4833f7e71c205f09cc4d2ea08983a8a8b98122c1989a9712f622

Analysis

max time kernel
91s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d.msi
Size

17.1MB
MD5

eb64b1dbb38961bdb4c0f4b724b1ed3d
SHA1

a375bc847388cdddc6cffd57dc7f0c3d6be72cdf
SHA256

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
SHA512

5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7
SSDEEP

393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav	family_babadeda

Executes dropped EXE 1 IoCs

Processes:

dsw.exe

pid process

2956 dsw.exe

Loads dropped DLL 19 IoCs

Processes:

dsw.exe

pid	process
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe

Blocklisted process makes network request 1 IoCs

Processes:

msiexec.exe

flow pid process

4 4904 msiexec.exe

flow	pid	process
4	4904	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe

Drops file in Windows directory 8 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\e5778aa.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5778aa.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI79F3.tmp	msiexec.exe
File created	C:\Windows\Installer\e5778ac.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000cdbedf05adb60d680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000cdbedf050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900cdbedf05000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dcdbedf05000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cdbedf0500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msiexec.exe

pid process

3764 msiexec.exe
3764 msiexec.exe

pid	process
3764	msiexec.exe
3764	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exevssvc.exe

description	pid	process
Token: SeShutdownPrivilege	4904	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4904	msiexec.exe
Token: SeSecurityPrivilege	3764	msiexec.exe
Token: SeCreateTokenPrivilege	4904	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4904	msiexec.exe
Token: SeLockMemoryPrivilege	4904	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4904	msiexec.exe
Token: SeMachineAccountPrivilege	4904	msiexec.exe
Token: SeTcbPrivilege	4904	msiexec.exe
Token: SeSecurityPrivilege	4904	msiexec.exe
Token: SeTakeOwnershipPrivilege	4904	msiexec.exe
Token: SeLoadDriverPrivilege	4904	msiexec.exe
Token: SeSystemProfilePrivilege	4904	msiexec.exe
Token: SeSystemtimePrivilege	4904	msiexec.exe
Token: SeProfSingleProcessPrivilege	4904	msiexec.exe
Token: SeIncBasePriorityPrivilege	4904	msiexec.exe
Token: SeCreatePagefilePrivilege	4904	msiexec.exe
Token: SeCreatePermanentPrivilege	4904	msiexec.exe
Token: SeBackupPrivilege	4904	msiexec.exe
Token: SeRestorePrivilege	4904	msiexec.exe
Token: SeShutdownPrivilege	4904	msiexec.exe
Token: SeDebugPrivilege	4904	msiexec.exe
Token: SeAuditPrivilege	4904	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4904	msiexec.exe
Token: SeChangeNotifyPrivilege	4904	msiexec.exe
Token: SeRemoteShutdownPrivilege	4904	msiexec.exe
Token: SeUndockPrivilege	4904	msiexec.exe
Token: SeSyncAgentPrivilege	4904	msiexec.exe
Token: SeEnableDelegationPrivilege	4904	msiexec.exe
Token: SeManageVolumePrivilege	4904	msiexec.exe
Token: SeImpersonatePrivilege	4904	msiexec.exe
Token: SeCreateGlobalPrivilege	4904	msiexec.exe
Token: SeBackupPrivilege	868	vssvc.exe
Token: SeRestorePrivilege	868	vssvc.exe
Token: SeAuditPrivilege	868	vssvc.exe
Token: SeBackupPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe
Token: SeTakeOwnershipPrivilege	3764	msiexec.exe
Token: SeRestorePrivilege	3764	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

msiexec.exedsw.exe

pid process

4904 msiexec.exe
4904 msiexec.exe
2956 dsw.exe
2956 dsw.exe
2956 dsw.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

dsw.exe

pid process

2956 dsw.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

dsw.exe

pid process

2956 dsw.exe
2956 dsw.exe

pid	process
4904	msiexec.exe
4904	msiexec.exe
2956	dsw.exe
2956	dsw.exe
2956	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

msiexec.exe

description	pid	process	target process
PID 3764 wrote to memory of 4836	3764	msiexec.exe	srtasks.exe
PID 3764 wrote to memory of 4836	3764	msiexec.exe	srtasks.exe
PID 3764 wrote to memory of 2956	3764	msiexec.exe	dsw.exe
PID 3764 wrote to memory of 2956	3764	msiexec.exe	dsw.exe
PID 3764 wrote to memory of 2956	3764	msiexec.exe	dsw.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4904

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3764

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
PID:4836

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:868

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x49c
1⤵
PID:1512

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5778ab.rbs
Filesize
12KB

MD5
61bc63ad73fe6ef83903c015dc07b52a

SHA1
2bdc80f3ef35b89d113316582e2ffab97997afba

SHA256
480a4750a86b14276175bf3d9b1b86583cd96ee68ef92c85dd242d91151dc808

SHA512
006d8f80ff987a5dab8826508f435fdcbf34505b11637a3a97d90378b6a9af90e2d4c2b6d28aa69573a0ccbe446ed514c6c6e86bcf649a7797559e804f6fd1c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
Filesize
401KB

MD5
fae662af9527a523fe419ece62bde745

SHA1
d61f337151d1eaeca602760cc124c1b9dc9954da

SHA256
5d658ab955d2fa8322eb2bad3e5db70b78341ce5fd8d820485f28512f11db431

SHA512
dbad3fa0cc0d0b5da9655096ab2425a92836927aac97c5d0e8e37dd96308b99c5b0c08e11e3b0d1fb68820fc8f7014d5e2ce35f0df1de1c1b8b002673d8de15e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
Filesize
363KB

MD5
534921c1a4378f34cc7dbd6872db880c

SHA1
3fd54b8afabb379401f54545a9ac86bf56603519

SHA256
f343e3d9e139e9770193821f76cafd21e79f87d57d98936b9ae0bad4184cf4d8

SHA512
beb18ccc4cc723cf2c0acbd45559e12d16937303dc788a70f4a376d3c031e66ced703a08f245fa14cf4502d13cb96b2ffed11cc3be7f0ca726c3323b240feffe

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
Filesize
315KB

MD5
b3b009076dc3165547b773a16622a832

SHA1
283ed6c4cb11358945bfc1e317cdae49793f8148

SHA256
b1eba1f6bf75322b9a02eb227c076f23faccef7f307ddaa18c16f390e18e9c00

SHA512
e4b08cf7372674900afc0413eaaac261055ab3dc44b0d8f54bd2775a5745232abc30ebaa64b402d5196d83b956ef54aa42fd4fc6b4e7c4227be41d28acbad84e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
Filesize
379KB

MD5
e98f595caa5ee23e8a3e46d83211da9d

SHA1
a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

SHA256
df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

SHA512
e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
Filesize
326KB

MD5
df77d3de56623ba8dc40df5be20ad5e7

SHA1
d84baff5c832cf1572251f1ebe924bfb81d21886

SHA256
efce4013c316d55c3eda7fe9bac0beee173bd13fc4500300ee98fce7f80252cc

SHA512
cdd05e7b92368abbdf48ed49f99576532d821588147c08e78a0f312609acc5e21cca985573abf02fbee4e02a37611fd814ee954a55717082627c15b99992354f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
Filesize
601KB

MD5
9551a0e6533db7d68441fccc61e809fb

SHA1
c62d1311a81eaea421afaa0df342fb88421439fc

SHA256
f5261d1fa46b8313d649057dbe4a75d35ae807573499e599c68ac1e39d3db44f

SHA512
ef2f328d779962fb19799bab098a6a4df072c494bba752a5dcded2ecad1721ef4cce1e51a813a4359e5299ad6d950946d600b1b3fc4cfd14c9807543e3d31a7e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
Filesize
436KB

MD5
8235a406439d1de0bb502ece76fc1bf1

SHA1
f67f53644a3377320fd13baf73e9f6bbbb91dc1e

SHA256
a132676637cc921badc392f6809675d394f46c860d6cb5d4eb70c87570e29b5e

SHA512
23635a638b3fe02d6081420e2993060fd0d8eb076351f44d2165d8597871d790c56f9a747351cb394b5aab79814ecfe14605da0815b2b5253576f86b4d03d500

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
Filesize
311KB

MD5
6b568d83cf92822d4ecbfc5728dae75f

SHA1
7d01a0adc4978767a4c5a9db31cbbe0f1d2246f9

SHA256
cf42fd84069165a9149360629250f88d1d2c7e71408834016e5ee9b14b702ab0

SHA512
90d6d7f574c495735685b558b23ef017ac0ae55a2bd0e438bf5723291f44b3471d6ef20ba37d7191fb2ff4815e46634bb2f1566088f3f5fdfd563f99eb525df3

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
857KB

MD5
5e9cf7cc6bcf639bbc79a9c76366fdfb

SHA1
27a3910c1cb7a6bfa08f53df7064f45120e33515

SHA256
bbf2602878f0ce50d628cb230affe07a5d42fa2dcc5a0476ea23bef950829a29

SHA512
0cc0a536e73d17258c9cfaeaf2f19647fdccf4f58df7f26b7b594bbadbd962b5f5ccf3d01aae90d19e768d3b5cbbaf1da4a6f36f87c4bab3cbd78d64ec7fbc60

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
1.4MB

MD5
471ba4f1fddc0bc43f1db793c662b17f

SHA1
b04543001ed04b5fdca7f8d3972b5c7571e3f6df

SHA256
c432b634062de431918b42d104e641684250f70c4f7bcfe8cf949888e4f1a9d8

SHA512
683103b736940eb22fefe7ba4b61aebb4d0277509fc8cf7312688555da8c8ca85893fb76e244ac2aa7453730a4cb20ba566457ccc918644f66db8a64b0712a56

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
1.2MB

MD5
1c0be67161e9ec8e235e7aa26486aee2

SHA1
003df28ff74f12cdc03c52d5971bf865f811f7cd

SHA256
cadaa1509ec35e28eb45b4a958fcb325ae728e8b93192ad4e0ccdf0558614c62

SHA512
44255e52a54c9f267ada22ace95521699badf37417c9cae3bee2fefdf2c6a7602de01384f2fd42ce0f430634e1e2106d06ff879de98b7bad485c57400be6d65d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
Filesize
306KB

MD5
c8738e0fb67a502dd3fab69920fbb545

SHA1
9d3222e8769fb87efb203e4d905ec637d1f457a6

SHA256
24edc6217323a19afb4d758774995d5a533890fc77767416bb89db2b174c9115

SHA512
2d2b48876431a9003318b76cdb56030200b44dd1c9eec5c367ded94df26c708287f1ce13807d3c8d503fd602fe6ace9b31f969cb9065a30cc4b3bd12924c67b3

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
Filesize
615KB

MD5
44a9b2fae9a70d095ac3f550398b1da7

SHA1
210fc26446d9380e5012643fcaad77b11e93e3d1

SHA256
d9420a22c21f7150d61eca45141087f46aafabba690b692ca8699ec979bce0d1

SHA512
9d0a66fee59af1e631419305418496b5a85fe028b569d0da06dc740a35511a967046860e8882e018260829c3b4bc7f06b3cd58d3d09caedfa35cd140710ecc62

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll
Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll
Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll
Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll
Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll
Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll
Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll
Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll
Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll
Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll
Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll
Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
Filesize
693KB

MD5
76e7251e36860d99bff2699bc252d0a5

SHA1
53ff1e255d4f5f77cfdebfd863be2c10a2d90a32

SHA256
649b94dfdc3da412c536e5cdd11e086506c1ac03615090ee4ca395fc9b05ca26

SHA512
bb324fe9b175b455b50b3670cd885d948f804c459f8fcb91ebc0c43d81e69dd72d9b4f52bc448f1bfb55a9bc7e368c716ab04941c65d4f455f3bec08dc43c5fa

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
Filesize
1.7MB

MD5
57b81110f71b98b8f30edc6d8aaaf48f

SHA1
1612d999897278eeac23c26ea502f780df20c0f9

SHA256
aeb1fa7b2486daa3f938e0ac63e602a4f5c594baebcd5be85a48f688ba1b8d9b

SHA512
ea527aa859a9cfa4e311a095b973eb6372c4c6e25eab08f109299410992c1820aede7d642c078562cf566ce7984e4631ee73854cde16d87df257165da9720fc4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
Filesize
948KB

MD5
71cb761fbd9a6c08dd114d15717de010

SHA1
59968321a4b6b78f0622dbd5e278916cf5616942

SHA256
5d5d8e91c5fb007634551f073e7623f3b64dfac78b0d2588899e78b2f4cf1b34

SHA512
241c4d8f021ad2fa0eb2502ecc7bf031721e22a5fee055e31f123897f786090fb22c2a4a7d0fa7e568fccf64e736f2d91fc47f247567fe6891f7386a57c3e61c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
Filesize
1.2MB

MD5
eeb2c9f79926c1074703c378fb27215c

SHA1
df632ea453d0986aebb5961a7874c25426e5885b

SHA256
ba71994c06091dfdc0f1c51eda9e41be888224d165fc0d62d7d882384569600c

SHA512
0ffb563a20b1bf6659ae78d79fe28379e9560c91e4a258dd12046c4659aaf30772b1dcbd426466fee513f42711bc55c70f3f8c8f9ebfc533173b5e9cc3b80406

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav
Filesize
442KB

MD5
82e19c65cd36b92d26e344ca5b1743ff

SHA1
c1dc7b7d6ba06cd3856aa84d523ecb2110e0c3fe

SHA256
42cf2c304c1d9a31bd4d96bacc8c264871956ee560da811deea44794e1bff2d5

SHA512
f438f8ce7f540135ccbf23a9ef689bc1247965fa1ea08adafef0741b069681e6f29da102a0ba4662d431845865d8455cbc5147ed52dca0342f7adb0730bc9521

Download Submit
C:\Windows\Installer\e5778aa.msi
Filesize
1.8MB

MD5
dbeb452692dfb55ae4e54b16254fa837

SHA1
5d86c717de92e2a79b8a4b1ebbc8db7e0325ada6

SHA256
bb50271dd77a347e30177ba38509a33423c6eb863b0a1c541999e8090e6a7454

SHA512
b17b277e9be6f041f8fb0dc7ceba6c5c796e0428025bf2f2e2f90fa8727bb20fb892096426b1c027fd6f298fa77ece7285845870a744f8c44a0c149c17e76e6d

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
Filesize
148KB

MD5
8b23ac3143697e7f5edab0d26e502c68

SHA1
4db27716f7651b06fa52b30979b9cac5d10b2a02

SHA256
17f5adec222db53dbf3540d6a71b6e35aa4ff52f5be9a38d3d5b8a618db241e0

SHA512
1c45df9d96f030321201d37d1761979183bbc12a4d9549bc49ab4bfe06231cea2db68bbdfa593f3ebd3c2ea83e570bd9d33fd74690b133f9795310db74991e1f

Download Submit
\??\Volume{05dfbecd-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{0261a327-a7e4-45f5-bc35-286f29068086}_OnDiskSnapshotProp
Filesize
6KB

MD5
6239211d2febc908bb8667e36b50ef86

SHA1
141a5418305203fe20af3679907617e1b3eb58fa

SHA256
bcf98165b82ae0d105e4f1e7eead2d01c62592de40d2585b52e4705fed1c4499

SHA512
cbba06e995e5bf851e98d2fb63cce5c075b1cc4cd77a6ad2c13d19f215a6982a05e9aa1e580a977bc76ecc805300b27873cb50f8cdf5fb9a4635c2c4f01a7730

Download Submit
memory/2956-98-0x00000000749B0000-0x00000000749E6000-memory.dmp

Filesize
216KB

Download
memory/2956-112-0x0000000003090000-0x0000000003091000-memory.dmp

Filesize
4KB

Download
memory/2956-110-0x0000000074440000-0x0000000074565000-memory.dmp

Filesize
1.1MB

Download
memory/2956-101-0x0000000074980000-0x00000000749A4000-memory.dmp

Filesize
144KB

Download
memory/2956-97-0x0000000000C00000-0x0000000000C05000-memory.dmp

Filesize
20KB

Download
memory/2956-94-0x0000000000C00000-0x0000000000C0E000-memory.dmp

Filesize
56KB

Download
memory/2956-92-0x0000000000C00000-0x0000000000C1D000-memory.dmp

Filesize
116KB

Download
memory/2956-90-0x0000000000C00000-0x0000000000C1D000-memory.dmp

Filesize
116KB

Download
memory/2956-116-0x0000000003D80000-0x0000000003E0B000-memory.dmp

Filesize
556KB

Download
memory/2956-87-0x0000000000C00000-0x0000000000C1D000-memory.dmp

Filesize
116KB

Download
memory/2956-125-0x0000000003E50000-0x0000000003E90000-memory.dmp

Filesize
256KB

Download
memory/2956-124-0x0000000003090000-0x0000000003091000-memory.dmp

Filesize
4KB

Download
memory/2956-122-0x0000000003090000-0x0000000003091000-memory.dmp

Filesize
4KB

Download
memory/2956-121-0x0000000003090000-0x0000000003091000-memory.dmp

Filesize
4KB

Download
memory/2956-88-0x0000000074CE0000-0x0000000074D7E000-memory.dmp

Filesize
632KB

Download
memory/2956-85-0x0000000074DD0000-0x0000000074DF8000-memory.dmp

Filesize
160KB

Download
memory/2956-77-0x0000000001180000-0x0000000001463000-memory.dmp

Filesize
2.9MB

Download
memory/2956-100-0x0000000000C00000-0x0000000000C0D000-memory.dmp

Filesize
52KB

Download
memory/2956-96-0x0000000074CD0000-0x0000000074CDE000-memory.dmp

Filesize
56KB

Download
memory/2956-91-0x0000000074D90000-0x0000000074DC3000-memory.dmp

Filesize
204KB

Download
memory/2956-84-0x0000000074D80000-0x0000000074D8E000-memory.dmp

Filesize
56KB

Download
memory/2956-127-0x00000000014E0000-0x00000000014E1000-memory.dmp

Filesize
4KB

Download
memory/2956-126-0x00000000030B0000-0x00000000030B1000-memory.dmp

Filesize
4KB

Download
memory/2956-129-0x0000000001180000-0x0000000001463000-memory.dmp

Filesize
2.9MB

Download
memory/2956-128-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/2956-130-0x0000000073250000-0x0000000073F73000-memory.dmp

Filesize
13.1MB

Download
memory/2956-131-0x0000000074440000-0x0000000074565000-memory.dmp

Filesize
1.1MB

Download
memory/2956-81-0x0000000000C00000-0x0000000000C1D000-memory.dmp

Filesize
116KB

Download
memory/2956-80-0x0000000074E40000-0x0000000074E8D000-memory.dmp

Filesize
308KB

Download