babadeda | 75f193ede0c901a7898b88ec92096f151bd1dd4f5bcd45e80047d5e35fb38a55

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ClipPlusCommunitySetup_ns.msi
Size

17.1MB
MD5

b82ada91e8742234257d9cad38deebfe
SHA1

d1278efa9729f955de1dbfcfe53550e67212ff9b
SHA256

3c8a05c5e2b599db85700ff9334a778efd2a99f6b4a1852aa0c129ba6039f834
SHA512

676d29697382b1375c7da26fcd6af20a7c5fb9f0f506c951c7280c7da12778d40fcfb1ef50653628123edf6cba8308d43a4945489a5f6b58e67dcc61d6fd373b
SSDEEP

393216:bnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vhp:wbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIn/

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav	family_babadeda

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Drops file in Windows directory 8 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF760.tmp	msiexec.exe
File created	C:\Windows\Installer\e57f59d.msi	msiexec.exe
File created	C:\Windows\Installer\e57f59b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57f59b.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Executes dropped EXE 1 IoCs

Processes:

dsw.exe

pid process

416 dsw.exe

Loads dropped DLL 19 IoCs

Processes:

dsw.exe

pid	process
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe
416	dsw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000237a6c0e57fb805f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000237a6c0e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900237a6c0e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d237a6c0e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000237a6c0e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msiexec.exe

pid process

4220 msiexec.exe
4220 msiexec.exe

pid	process
4220	msiexec.exe
4220	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exevssvc.exe

description	pid	process
Token: SeShutdownPrivilege	3572	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3572	msiexec.exe
Token: SeSecurityPrivilege	4220	msiexec.exe
Token: SeCreateTokenPrivilege	3572	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3572	msiexec.exe
Token: SeLockMemoryPrivilege	3572	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3572	msiexec.exe
Token: SeMachineAccountPrivilege	3572	msiexec.exe
Token: SeTcbPrivilege	3572	msiexec.exe
Token: SeSecurityPrivilege	3572	msiexec.exe
Token: SeTakeOwnershipPrivilege	3572	msiexec.exe
Token: SeLoadDriverPrivilege	3572	msiexec.exe
Token: SeSystemProfilePrivilege	3572	msiexec.exe
Token: SeSystemtimePrivilege	3572	msiexec.exe
Token: SeProfSingleProcessPrivilege	3572	msiexec.exe
Token: SeIncBasePriorityPrivilege	3572	msiexec.exe
Token: SeCreatePagefilePrivilege	3572	msiexec.exe
Token: SeCreatePermanentPrivilege	3572	msiexec.exe
Token: SeBackupPrivilege	3572	msiexec.exe
Token: SeRestorePrivilege	3572	msiexec.exe
Token: SeShutdownPrivilege	3572	msiexec.exe
Token: SeDebugPrivilege	3572	msiexec.exe
Token: SeAuditPrivilege	3572	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3572	msiexec.exe
Token: SeChangeNotifyPrivilege	3572	msiexec.exe
Token: SeRemoteShutdownPrivilege	3572	msiexec.exe
Token: SeUndockPrivilege	3572	msiexec.exe
Token: SeSyncAgentPrivilege	3572	msiexec.exe
Token: SeEnableDelegationPrivilege	3572	msiexec.exe
Token: SeManageVolumePrivilege	3572	msiexec.exe
Token: SeImpersonatePrivilege	3572	msiexec.exe
Token: SeCreateGlobalPrivilege	3572	msiexec.exe
Token: SeBackupPrivilege	2376	vssvc.exe
Token: SeRestorePrivilege	2376	vssvc.exe
Token: SeAuditPrivilege	2376	vssvc.exe
Token: SeBackupPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe
Token: SeTakeOwnershipPrivilege	4220	msiexec.exe
Token: SeRestorePrivilege	4220	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

3572 msiexec.exe
3572 msiexec.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

dsw.exe

pid process

416 dsw.exe
416 dsw.exe

pid	process
3572	msiexec.exe
3572	msiexec.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

msiexec.exe

description	pid	process	target process
PID 4220 wrote to memory of 3140	4220	msiexec.exe	srtasks.exe
PID 4220 wrote to memory of 3140	4220	msiexec.exe	srtasks.exe
PID 4220 wrote to memory of 416	4220	msiexec.exe	dsw.exe
PID 4220 wrote to memory of 416	4220	msiexec.exe	dsw.exe
PID 4220 wrote to memory of 416	4220	msiexec.exe	dsw.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ClipPlusCommunitySetup_ns.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3572

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4220

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
PID:3140

C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
"C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:416

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2376

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57f59c.rbs
Filesize
12KB

MD5
f7e405fb2664ebef16f946fe1cf774f9

SHA1
30b7e560f769f8d002f62542ec8b21f095670610

SHA256
b442824665b9ea616e694047f8e15f73c8186da00f4a9fc2b0d344ea8753d8fa

SHA512
06aeb6aa3679a446a888de82983f2e0e60e78dfbb675eb9fc1f41fcc4b17e335a9e35254a09906dc6d2d79e8f6ae6e8ce6223531de9cec88747b8b49e86f839d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll
Filesize
12.9MB

MD5
438e94a331161185f536b61659d139dc

SHA1
440dde2a6b12019187e49e7d5af4daa8d3b5fa47

SHA256
12696df60e4252ae4d44c546ac709acb28341813c35125d2c66f1895c9e78539

SHA512
599ee201e6e1718d66074a99e50bbc0c95b8ce012d143da971ee8fd90fa03be5b739e690e3eb8148d98bedd7776d138409acfeb99601286500251fab4537aa4a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll
Filesize
379KB

MD5
e98f595caa5ee23e8a3e46d83211da9d

SHA1
a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

SHA256
df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

SHA512
e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
Filesize
3.9MB

MD5
9ee6224077521a6a2d5dfc52adfe67bc

SHA1
baa53f7b3d652f134417aeba63792a3343c534fb

SHA256
f5bf854e113b39dcdea935f7b9eb0d09a7ab01a26b0578bb4fb470aa5ecbd914

SHA512
8ba024fc6856fd36dad5fd34b1c760ae3741a61fa91e81b581c0434effb49cab8c7c14e05887cd09313336eb59cad73b7ab341a0e27d6b4435e17e7e8fc4d003

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll
Filesize
5.2MB

MD5
50e612a7a5769e9caffdc62088f09a74

SHA1
6e476d7a88a1b004195707fc31c343863a179922

SHA256
81ecd1cbc75929d27d7c05e6004f7d9a4e5fb0f7338e7a6396809e835f08f4ce

SHA512
c25e7becfde9dbd81bb0838f4f2d43cdd1f5869d866a978b0c06a347d6a09c501c7e9b6c8a094012f9018889ddacab24e7f42ce5bb03416b15a21ae392a3949f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll
Filesize
4.9MB

MD5
b38c9b2b76254fdf958769db2b9242a8

SHA1
b6374308a0338aac7509fc547e07908b98800625

SHA256
4dc4b7fcab02e7c53f69e5ec59eeff60be22bc1a7ccc7f0ef9828c9e3090fc91

SHA512
40d7bcc8f13a8a5f98843d10a92518e54279ed56ca010dddf5efe1a75c49703bc0bcdfa575e856adc0853cbd03b0ecf1ee0ff245671c0eed555ccc31ab6d2ef9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
768KB

MD5
50f986a346bd989233c7b5929b7bb678

SHA1
5226dd1a18db827f8b35e5177cd86fed03db71a1

SHA256
05e9f41129e1d99bceb0f4ae48dba760d5cb0afdcfa657ffdb0cdabf4cb9d867

SHA512
c7160f99b8fcfa9938149048f020f42be84916671d5c306a4ae34787922b76675d3fa9b3d052060fe760fb68bb218f1034760d13f2ad183762d424023cd6cb44

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
512KB

MD5
1f9e50f804f34eac74493d38a2969005

SHA1
5b0e57ea4ecb180cab805ecfb6c7df04da89009a

SHA256
2fe8bbb3e55b255b850efa2a6f8c7f3d05711e848c41def82f8ef2245eefb72d

SHA512
1621149fa51dc7e3f6c55a4de9d4576231d647e4dc84744cc6dfd29fb0af9a8c3dab9343d0bca9aa83c15647782b9dcfe0376f19973838c188f5b46b2c485639

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll
Filesize
384KB

MD5
1de1bc22b5555301ffbf71250322ed45

SHA1
df2f0ca480c8d744e77c0030e8336bb41964b918

SHA256
b34d4531c553373e430ea52a9c1b9ce1a5e9c1930ec15122a465a588151687ef

SHA512
a9d80659070fd734165e9f3e61a201e509bd33dcb4474ee0902d225db984d39fa883bdf2c25f4ddaa9feac1d261fbcbeccb0e6438ecfdcc6a959062bfdaebd16

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll
Filesize
1.1MB

MD5
658276a6bf6c17511f54254d56cd9022

SHA1
b9af3a23d41aa2bc2bf1f269e0deb8749896c584

SHA256
19b5b1a7be78f20a509b6283d89498f038a74337b803369cb37077e1ebb5fa2a

SHA512
4de906a5637512b40f91d49c798d2c2cea429077b53a7ed6e8eceaa6f0a1f56dbea1085c1a5afeeb689fd0c049d9041064c3d262a43b513f2288967292222fae

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll
Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll
Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll
Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll
Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll
Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll
Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll
Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll
Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll
Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll
Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll
Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
Filesize
7.4MB

MD5
63c5b96b43e63c2fac1697fbe936e227

SHA1
898f30fc375882e977427cce521c88002146ddd9

SHA256
25051ff2c23b8efa5e2a9fc6226aca4975d7a6de165e1c0c04a7756469fc2c02

SHA512
b6495d6bebc3c73098826466786622fce587807dd3ea2978471db6aa2b05666c5bda5e9cc63686a2ace0def0e9f6115d05a79a28a27970ca9074fbffd7789416

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
Filesize
2.0MB

MD5
0e8ad093cf9434303d693c25747869a4

SHA1
4b0faa78cda9a49107ececdb33d9e97cdd7ea958

SHA256
0e9558526b01c45be378dd4f30f707186697194720a6adaac7612dfb8387eb51

SHA512
46b77060ce1f0d11e492d7dbcc676a75ee621bb86a9d9dd912f9c82d5808ec0eae9521c2beb257045761b92b58453fc5c772727c42df6bb7b3bae963f3cad89d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
Filesize
320KB

MD5
50c8771e25777a3809386f0f0eb28fd8

SHA1
c7f1ef1280d699546972de1c541bca1004190efb

SHA256
c7db4dc62295a631880fa78a55e273d7bb7f5db7718e2219bfa34d4d5884e66b

SHA512
e5ec58452038d746e69c901a5d6dfc73d6e65919f0558d980d2f5681d6719ae92a2817f55d75d5ee9ead31258dc6445aca9e5c869fad0a92f02f916fa0f5e344

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll
Filesize
256KB

MD5
8b0597ea7af654de134a9fce80a6be71

SHA1
698a57e3c7c5e3792455a51eaf0b43428ee9e472

SHA256
1e5fc56cc7484b2d02c7bd38ce8609dfcd57bd70170dc1703ed5a182f1601e84

SHA512
e7b7327b9c498356b6edebb9b6e0a3c64919ff22a5c3e891959f14f28fd6962ba6d8a5e5011d7883718aac8d613e13f6d6bd580c22b194de8cffcda47d728cd0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav
Filesize
1.8MB

MD5
3978c2550c1e450c0b817854b69b3b82

SHA1
e0db6cb3d7182d16374db7fe6ce15ae7db3346db

SHA256
05a61eb335bf99882924caa6bff364811fda63efb3b76d23665e09b50835f1f6

SHA512
164e3c8922fd8fe2b8be0313e89c17840130946c1d73c7ebf3c7267f944b1a0cbe1517baa0f0e9daf0cf5f802caab6a231c9c412ebcb3111da8fa7f540622a08

Download Submit
C:\Windows\Installer\e57f59b.msi
Filesize
1.2MB

MD5
45b58747c5f7d43298a7f2e3ed36f7f8

SHA1
d164a5bcc434702f2ccbb2c262d7927af2f9a061

SHA256
8b76155e481e601ca7c178bece3b0af153008eb918817fa0f2e7cb4eaad4b366

SHA512
465ee4ff653627278e9e0c2dea7dae86f780cdd657a42deeaec65c2d6e114e6c781af5a00db48ea068a447f7ad37e8b2a9e5b1e8c8d12436ff80eda519743aad

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
Filesize
23.0MB

MD5
440a266e7f330ffb560b9ae681ffb7e2

SHA1
f6ea2b7694a20fba1a808f88cf7d4f8d54c1de65

SHA256
f2ec0bcf53fb15832ebdc9403a7f8a5fea33fa4fe45bbba295884561ca2787c7

SHA512
781d53ecd18255ed95ab6f41e3018fddfa34fffb3eb6698320a5f64f23eccba47b80213fa12d8804b8043397f6c6fda441854202e546e32072ba94af934a8659

Download Submit
\??\Volume{0e6c7a23-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{05dc9949-6e38-4235-aec8-cd66a38e7a0f}_OnDiskSnapshotProp
Filesize
6KB

MD5
931c3dfe0495ffa40193ffcc83c43074

SHA1
7c1236083d1f27bb23780c7abf278990f623d2ed

SHA256
d2d280c446be8430329b597be175d610eedbf8a52219efca00eb99d24433aec0

SHA512
6b5eb11227464a9556278b2e732d31daeb54d9fab753c4d5d0dc08b8d87859143da904be8d66953b157222e5baeea36b7364658e3d026535792e6f473f4e6748

Download Submit
memory/416-76-0x00000000758D0000-0x000000007591D000-memory.dmp

Filesize
308KB

Download
memory/416-111-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/416-92-0x00000000757D0000-0x00000000757DE000-memory.dmp

Filesize
56KB

Download
memory/416-94-0x00000000754C0000-0x00000000754F6000-memory.dmp

Filesize
216KB

Download
memory/416-95-0x0000000000E60000-0x0000000000E63000-memory.dmp

Filesize
12KB

Download
memory/416-98-0x0000000001490000-0x00000000014A7000-memory.dmp

Filesize
92KB

Download
memory/416-99-0x0000000000E60000-0x0000000000E6D000-memory.dmp

Filesize
52KB

Download
memory/416-97-0x0000000075490000-0x00000000754B4000-memory.dmp

Filesize
144KB

Download
memory/416-89-0x0000000000E60000-0x0000000000E6E000-memory.dmp

Filesize
56KB

Download
memory/416-88-0x0000000075880000-0x00000000758B3000-memory.dmp

Filesize
204KB

Download
memory/416-85-0x0000000000E80000-0x0000000000E9E000-memory.dmp

Filesize
120KB

Download
memory/416-86-0x00000000757E0000-0x000000007587E000-memory.dmp

Filesize
632KB

Download
memory/416-108-0x0000000074EF0000-0x0000000075015000-memory.dmp

Filesize
1.1MB

Download
memory/416-80-0x00000000758C0000-0x00000000758CE000-memory.dmp

Filesize
56KB

Download
memory/416-82-0x0000000075440000-0x0000000075468000-memory.dmp

Filesize
160KB

Download
memory/416-93-0x0000000000E60000-0x0000000000E65000-memory.dmp

Filesize
20KB

Download
memory/416-84-0x0000000000E60000-0x0000000000E64000-memory.dmp

Filesize
16KB

Download
memory/416-114-0x0000000003DA0000-0x0000000003E2B000-memory.dmp

Filesize
556KB

Download
memory/416-81-0x0000000000E60000-0x0000000000E65000-memory.dmp

Filesize
20KB

Download
memory/416-121-0x0000000000E60000-0x0000000000E65000-memory.dmp

Filesize
20KB

Download
memory/416-120-0x0000000000E60000-0x0000000000E7D000-memory.dmp

Filesize
116KB

Download
memory/416-122-0x00000000038B0000-0x00000000038B1000-memory.dmp

Filesize
4KB

Download
memory/416-123-0x00000000038B0000-0x00000000038B1000-memory.dmp

Filesize
4KB

Download
memory/416-124-0x00000000038B0000-0x00000000038B1000-memory.dmp

Filesize
4KB

Download
memory/416-125-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/416-126-0x00000000011A0000-0x0000000001483000-memory.dmp

Filesize
2.9MB

Download
memory/416-127-0x0000000073D00000-0x0000000074A23000-memory.dmp

Filesize
13.1MB

Download
memory/416-128-0x0000000074EF0000-0x0000000075015000-memory.dmp

Filesize
1.1MB

Download
memory/416-79-0x0000000000E60000-0x0000000000E7D000-memory.dmp

Filesize
116KB

Download
memory/416-73-0x00000000011A0000-0x0000000001483000-memory.dmp

Filesize
2.9MB

Download