babadeda | cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d.msi
Size

17.1MB
MD5

eb64b1dbb38961bdb4c0f4b724b1ed3d
SHA1

a375bc847388cdddc6cffd57dc7f0c3d6be72cdf
SHA256

cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d
SHA512

5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7
SSDEEP

393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Score

10^/10

babadeda lumma crypter loader stealer

Malware Config

Extracted

Family

lumma

https://telldruggcommitetter.shop/api

https://secretionsuitcasenioise.shop/api

https://modestessayevenmilwek.shop/api

https://triangleseasonbenchwj.shop/api

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 1 IoCs

resource	yara_rule
behavioral1/files/0x0007000000023228-107.dat	family_babadeda

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Blocklisted process makes network request 1 IoCs

flow	pid	Process
11	4964	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E8907531-0946-43B7-A05C-D15D055BE638}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA45E.tmp	msiexec.exe
File created	C:\Windows\Installer\e57a25c.msi	msiexec.exe
File created	C:\Windows\Installer\e57a25a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57a25a.msi	msiexec.exe

Executes dropped EXE 1 IoCs

pid	Process
4804	dsw.exe

Loads dropped DLL 19 IoCs

pid	Process
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000007667065a040ee7130000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800007667065a0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809007667065a000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d7667065a000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000007667065a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	msiexec.exe
2816	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4964	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4964	msiexec.exe
Token: SeSecurityPrivilege	2816	msiexec.exe
Token: SeCreateTokenPrivilege	4964	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4964	msiexec.exe
Token: SeLockMemoryPrivilege	4964	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4964	msiexec.exe
Token: SeMachineAccountPrivilege	4964	msiexec.exe
Token: SeTcbPrivilege	4964	msiexec.exe
Token: SeSecurityPrivilege	4964	msiexec.exe
Token: SeTakeOwnershipPrivilege	4964	msiexec.exe
Token: SeLoadDriverPrivilege	4964	msiexec.exe
Token: SeSystemProfilePrivilege	4964	msiexec.exe
Token: SeSystemtimePrivilege	4964	msiexec.exe
Token: SeProfSingleProcessPrivilege	4964	msiexec.exe
Token: SeIncBasePriorityPrivilege	4964	msiexec.exe
Token: SeCreatePagefilePrivilege	4964	msiexec.exe
Token: SeCreatePermanentPrivilege	4964	msiexec.exe
Token: SeBackupPrivilege	4964	msiexec.exe
Token: SeRestorePrivilege	4964	msiexec.exe
Token: SeShutdownPrivilege	4964	msiexec.exe
Token: SeDebugPrivilege	4964	msiexec.exe
Token: SeAuditPrivilege	4964	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4964	msiexec.exe
Token: SeChangeNotifyPrivilege	4964	msiexec.exe
Token: SeRemoteShutdownPrivilege	4964	msiexec.exe
Token: SeUndockPrivilege	4964	msiexec.exe
Token: SeSyncAgentPrivilege	4964	msiexec.exe
Token: SeEnableDelegationPrivilege	4964	msiexec.exe
Token: SeManageVolumePrivilege	4964	msiexec.exe
Token: SeImpersonatePrivilege	4964	msiexec.exe
Token: SeCreateGlobalPrivilege	4964	msiexec.exe
Token: SeBackupPrivilege	2624	vssvc.exe
Token: SeRestorePrivilege	2624	vssvc.exe
Token: SeAuditPrivilege	2624	vssvc.exe
Token: SeBackupPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe
Token: SeTakeOwnershipPrivilege	2816	msiexec.exe
Token: SeRestorePrivilege	2816	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4964	msiexec.exe
4964	msiexec.exe
4804	dsw.exe
4804	dsw.exe
4804	dsw.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4804	dsw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4804	dsw.exe
4804	dsw.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 1204	2816	msiexec.exe	103
PID 2816 wrote to memory of 1204	2816	msiexec.exe	103
PID 2816 wrote to memory of 4804	2816	msiexec.exe	105
PID 2816 wrote to memory of 4804	2816	msiexec.exe	105
PID 2816 wrote to memory of 4804	2816	msiexec.exe	105

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4964

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:1204
- C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe
  "C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4804

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2624

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394 0x2ec
1⤵
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57a25b.rbs

Filesize
12KB

MD5
11c83f77380187474f15b0517041a5eb

SHA1
3bd47d95bebe7f81ee6367b45ca0880f439bd38d

SHA256
53f96150eb08278eb79e4d158db2c7e3628dce081b71437fa1fbf0d2bd73f9c8

SHA512
9e77f237f38178f33b959e412673f7e8f9850e2c83d21728e291e55b1431ed40f43b0c5941b818a28669f4a0b646e96dd98fc4f73b8a29d1834988a1dd2583a8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
5.9MB

MD5
819b3ca01fca1dee00493a8a9c41d8ab

SHA1
3e5ecf4035e51c673800daed18d8c63948d2e919

SHA256
e8ff65b38667a0bf37e3bc6878d5ae19bd232a9e88c19993627e46942b7205de

SHA512
16d859155955840aa13041c4fc76d7aa1aa5bc7d1e728ca429841f2ecbffec9f10e29f16698633f9edc4f7715ef5e13014e1d38532fc079439f8afacd63488e5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FilesystemDialogs.dll

Filesize
4.7MB

MD5
c5dc102852ff5103b1608f9b3f1f5d94

SHA1
03f670ea4ce8f0b859b3625f72fd020ad4113c7b

SHA256
88c1e9997cdc38462c697ff1d42b75613b9346b9625e08978c77335f1ba63efe

SHA512
1c09989efd037ead5261d1323b08c0a1057a6ec9238efaeee926b60bb02984eb674d6d52dacfa0ebffc910e5174c3679ad092cc5c2b752b2d67c1d53336a7f3c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\Fluent.dll

Filesize
379KB

MD5
e98f595caa5ee23e8a3e46d83211da9d

SHA1
a7ef9e7c3eddaa7b82acb7eba7a2c88a70bac017

SHA256
df12ced54ee1dd73b230be239fb2ffce141bbf4ff979fb33ebb153a0bda88a1a

SHA512
e777a5ace5ecef10ae051df02a443279af5f28a1e996905774f574ef8679363ae78db064ef6eb7c3f77dd87284cc0d070b1fe54b422f9ae0a2240286a9541938

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
768KB

MD5
557a907d86fe402237871060d337b291

SHA1
e7b31075ba4c0bccfece2b1074eff227f7895228

SHA256
2d7ca3d75e390c6a68b15a1e917de5567f19bd3ccfe3bca0ba9de73ecce6fd14

SHA512
fb31f6f759edab0ee8d21b14b7925b0af889f579e250984e099e2cbd01cd83e7fca36a37cf6db10d29f2375357f1700f6cde8a57f9ae17fee775204e20a7cc39

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\FreeImage.dll

Filesize
320KB

MD5
0b1397a7aba086e84e1df964889f1205

SHA1
024dc459b897358265a463ec2366a40c34dcc29d

SHA256
5ba60395f8e944c12d46704d108f00e2c7a56167101233fac8081dab0c4bc715

SHA512
70647a1b9466053e8ad3f856f1c45d6a21ad023e47aae6ece4151befd43239c356cac1aebb2fdb22344b3dd09607aeb6709d5cd44dc05efbf0467974086b70dd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
4.9MB

MD5
b38c9b2b76254fdf958769db2b9242a8

SHA1
b6374308a0338aac7509fc547e07908b98800625

SHA256
4dc4b7fcab02e7c53f69e5ec59eeff60be22bc1a7ccc7f0ef9828c9e3090fc91

SHA512
40d7bcc8f13a8a5f98843d10a92518e54279ed56ca010dddf5efe1a75c49703bc0bcdfa575e856adc0853cbd03b0ecf1ee0ff245671c0eed555ccc31ab6d2ef9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\MediaInfo.dll

Filesize
3.8MB

MD5
1f60cb8ccce403328fc3df6b51d64f7f

SHA1
e4d90723414d16f086f74d0dd7dc52aac07fa76a

SHA256
fce99709ea2345d11ccfdcf0d75210f1c3562c1b994cffa3725e3582c0b7aa33

SHA512
9666ad6a3cef7caf23ba9c400c90efd8a6b88577b9715f5885f7fdf3fd35e659ab441565a97c5923a25baee269087a86bade0f679e0180704a5af6efca08ca63

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
768KB

MD5
50f986a346bd989233c7b5929b7bb678

SHA1
5226dd1a18db827f8b35e5177cd86fed03db71a1

SHA256
05e9f41129e1d99bceb0f4ae48dba760d5cb0afdcfa657ffdb0cdabf4cb9d867

SHA512
c7160f99b8fcfa9938149048f020f42be84916671d5c306a4ae34787922b76675d3fa9b3d052060fe760fb68bb218f1034760d13f2ad183762d424023cd6cb44

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
576KB

MD5
8005704e351f0d05bea84099b3b666da

SHA1
accd08a194e90d4a9036019c420aa2825ca7e7b1

SHA256
c2934ec2b9fb41a32e2693196f1e3ed794f145bcb4576154dfbc88a99f07e00d

SHA512
ef4a0fce1a90292b65f8a1282bd604a0a345c3cf2e5a7f0ac5b16547b91dc5c0e737bc75d9c17a64880930ebdea4df878399f4353b535c4b0b155626180bab8c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\SampleDisplay.dll

Filesize
448KB

MD5
b3078233c30f19b243044b01179eae8a

SHA1
179e32d03b9217cf646c89a56020aac14b03b3f3

SHA256
73674f192c0a1076a70f6a6554f8fd5570f98fec809b1c0550ddf1747020d646

SHA512
7243021181d8927f72d15c5091367299ad5ab62a14a1eaf5462f4a45cd1de768c33237d643646841671f74ad5e8735368b94c7588009fb45914f4febd0b2c8fb

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\WinSparkle.dll

Filesize
128KB

MD5
9d34d205adbe5780272ba81f95df4229

SHA1
e0d19b646225e02def1fa310612bee5ebc5ce76f

SHA256
364a54ba0a147057961e4340828bf2dce2c278e24361bb0a1001c6e8100dec9e

SHA512
c08f59416b64fea5053ccaca01671898508daf9d621dfb8071b2382b053ef15f8947d7bf1ccdc92321ed638abaf89787dcbfc7bf8298b63a220e97228c23c077

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass.dll

Filesize
135KB

MD5
8e58fcc0672a66c827c6f90fa4b58538

SHA1
3e807dfd27259ae7548692a05af4fe54f8dd32ed

SHA256
6e1bf8ea63f9923687709f4e2f0dac7ff558b2ab923e8c8aa147384746e05b1d

SHA512
0e9faf457a278ad4c5dd171f65c24f6a027696d931a9a2a2edd4e467da8b8a9e4ab3b1fd2d758f5744bf84bece88c046cda5f7e4204bead14d7c36a46702b768

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_fx.dll

Filesize
67KB

MD5
d8ccb4b8235f31a3c73485fde18b0187

SHA1
723bd0f39b32aff806a7651ebc0cdbcea494c57e

SHA256
7bc733acc1d2b89e5a6546f4ebc321b1c2370e42354ea415bc5fcc6807275eba

SHA512
8edafd699f9fbec0db334b9bc96a73a9196895120f3406fff28406fd0565415ac98665c9837a5b1e0c5027162ff26bf3a316ecda6a0b51d92eb5d7002b814713

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bass_vst.dll

Filesize
27KB

MD5
5efb2702c0b3d8eeac563372a33a6ed0

SHA1
c7f969ea2e53b1bd5dbeba7dd56bff0cc4c9ea99

SHA256
40545a369fa7b72d23a58050d32dc524b6905e9b0229719022dbda0d2fa8765b

SHA512
8119526f8573ea6e5bed16a57d56084260afee511c9aad3d542388a783548e5b32ed8fb568d5b97deed791162bcd5577fcc3c76abf4d147ea13bea5c2a6ea794

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassasio.dll

Filesize
18KB

MD5
ff3d92fe7a1bf86cba27bec4523c2665

SHA1
c2184ec182c4c9686c732d9b27928bddac493b90

SHA256
9754a64a411e6b1314ae0b364e5e21ccfe2c15df2ed2e2dce2dc06fa10aa41e8

SHA512
6e0f021eb7317e021dccb8325bc42f51a0bf2b482521c05a3ff3ca9857035191f8b4b19cbe0d7130d5736f41f8f2efb2568561e9063fa55aaab9f2575afe23db

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc.dll

Filesize
31KB

MD5
a6f27196423a3d1c0caa4a0caf98893a

SHA1
58b97697fa349b40071df4272b4efbd1dd295595

SHA256
d3b9e4646f7b1cb9123914313cec23ec804bd81c4ff8b09b43c2cde5ee3e4222

SHA512
0a84cf847b80b0c2e6df9274a4199db8559757781faec508cd8999bea2c8fb5cd9bed1698144b82b86b2c6938fa8006c482a09c1b46d6bb8d2a2648a2011dea0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_flac.dll

Filesize
76KB

MD5
5199d6173a6deb45c275ef32af377c3c

SHA1
e8989859b917cfa106b4519fefe4655c4325875b

SHA256
a36f06cbe60fc1a305bd16cd30b35b9c026fd514df89cd88c9c83d22aefbe8c3

SHA512
80b96196f1b3d6640035e8b8632a25ecdb3e4e823e1b64fc658b31aae6c6799aa1d9fd1acffbef6ff9082e0433ac9ab9426d5400d3644db9958940b8bb13f6d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_mp3.dll

Filesize
75KB

MD5
46ede9ea58c0ac20baf444750311e3f8

SHA1
246c36050419602960fca4ec6d2079ea0d91f46e

SHA256
7ea1636182d7520e5d005f3f8c6c1818148824cee4f092e2d2fe4f47c1793236

SHA512
d9154430c72cbf78f4f49ec1eee888c0004f30a58a70cee49f5108ded0994ba299ba6bf552a55ffeedb2ab53107172324156e12e2fbae42f8f14f87ec37cc4e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_ogg.dll

Filesize
164KB

MD5
89e794bbd022ae1cafbf1516541d6ba5

SHA1
a69f496680045e5f30b636e9f17429e0b3dd653e

SHA256
7d7eb0bc188fc3a8e7af7e5325d4f5e5eb918c4138aea3de60d6b1afac6863f9

SHA512
16455e29a1beece663878e84d91c8e75c34b483b6ff3b5853ced97670a75a9c29cc7a7aa78b0c158eb760cda5d3e44541aae2cc89b57d290e39b427d4c770000

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassenc_opus.dll

Filesize
141KB

MD5
b6022150de5aeab34849ade53a9ac397

SHA1
203d9458c92fc0628a84c483f17043ce468fa62f

SHA256
c53b12ebe8ea411d8215c1b81de09adc7f4cf1e84fd85a7afa13f1f4a41f8e9d

SHA512
2286399bd1f3576c6ce168e824f4d70c637485fae97d274597d045a894740519512f1865e20562656297072b5625bdd2a5ec4d4f5038176f764eb37e22451ade

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\bassmix.dll

Filesize
31KB

MD5
d31da7583083c1370f3c6b9c15f363cc

SHA1
1ebe7b1faf94c4fe135f34006e7e7cbbc0d8476c

SHA256
cff3edc109bc0d186ba8ddf60bc99e48ff3467771e741c7168adbdbe03379506

SHA512
a80364384eca446a378e3ae3420a0e3545e1d24426a9e43f3e27381cb09bb4cd1121b66c576e5a981b2e5d661f82590eb0c0fe8d8243ef872f84809ec906e266

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\basswasapi.dll

Filesize
21KB

MD5
cdfbe254cc64959fc0fc1200f41f34c0

SHA1
4e0919a8a5c4b23441e51965eaaa77f485584c01

SHA256
9513129c0bb417698a60c5e4dd232963605d1c84e01b9f883f63d03b453173a9

SHA512
63704a7a4d0cd8b53972e29fcbee71f2c3eb86a0411f90fc8375e67cb4b3bddb36c753f3f5b113c3ca333c381f86a19e2168218cc2074f05ad1143bc118cd610

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
5.7MB

MD5
37dd25d6bc0ef765d8c46fd70d134e37

SHA1
19510428f3d2398705687e0bd9a183ebebae4d6f

SHA256
9a75b0d07172f201d373d235025eb75e96627b75ff910a4c060b0c370536a560

SHA512
b925fd0791d0be28c9fb02e0c78ae4e8caa487e2a8d3ff9bd71e8e701406acf0652c195b985e9f209674dee83c94b447534f67c9b64f8569f517f0790e55c5b0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\dsw.exe

Filesize
4.0MB

MD5
873bc1e83540800f3cf5d1c9250dcef6

SHA1
37048176cb782bab1cfce935563db5600236d1ff

SHA256
fa9089d25c55a58850c66706f6f3b2a9771b3d31e7e86e62d9f0ade555f5b48e

SHA512
f04d39c33a75d6bf285416501833fb773547eeee1591c5cb30cc236d501add373fd0f3663c49e1d760847cb32392be3d2947cb7947ed65c67018c051735efe26

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\irender.dll

Filesize
448KB

MD5
ae941259a23f165e239d7bed5e778b41

SHA1
fde53927897538d4da7e7446d569cf23c5c96853

SHA256
7e6b6c223f724ae584128d8b855fdebff4f3f89ed8b2f4cbc7c0a29ecf308342

SHA512
7f657dc008fae9c210103aaf57b7c3086968cd5b46a388a93e86762bd78324c06c3433e61db1faffd7245cdb113d9e5503d527b1b79b1d529ca129bb8dd53523

Download Submit
C:\Users\Admin\AppData\Local\Programs\Clip Plus Community\tutorial.wav

Filesize
128KB

MD5
84365155ffc3e864eba46fb712640d96

SHA1
9aedf21abb08ce74ec7eb2df1e7312c4799939b0

SHA256
d34426341d0850f1ca0067e6785feaa1773fb07fe9fd9ef1f3d1236df07f79e5

SHA512
307b3d7be43644306f462e63b4eed9deaba514c1e3bbf8070752ad69021570f1a31bc719c1799b850d18080588cfe2b052a3389e7cdb5daeb15f818feea15681

Download Submit
C:\Windows\Installer\e57a25a.msi

Filesize
3.5MB

MD5
a7246054651489f6a3afab3c9132b0b5

SHA1
a2b72f6fa36f48b244c4b19db82093a91a5270c1

SHA256
a13acc876d02e0b4355218520b61233eb1fa495bbf8db98909ce812401396430

SHA512
40d8386c2092bf3b0a56a2194fbdb1444497f052929fcc7eaf369070894f136e33fdc2b29d727f47e1e42c9b872beca96ccb6d149124432e67711e32bb5db9c8

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.7MB

MD5
c19db318823a83a43409ac329483d4df

SHA1
4819a619b9e1da1991e9a4b1f05c6a173b618599

SHA256
8ca5dda8c099a9a20e51d6674e7ad886c717acf7acda2e0b983c139808d2664b

SHA512
3b80284995b4ade86a477dd22848e4ff4426b67e01f3fdef30c4af7f1ec4bc12e663f6d59edab6ee2ee36d08b93a35fd5bac3d805eacc20936c11bd33900084f

Download Submit
\??\Volume{5a066776-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{5d2604e8-ed3d-4bb0-8c12-ebd158c7807d}_OnDiskSnapshotProp

Filesize
6KB

MD5
4234aa19c17b39bd992e54803fbe722d

SHA1
f934992c8a4622aa86f29a03755bfa7b79c0cf57

SHA256
eb120cd59a58f2c09e90018415a8a59adce86de21ec016c3833d49dea29d3bc1

SHA512
169dd58151641acba7fad392d076511e2cd197af698f766ec75f084758316e42860cd09e2f9665f0947593a506576a7a7edf7234fdf7c793eea152a72a8342d4

Download Submit
memory/4804-98-0x0000000001490000-0x00000000014A7000-memory.dmp

Filesize
92KB

Download
memory/4804-88-0x0000000075730000-0x00000000757CE000-memory.dmp

Filesize
632KB

Download
memory/4804-101-0x0000000000C90000-0x0000000000C9D000-memory.dmp

Filesize
52KB

Download
memory/4804-96-0x0000000000C90000-0x0000000000C95000-memory.dmp

Filesize
20KB

Download
memory/4804-80-0x00000000758D0000-0x000000007591D000-memory.dmp

Filesize
308KB

Download
memory/4804-81-0x0000000000E30000-0x0000000000E4D000-memory.dmp

Filesize
116KB

Download
memory/4804-97-0x0000000075430000-0x0000000075466000-memory.dmp

Filesize
216KB

Download
memory/4804-110-0x0000000074EA0000-0x0000000074FC5000-memory.dmp

Filesize
1.1MB

Download
memory/4804-95-0x0000000075800000-0x000000007580E000-memory.dmp

Filesize
56KB

Download
memory/4804-93-0x0000000000C90000-0x0000000000C9E000-memory.dmp

Filesize
56KB

Download
memory/4804-113-0x0000000003800000-0x000000000388B000-memory.dmp

Filesize
556KB

Download
memory/4804-114-0x0000000001510000-0x0000000001511000-memory.dmp

Filesize
4KB

Download
memory/4804-91-0x0000000000E40000-0x0000000000E5E000-memory.dmp

Filesize
120KB

Download
memory/4804-77-0x00000000011A0000-0x0000000001483000-memory.dmp

Filesize
2.9MB

Download
memory/4804-90-0x0000000075810000-0x0000000075843000-memory.dmp

Filesize
204KB

Download
memory/4804-100-0x0000000075400000-0x0000000075424000-memory.dmp

Filesize
144KB

Download
memory/4804-86-0x0000000000C90000-0x0000000000C94000-memory.dmp

Filesize
16KB

Download
memory/4804-122-0x0000000003F60000-0x0000000003F61000-memory.dmp

Filesize
4KB

Download
memory/4804-123-0x00000000037D0000-0x00000000037D1000-memory.dmp

Filesize
4KB

Download
memory/4804-124-0x00000000014E0000-0x00000000014E1000-memory.dmp

Filesize
4KB

Download
memory/4804-85-0x00000000757D0000-0x00000000757F8000-memory.dmp

Filesize
160KB

Download
memory/4804-84-0x0000000075890000-0x000000007589E000-memory.dmp

Filesize
56KB

Download
memory/4804-127-0x0000000000400000-0x0000000000BAB000-memory.dmp

Filesize
7.7MB

Download
memory/4804-128-0x00000000011A0000-0x0000000001483000-memory.dmp

Filesize
2.9MB

Download
memory/4804-129-0x0000000073CB0000-0x00000000749D3000-memory.dmp

Filesize
13.1MB

Download
memory/4804-130-0x0000000000C90000-0x0000000000C94000-memory.dmp

Filesize
16KB

Download
memory/4804-131-0x0000000000E40000-0x0000000000E5E000-memory.dmp

Filesize
120KB

Download
memory/4804-132-0x0000000000C90000-0x0000000000C95000-memory.dmp

Filesize
20KB

Download
memory/4804-133-0x0000000001490000-0x00000000014A7000-memory.dmp

Filesize
92KB

Download
memory/4804-137-0x0000000001510000-0x0000000001511000-memory.dmp

Filesize
4KB

Download
memory/4804-141-0x0000000003F60000-0x0000000003F61000-memory.dmp

Filesize
4KB

Download