babadeda | 97492f37f8bb48d5738c52a888e8c2121ecc221dd20cfc38d23e5ccf49f48ae4

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834.msi
Size

17.1MB
MD5

b82ada91e8742234257d9cad38deebfe
SHA1

d1278efa9729f955de1dbfcfe53550e67212ff9b
SHA256

3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834
SHA512

676d29697382b1375c7da26fcd6af20a7c5fb9f0f506c951c7280c7da12778d40fcfb1ef50653628123edf6cba8308d43a4945489a5f6b58e67dcc61d6fd373b
SSDEEP

393216:bnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vhp:wbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIn/

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav	family_babadeda

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe

Drops file in Windows directory 8 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\e5779c4.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5779c4.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7ABE.tmp	msiexec.exe
File created	C:\Windows\Installer\e5779c6.msi	msiexec.exe

Executes dropped EXE 1 IoCs

Processes:

dsw.exe

pid process

3520 dsw.exe

Loads dropped DLL 19 IoCs

Processes:

dsw.exe

pid	process
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000083dd7964f79773090000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000083dd79640000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090083dd7964000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d83dd7964000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000083dd796400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msiexec.exe

pid process

1604 msiexec.exe
1604 msiexec.exe

pid	process
1604	msiexec.exe
1604	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exevssvc.exe

description	pid	process
Token: SeShutdownPrivilege	4776	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4776	msiexec.exe
Token: SeSecurityPrivilege	1604	msiexec.exe
Token: SeCreateTokenPrivilege	4776	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4776	msiexec.exe
Token: SeLockMemoryPrivilege	4776	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4776	msiexec.exe
Token: SeMachineAccountPrivilege	4776	msiexec.exe
Token: SeTcbPrivilege	4776	msiexec.exe
Token: SeSecurityPrivilege	4776	msiexec.exe
Token: SeTakeOwnershipPrivilege	4776	msiexec.exe
Token: SeLoadDriverPrivilege	4776	msiexec.exe
Token: SeSystemProfilePrivilege	4776	msiexec.exe
Token: SeSystemtimePrivilege	4776	msiexec.exe
Token: SeProfSingleProcessPrivilege	4776	msiexec.exe
Token: SeIncBasePriorityPrivilege	4776	msiexec.exe
Token: SeCreatePagefilePrivilege	4776	msiexec.exe
Token: SeCreatePermanentPrivilege	4776	msiexec.exe
Token: SeBackupPrivilege	4776	msiexec.exe
Token: SeRestorePrivilege	4776	msiexec.exe
Token: SeShutdownPrivilege	4776	msiexec.exe
Token: SeDebugPrivilege	4776	msiexec.exe
Token: SeAuditPrivilege	4776	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4776	msiexec.exe
Token: SeChangeNotifyPrivilege	4776	msiexec.exe
Token: SeRemoteShutdownPrivilege	4776	msiexec.exe
Token: SeUndockPrivilege	4776	msiexec.exe
Token: SeSyncAgentPrivilege	4776	msiexec.exe
Token: SeEnableDelegationPrivilege	4776	msiexec.exe
Token: SeManageVolumePrivilege	4776	msiexec.exe
Token: SeImpersonatePrivilege	4776	msiexec.exe
Token: SeCreateGlobalPrivilege	4776	msiexec.exe
Token: SeBackupPrivilege	4172	vssvc.exe
Token: SeRestorePrivilege	4172	vssvc.exe
Token: SeAuditPrivilege	4172	vssvc.exe
Token: SeBackupPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe
Token: SeTakeOwnershipPrivilege	1604	msiexec.exe
Token: SeRestorePrivilege	1604	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

msiexec.exedsw.exe

pid process

4776 msiexec.exe
4776 msiexec.exe
3520 dsw.exe
3520 dsw.exe
3520 dsw.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

dsw.exe

pid process

3520 dsw.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

dsw.exe

pid process

3520 dsw.exe
3520 dsw.exe

pid	process
4776	msiexec.exe
4776	msiexec.exe
3520	dsw.exe
3520	dsw.exe
3520	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

msiexec.exe

description	pid	process	target process
PID 1604 wrote to memory of 4688	1604	msiexec.exe	srtasks.exe
PID 1604 wrote to memory of 4688	1604	msiexec.exe	srtasks.exe
PID 1604 wrote to memory of 3520	1604	msiexec.exe	dsw.exe
PID 1604 wrote to memory of 3520	1604	msiexec.exe	dsw.exe
PID 1604 wrote to memory of 3520	1604	msiexec.exe	dsw.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4776

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1604

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
PID:4688

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3520

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4172

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344 0x498
1⤵
PID:4676

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5779c5.rbs
Filesize
12KB

MD5
2951e4755f94832de11a56dad6339019

SHA1
2bab9d6b0a68bb326e683e6ed27459c28b7ccd65

SHA256
d49879164e14af59deeea72f89e583e04e88a39422aa9519143a9866f8d5b072

SHA512
250a933cdcbcf9ea9fd0079011a19ec723324c3ba22b80a113a7e78c5eed06308bf7190426df8413bcb6264dd971ecb8639e2ab7bfc876f520642229fb58a13d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
Filesize
183KB

MD5
e8ab6afc4d1f7c9a28748951dfd49878

SHA1
2b16cf55b0ff533dfa3da2fd1967d8eabea53de7

SHA256
34bb5de8f4c85ded207e669b21adfab1f40fb0c1bb89dd1ca832ebed261d1b9a

SHA512
6f96280bb1314427a88bfbdb64f6638b7d9b725cde81054dcd510aaf1e73c2ae51a6b54913128419c7714192c8afab367fe6254bf6a12c80b26ecfa42ce5f8f8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
Filesize
585KB

MD5
29d84c491e603bc1a2baa9c554a1d044

SHA1
4b3c64393ef56b5608586414ad582333fe283915

SHA256
7a2c2b468865721b099309f7bc335aeed1523ba43281cc47cd406736ac8b5054

SHA512
f9505925a41336c6c65bb8900280f48dc6d3ce593b432bd06c168a1023046ee35cf6fc0851109a730e222a69638a6af1778eae9f4971b4cf8c1d3579d518e98a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
Filesize
379KB

MD5
e98f595caa5ee23e8a3e46d83211da9d

SHA1
a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

SHA256
df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

SHA512
e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
Filesize
344KB

MD5
538b2d0a5d2787c1fb92f3144c485ef0

SHA1
e6a5b93643292798878722e7ef4e5eb581ec346a

SHA256
35e49b4a3f03eb4c80603a99d1bc4ea05ab54c8229873e4d3a978e6fa77e6f75

SHA512
2a4db6f8d782dd6660c780966e6d30a7708b4308150806ca9a5d07820dfe5c3cec2b9fedb00dc49292fb3399ac985c1184a7b87911f9f35ee276cea08c545939

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
Filesize
391KB

MD5
bd71a16afa3d22d485d58fb07fe21a1a

SHA1
51b28f7cc77a2a09a5c3be620380964022146436

SHA256
08f2420cbdfdd50c761f0f30be0dde8662e1f93408f2d7d71a5e8c18c3cd7f0a

SHA512
65f5eacb3d5f570e222eff473ba05e85da36afc96c64a048a84011b6f4ad6cbf7d2933873bdaaaeda1da792a6cd5979ee44c01c366bf50942df6620e3bb3a197

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
Filesize
296KB

MD5
24b1b98aaca441dbbbd7e086f0e7ab02

SHA1
e923aedfab046fcff7a31f033576e3dad24f84f3

SHA256
98e4dbd260c19c5bf3afdd754303f65f61502122a3ad0bc3ed8a6ee59bc49a7c

SHA512
f6341f6d0d46d3535ac96647d04866c27103a87435d84caa1f4acdf8d3e42978286df19529720a03b4be373def617e84b93c7c2b096aa02f9ec10a7dab32840d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
Filesize
295KB

MD5
60304d3b6b85b64ada55683a78ee2894

SHA1
40d970a60228e3105428fdf298d320d0462997a5

SHA256
c7267f4982c338891b43dad91f4c93c52ed979bcd7f00341775e7432c1ae48c9

SHA512
479e2402d756ec1cb61ca68074057a2706acb97ce8ee00c3e628e843f16ac40bd61baf27f1254c5ccb4623c59df6a32945c3ebaa49c8d24912059ee2b5f9d3d7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
Filesize
383KB

MD5
7090c7c4a10f1e763e471ff794c07fbc

SHA1
eee208dced614e6ab2f841d94ea74b0f0d6a8a43

SHA256
44fe744dc26a4455811c86738d568126eb0ba9580adca2703804d03526760c3a

SHA512
c6c57a1c907db7353956510479a7b6dba94c24f16a302aeec105c1d778900e3d80d29ef246afcff26856e94970a3f45b3cad1d5a43cc25b2c888fa3a3df0eb17

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
854KB

MD5
04cb9f33d9a854cd49badf1a26c4bdbd

SHA1
1498e6dfd9e4b79d9b537511981c3295d37a7013

SHA256
c7cd06c4d7c7ccf46e60270d59c442e8100c9b1f5a76e76979a0f4affb58d4f2

SHA512
b9496a4ba3af69f8b480a4676ddda5a72583c3dade4a2108f3c28a9c269351283ba332aa4cb821fbaf77edf3694ec1b300ce547a4e740a9c630d70bd1a31f89f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
661KB

MD5
a5da2ed45d4131e08665f76fed925f96

SHA1
9c8060bb1ddab3203721198ae8fb25415701df6c

SHA256
7eb158fff59729819577dce277c4f44de4551f8ea09a8edcd11eed5b237c526d

SHA512
63199af851f9596e8ed82c9cff728699d74adb711241dff064262f8d3315746840056a4914cc361843516388b1264fddfee95310e069b71f41ffe4d50d87433c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
23KB

MD5
8630b25bf4206be33728b92827eaa9b7

SHA1
30ace4adbf807289064d090f2bbee58ceb526ac7

SHA256
0e177c8d9d3cfadafee51e3e8d7048ccb41c7c9cabd99257daa304b626f7515f

SHA512
461a746352a91864f63b6f83d64b14d5a0040e6998a5b658ac3a1ddc89fac6b3b195b74a527281656407596eea6a26ee0d0e0950121018a9468fa5d1818ce1b6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
Filesize
694KB

MD5
e65681d8df633f3e378fc5f066346fa1

SHA1
636d039a3d279e5d6ce9afa7395aab876c01250a

SHA256
cb56fa07c139df9a1549196ef89dac9d1302b3c84cec836dee40a110e3bb9c08

SHA512
ce5df07ee1b86e99ccc344ae18b08cc609a358ea088033424cee9f90a1875664ff118013c28c2dc770cc71c6a12d920ae7ee04fbfad3e9ec8d06466880bdb956

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
Filesize
636KB

MD5
4e7934c043eabefa1aeb37a459b959b3

SHA1
17a52c81a8281ab76c0745f0bf647d2ac54897df

SHA256
48a6140e2f6e07c31851f82127b150956042765b58c1222bd89af9f3eea702ec

SHA512
4eec51e8e708b355aced2653212ddcc9061b8a4e64dcf46d68904a4137b7c85f522e428f6d0b2792a86c495015d57863a914fdf6294da48548e05634de96c614

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll
Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll
Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll
Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll
Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll
Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll
Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll
Filesize
64KB

MD5
5182cfb12cd17dac9e8c371ce8e25e5f

SHA1
78aa6bd589ba7da16da7dedca791a5101ae46c58

SHA256
56680aa661e650d387f410db85fcbccd748b0d1ff6574257f9500662a29ba0f9

SHA512
e29b06b2c132bf40490e3ede7c2b43212f47662990e925db6f34773da7193d6fec7b1a2b3073e87222b853e7eec12d0d79f80b75725dd032a98b4c75f38ca439

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll
Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll
Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll
Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll
Filesize
77KB

MD5
1be3c1262d06acbce1400889c28234d5

SHA1
1a5f3c89afc83b468e14451b94b2d6e916533b33

SHA256
8c7537d764b0533731143841e9075bf8c640838df6955b180fad90a54bf567c5

SHA512
78616089f5969e8d924f0e7f512d222a8e023307f01a3e8f250f4a07e38cb4afd1908023e1375a2d46c41f19e0ef33ba8bec97317d16f4e068ea2ec4e6d17ddb

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll
Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll
Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
Filesize
168KB

MD5
9cf887b886af7c897e8cafe5dc70afb7

SHA1
98bb097b998dff54a1aea8917c236db17c0a9aef

SHA256
819702b3ed0647beac115c5a601fb8372d67633a8be4099b8b5360d22f9572f5

SHA512
d7f790d95bee1dcb5a3ae62c6a85fe7b36ab357fea83862a21e3a31ca1e27cfc9d46e4c6def80c7d439c30e93235141e1e3efdd84e77b8a87af06fa5b7ec24f9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
Filesize
336KB

MD5
6d375e8ba7af357bd13bfcc5cd08e49e

SHA1
f73ec8dab6264fc67c2b216bc9df62b28f3c3945

SHA256
deeb3a5b6bd7f3cdbfa420c28d76645366284a3a57e2dc63ce7850a9ae155ade

SHA512
1d3b44174eb624389a781f4e41eef7e2f055a4b51ed1c26fcd551357bd642e3e22b3087a558948ac5c6b34afeb8c8ffcbb5f85ecc2581dd5d0b01712b74a827c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
Filesize
57KB

MD5
9f6c96fff7958530c9891017557b7da8

SHA1
c4fc536d83d06915b72c9805a653c901b402b24e

SHA256
0a7c1820e4c66a7d79164e7850e46fc38e9938d030f81d1eca23387fbd49effe

SHA512
96c3b59c4e4e117ec66efa49c2a7b8b07082aafce67c075de0811f2c25d4c2b9d091bfd722a4c54de5d21f52759da6acceaf897d41e4008c9a84c149b1cead7e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
Filesize
65KB

MD5
81e242f512d2f2beebf4792479f1287e

SHA1
b270d1c42576e27e6965d9bd8cfe8d108cd2e2bd

SHA256
730963841d3a312cc09ff35585ad9f735ed5dfde3a0a6efe02014fd165e0e7be

SHA512
ca5040dc20170eb1e60b5bb0b308dde2f5439fde42618a3cc805ce1753e27e97055139803ef07500288f47b7737e69e28a62decc47ec32c5b3d168e484c2d721

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav
Filesize
385KB

MD5
c14003b894a19f0eccaf196cdb1b740e

SHA1
b33345f8653e124f0ce416b60475564470772593

SHA256
123e39a6cf5263742333ab9968914f79d6ec7277e2e27e7b498073f842bfa2e1

SHA512
b0d6710cdae85fca7e00c99ca0ae90a698ea760210b9f94f5804578c08dc248945c1905dbd13d93e452a67651cd20bb614b286231d219495e5854154a85a8381

Download Submit
C:\Windows\Installer\e5779c4.msi
Filesize
289KB

MD5
3723f786d4fff9dbe179f2eb7c722118

SHA1
5773fa9085d04aa043a8289fd217f885824a3165

SHA256
e73fd512913ef6405cdd7f41057b3fa5f116ffca972da4c8fe8631d8c0a7db60

SHA512
5b9717f0cfcd66e9cda8a33ca119f3f947fd6881b15a31366986f78acdfe6084a6fff6f95b579930a16537c65500c052c588f506dc015f052e49092b88333d70

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
Filesize
2.3MB

MD5
96c606ec97aa906737d2d5401dccbe1d

SHA1
87ca3e90cce3bd3b58781fe0d9a38dae8815843b

SHA256
3350ce1f0deb3d979dedfd48143fe9a69969bdddd3eba31856222bc560aaea10

SHA512
0979f42cf0f038f7775a2fb412503945f5d09ee8a35a195e90a178256035f134395be2f228cc052ccfd4cf118f7019f74edf98797a7776b0a90bd26caed0ce23

Download Submit
\??\Volume{6479dd83-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{692bc860-7961-4659-b081-69a5a0fc47c6}_OnDiskSnapshotProp
Filesize
6KB

MD5
87125b19052c3c5468e6e348f4979f6c

SHA1
b256859be4f57832776c22cb69e6a2168dde1ab7

SHA256
e36d4dccb01541944e6d5f8dba41c13cd45a90cb65abdbfbf93b50f685aae358

SHA512
c9640f3ad760ab3153fbd47ac1d44520144aa1fce0ee5cfbb5db8557e39b4e8eefe59eb9a81072e07fe601d1482c0b88278cdff48e695d835c98cfea855454dd

Download Submit
memory/3520-84-0x0000000000E60000-0x0000000000E64000-memory.dmp

Filesize
16KB

Download
memory/3520-110-0x0000000003090000-0x0000000003091000-memory.dmp

Filesize
4KB

Download
memory/3520-108-0x0000000074CB0000-0x0000000074DD5000-memory.dmp

Filesize
1.1MB

Download
memory/3520-82-0x0000000000E60000-0x0000000000E64000-memory.dmp

Filesize
16KB

Download
memory/3520-112-0x00000000039A0000-0x0000000003A2B000-memory.dmp

Filesize
556KB

Download
memory/3520-98-0x0000000075260000-0x0000000075284000-memory.dmp

Filesize
144KB

Download
memory/3520-99-0x0000000000E60000-0x0000000000E6D000-memory.dmp

Filesize
52KB

Download
memory/3520-89-0x0000000075650000-0x0000000075683000-memory.dmp

Filesize
204KB

Download
memory/3520-97-0x00000000014A0000-0x00000000014B7000-memory.dmp

Filesize
92KB

Download
memory/3520-94-0x0000000000E60000-0x0000000000E65000-memory.dmp

Filesize
20KB

Download
memory/3520-95-0x0000000075200000-0x0000000075236000-memory.dmp

Filesize
216KB

Download
memory/3520-93-0x0000000075580000-0x000000007558E000-memory.dmp

Filesize
56KB

Download
memory/3520-91-0x0000000000E60000-0x0000000000E6E000-memory.dmp

Filesize
56KB

Download
memory/3520-121-0x0000000003E60000-0x0000000003EA0000-memory.dmp

Filesize
256KB

Download
memory/3520-119-0x0000000003090000-0x0000000003091000-memory.dmp

Filesize
4KB

Download
memory/3520-87-0x0000000001480000-0x000000000149E000-memory.dmp

Filesize
120KB

Download
memory/3520-86-0x00000000755B0000-0x000000007564E000-memory.dmp

Filesize
632KB

Download
memory/3520-83-0x00000000752B0000-0x00000000752D8000-memory.dmp

Filesize
160KB

Download
memory/3520-81-0x0000000075690000-0x000000007569E000-memory.dmp

Filesize
56KB

Download
memory/3520-123-0x0000000003E60000-0x0000000003EA0000-memory.dmp

Filesize
256KB

Download
memory/3520-124-0x0000000003E60000-0x0000000003EA0000-memory.dmp

Filesize
256KB

Download
memory/3520-125-0x0000000003E60000-0x0000000003EA0000-memory.dmp

Filesize
256KB

Download
memory/3520-122-0x0000000003E60000-0x0000000003EA0000-memory.dmp

Filesize
256KB

Download
memory/3520-78-0x00000000756A0000-0x00000000756ED000-memory.dmp

Filesize
308KB

Download
memory/3520-75-0x0000000001190000-0x0000000001473000-memory.dmp

Filesize
2.9MB

Download
memory/3520-128-0x00000000014E0000-0x00000000014E1000-memory.dmp

Filesize
4KB

Download
memory/3520-127-0x00000000030B0000-0x00000000030B1000-memory.dmp

Filesize
4KB

Download
memory/3520-126-0x0000000000E60000-0x0000000000E64000-memory.dmp

Filesize
16KB

Download
memory/3520-129-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/3520-130-0x0000000001190000-0x0000000001473000-memory.dmp

Filesize
2.9MB

Download
memory/3520-132-0x0000000074CB0000-0x0000000074DD5000-memory.dmp

Filesize
1.1MB

Download
memory/3520-131-0x0000000073AD0000-0x00000000747F3000-memory.dmp

Filesize
13.1MB

Download