strela | hxxps://getintopc[.]com/softwares/audio-processing/dada-life-endless-smile-sausage-fattener-vst-download/

Analysis

max time kernel
300s
max time network
299s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
17-07-2024 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getintopc.com/softwares/audio-processing/dada-life-endless-smile-sausage-fattener-vst-download/

Score

10^/10

strela discovery persistence privilege_escalation stealer

Malware Config

Signatures

Detects Strela Stealer payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000200000002ad88-2381.dat	family_strela
behavioral1/memory/1788-2379-0x0000000004820000-0x0000000004DED000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 10 IoCs

pid	Process
2616	7z2407-x64.exe
5772	7z.exe
4780	7z.exe
4512	7zFM.exe
2984	Dada_Life_NO_INSTALL.exe
2808	Dada_Life_NO_INSTALL.exe
4944	Dada_Life_NO_INSTALL.exe
2820	7z.exe
5248	7zFM.exe
1788	setup.exe

Loads dropped DLL 17 IoCs

pid	Process
3288	Process not Found
4512	7zFM.exe
5248	7zFM.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe
1788	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msvcr71.dll	setup.exe
File created	C:\Windows\SysWOW64\mfc71.dll	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2407-x64.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\8.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\GreenLight.bmp	setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2407-x64.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\11.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\2.bmp	setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2407-x64.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\15.bmp	setup.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2407-x64.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Sausage Fattener 64.dat	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SmallKnob.bmp	setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2407-x64.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SausageBottom.bmp	setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2407-x64.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\BigKnob.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\12.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\RedLight.bmp	setup.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2407-x64.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\10.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\14.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\16.bmp	setup.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2407-x64.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\OverlayKnob.bmp	setup.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2407-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7zFM.exe\shell\open\command	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 = 5000310000000000e95812891000372d5a6970003c0009000400efbee9581289f15869562e000000059d02000000050000000000000000000000000000001c03000137002d005a0069007000000014000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7zFM.exe	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7zFM.exe\shell\open	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "2"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell\open\command	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\""	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe:Zone.Identifier	7zFM.exe
File opened for modification	C:\Users\Admin\Downloads\_Getintopc.com_Sausage.Fattener.VST.v1.0.x86.x64.rar:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 125429.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1776	msedge.exe
1776	msedge.exe
2404	msedge.exe
2404	msedge.exe
4540	identity_helper.exe
4540	identity_helper.exe
2484	msedge.exe
2484	msedge.exe
3720	msedge.exe
3720	msedge.exe
536	msedge.exe
536	msedge.exe
5720	msedge.exe
5720	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
4512	7zFM.exe
4512	7zFM.exe
2860	msedge.exe
2860	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 7 IoCs

pid	Process
5864	OpenWith.exe
5404	OpenWith.exe
5532	OpenWith.exe
5036	OpenWith.exe
4696	OpenWith.exe
4512	7zFM.exe
5248	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeRestorePrivilege	5772	7z.exe
Token: 35	5772	7z.exe
Token: SeRestorePrivilege	4780	7z.exe
Token: 35	4780	7z.exe
Token: SeRestorePrivilege	4512	7zFM.exe
Token: 35	4512	7zFM.exe
Token: SeSecurityPrivilege	4512	7zFM.exe
Token: SeSecurityPrivilege	4512	7zFM.exe
Token: SeSecurityPrivilege	4512	7zFM.exe
Token: SeRestorePrivilege	2820	7z.exe
Token: 35	2820	7z.exe
Token: SeRestorePrivilege	5248	7zFM.exe
Token: 35	5248	7zFM.exe
Token: SeSecurityPrivilege	5248	7zFM.exe
Token: 33	1320	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1320	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
4512	7zFM.exe
4512	7zFM.exe
2984	Dada_Life_NO_INSTALL.exe
4512	7zFM.exe
4512	7zFM.exe
2808	Dada_Life_NO_INSTALL.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2616	7z2407-x64.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5404	OpenWith.exe
5532	OpenWith.exe
5532	OpenWith.exe
5532	OpenWith.exe
5532	OpenWith.exe
5532	OpenWith.exe
5532	OpenWith.exe
5532	OpenWith.exe
5532	OpenWith.exe
5532	OpenWith.exe
5532	OpenWith.exe
5532	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 1580	2404	msedge.exe	82
PID 2404 wrote to memory of 1580	2404	msedge.exe	82
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 32	2404	msedge.exe	83
PID 2404 wrote to memory of 1776	2404	msedge.exe	84
PID 2404 wrote to memory of 1776	2404	msedge.exe	84
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85
PID 2404 wrote to memory of 332	2404	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getintopc.com/softwares/audio-processing/dada-life-endless-smile-sausage-fattener-vst-download/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff962643cb8,0x7ff962643cc8,0x7ff962643cd8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:536
- C:\Users\Admin\Downloads\7z2407-x64.exe
  "C:\Users\Admin\Downloads\7z2407-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6568 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Program Files\7-Zip\7z.exe
  "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Sausage.Fattener.VST.v1.0.x86.x64.rar"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5864

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5404

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5532
- C:\Program Files\7-Zip\7z.exe
  "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5772

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4780

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:4696
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4512
- - C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    PID:2984

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:5952

C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe
"C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:2808

C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe
"C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe"
1⤵
- Executes dropped EXE
PID:4944

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Sausage.Fattener.VST.v1.0.x86.x64.rar"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:5248

C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe
"C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1788

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x000000000000047C
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
8af282b10fd825dc83d827c1d8d23b53

SHA1
17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355

SHA256
1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca

SHA512
cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
0009bd5e13766d11a23289734b383cbe

SHA1
913784502be52ce33078d75b97a1c1396414cf44

SHA256
3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129

SHA512
d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
548KB

MD5
1d1b0349f970c8de7fae7a94520e21f7

SHA1
8787ce498c9f1628665dd17004676a9cc5e8f99a

SHA256
f63a2d492d7a20e7ae6ace725da0320b05a6250794c9b449e1bc48d3f63cef56

SHA512
2ff084ca8b7bd05e156fcce6faaffd861ee09e09821e8f3325093a0aec46d54481d18d61d84b35fc2c760d93aeda70648201c740fb429f6f75dbd6708774f0f2

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
960KB

MD5
79e8ca28aef2f3b1f1484430702b24e1

SHA1
76087153a547ce3f03f5b9de217c9b4b11d12f22

SHA256
5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7

SHA512
b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
691KB

MD5
ef0279a7884b9dd13a8a2b6e6f105419

SHA1
755af3328261b37426bc495c6c64bba0c18870b2

SHA256
0cee5cb3da5dc517d2283d0d5dae69e9be68f1d8d64eca65c81daef9b0b8c69b

SHA512
9376a91b8fb3f03d5a777461b1644049eccac4d77b44334d3fe292debed16b4d40601ebe9accb29b386f37eb3ccc2415b92e5cc1735bcce600618734112d6d0e

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
14KB

MD5
1ae18a5934322b0b23da7c5678e2dbec

SHA1
a1ae84c861f338e8f8c2a7c0102d8b0ef9aa6da1

SHA256
e5db8a72bd2901a877c67b3acba60f386b9d6e8d3e485372f7180fb76652b93a

SHA512
01e660e2dc2ec9d4d64c4f981804f252f77bee400eb21a43077681a2fc51bc564fd5749ea8f25a4b3da0500bbf33dd3cd27ebbe3cab96e333dbd6b57966fc151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaeb604a99d78c4a41140a3082ca660

SHA1
6d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97

SHA256
75e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6

SHA512
1091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fe10b6cb6b345a095320391bda78b22

SHA1
46c36ab1994b86094f34a0fbae3a3921d6690862

SHA256
85a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239

SHA512
9f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
78KB

MD5
fe51ab178d3987f7ad219f0e83e87cc2

SHA1
4b24ff49fe603b5ec0251b935d2d52ebd7a15a49

SHA256
bf61b9845ca19fbd225f8dd2eb0381f7bab7f6dd8301dd9ec095b0ca07f98f0b

SHA512
26e247737998cb35c6e8a0a49f5ea468abfc22dcd239cc7855f29db65617853da4a48633f5ec392e1bc6dcb9f5988161f9c427ebb422303a224551672f78d074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
20KB

MD5
7f8965bc4a6541189bb000b832b3ba4b

SHA1
2cfc6a12844c3ec89d571ec5d87cdd5a0cdc26ad

SHA256
57e9504e17918efff5f382ae00f64cf1203fbc3190adc3774f43f49a883a16da

SHA512
7763d57e238ff0cf43550cada4c6d941a673e0e9ce8020e0b6b1a99af54217c7180c2354edf9138cd50461c07de5e0ad09527e3fc7ef87a73003ac3847dbf306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
19KB

MD5
679031f413c733231df260741497c811

SHA1
025a9d4ca574d19b9734ff440d8f5544c5eac885

SHA256
8c84007cef1821e55cc3bbc4e587a7e83eb93c3e0075cb83731907134df594b5

SHA512
f86a68dbc06ae9ee7150c004b3c5b2ab6d8bab5c53c5babbacd999ee3859d8270dc30fc60c8b1e63cebfb2692c6b775a3f03bcd7e4e9651006617ffaaeb75b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
3.9MB

MD5
4771f106da69f112d442612071f2fabe

SHA1
57dda5e76feb0eaf037abf089b03861449fd554d

SHA256
3cb27dfceb8b48a75b7cba0886ab9d7696057dd1186298114d7f5af9b497a0b5

SHA512
1793cd944ede4a74787f1b59173dbf46bdbf2ccac22feee6b7a18f3e6b2de26c47ad599c0896960d960e4d264c62ffa840ebbffd93c095dcfe5333b930b71c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
61fce4cc4c6eb6dda7950c7d7f3421c9

SHA1
5e07eb8fe9618fe0ed8eae2dd1a6203755fd328a

SHA256
2b0d933d4b2cc8d0d0ec3390beae79d34231fe4c04f74d09bd9bb645fafadc58

SHA512
92592a12a986c516d74b70495722fbfd3cf3aadb503bf3b06c9f68263546e0687f7229d4838d0b1bad133d2baa0d9c40a3a5b27dad9fc6cb9959ce1f6481ccd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4f62fed1920369b9c3d5b1f233abfc30

SHA1
cd34c377693f6a3d3d9b18e920c40c405efca9ee

SHA256
7a162411cc07e339efd95fbb1d37bd56a339c848f331ad72e44c2e5294059419

SHA512
ee15d6bf4f51f9c2c86f5fde4585a16b72fde3e7142c5cb3f9f33892c83e47147b7d8004ff4b3bcb1751c95336f11d3950ce236dfda34528d01331ebcd7787d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2f5f9a4741e697bd95d0cd464ea49c92

SHA1
0ebf6bbbc53512aadff7076120cbdc83a1fd91fd

SHA256
973e74b5bfc9bb33a38c6e6491fd1c06257e0aebcb2d97472120ec061fced50d

SHA512
36fb719682c4fb4acbcfa7164668547d70ce5b83441445d73cfa12433386aa6c0709445698e9635c293fcbd0018bee9e7653848ab9bb711be8a153e610601320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8dbaffdba6b41be78c2cc491e153d5a7

SHA1
bbe2d5333aa10410c336e1e5f6209747b01171ca

SHA256
e5694db16d7d9c0e8d3e95d4b61a0b580d3ee0e937b54f29fdb4bf0f2e88c1e8

SHA512
1e7c15e9d44d029e5529952981c52d67c19d37f297d0d2605266b3f21a44d73cf69119b3698790dc49afd79e9d3de7cd26e0aa5183c06bb185f33ae9f233aba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fd42b1548cd42fe62e16f886635fac45

SHA1
29286d6e2ccc871589de3f657212ab123c26f18e

SHA256
ad8df2f72ff6fc7be3a16f64cb20e8fbfe178cfb1d94c7d1ea93f8cd2acad558

SHA512
3d68c010f658623af565a029cb1f164f32cf0247ab881ce72d396876ab5d83ee0318fcffc74b09f03205d74ad4c298264a9cb4d80e3e552b8978556740123bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d474a2c0a1d4ebfc50ec33add4883e1

SHA1
448123522938f8cb9210627f052d5d7f6a0a08fe

SHA256
c79e3f2f71022378b0ce4253e07e41ae1f7f49b3f400d7d363aa432aae1cf009

SHA512
4a3df528142c77c509fb96dacb58f06f3897ec9bc12b59176e6264c6f92d5393bd86dbe43a9eeeedca07f757e8a517ccded9360e46ba4a71e91d1abe61ce9e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49bb32ab3ceff7123c587671555aadbf

SHA1
98dba09cb33cea47b0cbfcce17a9f7aaa479c370

SHA256
c4e7651e2e53e6b4864fb53ce91f0cd602f080b5895a27f0355514079ec11221

SHA512
c5070e2bbc5f284bb02764f6f2f7a5017f5dfa87e5f0e90036555ebe900b6eba502c25d4631d81ef5df6c711f05cc1ba4ea75dec73af1c2214c0eff699700bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
93aef3bfdcbb997c5bcc882de44b1ae7

SHA1
e2f55fdefcf00d5a87cb6e954e66935ce7035eb2

SHA256
b6c40831d0e006d815af63996f25ed78b20f309e7a4e4d8fcc4a9dadb810e973

SHA512
5efe92904192dccef35d5cff182ede0935f72bc8ac12e7653dddbe4e075284fd38482e40f39e93a2c8bfbdde0f8c582bc8032f75ce358452776b1bc778db750d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
98d6c2b4bc0bc3363e094c12b09b3e90

SHA1
0d3b274acc4788e6c624d8b12f4fc8b0fc1fa4f4

SHA256
9df0030ff08e7e7e0852acf5d4f95f29de34bcf120d340f26451ac4d246feb49

SHA512
34903e0a2e878b848ac4a0f831964e54a266413f757f1f7bc74c069e37e4a75ce59b4655920bc9a50126007f2eb4f8caa5609a1a5ac17d90f08dfe636ab46dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
474f6adf28f976e85a25ea18e5fad5e6

SHA1
e2e6c74ce23930ba60f3e51741f65f689d8da902

SHA256
c5346787ad289e0c36bf08cae74eea0c297a5d91327ad37c8b1ffacb3cfae2a4

SHA512
9151d269b5ce12e22751bfaf01d712babd9b77ef3664bbd39a82ff10d0ab05e79e01a5c8990e265faf5f1880c5bed51dbcf416a4699807203224ecedfa9071bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b6116dcf0da6aa663d2f1d4a6ad968e6

SHA1
e7dd8a9884acae8d574c19fe99ffef369e2618d0

SHA256
914e172d4f6cf9d74e0e1cbb06a646daa90827af44e56a6aafadab5a64833c4f

SHA512
c385f8b91f01c4c33857494c85430a7d1ce67ab08db84e236499f3cbbc0232b6b5568bfd9f840347eeb7d66de6476a51e9e1c4ecc45d956795e166a5f3e86645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c4bd0a0cd8b7d423c60ca730f66d8e3

SHA1
353ee1042e8ee0742315a7d96d990b7785db437e

SHA256
bff5f4ad0813b476e65db6678dbf5008e1b383c58619e852983947839e9dc1a9

SHA512
ea0756e78da8a85fe276959afe277e016595d9cbeed8152cedf096405e974d84381be73ce9ecf2f1761f5f3dd5c572b60fbdf68d0a2f02813426261275d33d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
03e34024a397faaceee5b2fdbcd0d68b

SHA1
91bee1c5001d5b5a84069b7e98d03fee4d9f195c

SHA256
1b5461aff87f416b8dec026f7adc378048016d75260b8516bca70803406f5f6d

SHA512
c996f09f983fff864d2ed67e4945a7476f92d91cb5fd44e7796b94d1fe9cb086ed256ebe648160c4f469e256799ab370032adeba9954ad2d59d4f19491b54423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
034facf6a99a1ab07ba4fb5de19203e4

SHA1
4fecadd0c97297b00c3baa6586621b505067e97e

SHA256
2b570d86b1e7c66bbd349a4180c298a82f56bdcb78513cefaebe1e1565b5b346

SHA512
2e2d3900e090eb5fd735d9fcc8a9c1a36c120659ae5ba51c5f2c519c7542268d468a0bf2fdebd0711071ec26b8f55209a952070bf8a08673047b255413680781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d651b53e1cc398e97f52f39d6b4ae5e

SHA1
4689e15da1674794cb64ccdc31833a8d4140eaf6

SHA256
120a83b4fa07e44da0524988a96637274fd92ab1fc6fb982e45756889b970c23

SHA512
2f77e118c2bb733cf43d3f23cf5723b5e5981d90d5f1d4f586db8379ee193e320d79a07e476732c8e4d7c581257033a7fd9002f7168ae820d54f6758b1e0fb0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583c0a.TMP

Filesize
1KB

MD5
eb5a52aafb634f4681e78e36673c0b16

SHA1
eec0f670674f627e807b1705b076b867c2d3e693

SHA256
f5d6260c06aafd52b2d64d175ee35b47c850dbaa849b5339b6a3866cb57edb41

SHA512
259c57b576bc9324e4392803d654412557d089c2a2f32390ff7416c80653a36589f7556154239cc8c76f30194afeae1efaa9e66258f5679266cedb0bbda7492a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6d7a0fa7d54c87bc042098b77360271f

SHA1
f4c5cf8cba3525d46634ed406f7cb3fe09cc6ad1

SHA256
785ac1cf1d23c639a4e00d4376eb25d0ca03308226f15c50643619e16f6e80c6

SHA512
13b5dcd3a91f7ed58097c0818a80732a2673511fe980588a88a18724d9dfab677cd279542d5ca3167d260c03167dadfd39966b850b31b60f341c497a44d350e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4c389b6605b9df2f0ade131348c080df

SHA1
ff7c3382a46a1a64729227195b2b965c905f0bb9

SHA256
24c817a1d9eac6f181401d9ba5d065f4c9001eed5d410ea27d797c57bd0e76c6

SHA512
ad33044fb044357edc29324e5f945fa154d0a2d8d9ac34315e669dad0bd74e43e3cb3062834a5b3774c6bafba36d91fa956043047dd490e0f3d1dd970a41d1dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
39e12d108c74333a25b8699a7c57ebdd

SHA1
88ac6ddc224fd4d304c8178365a2ecaa9dd12620

SHA256
bd174c8ac2b759f12c1b26f4c0059b81b63dd6a71f8d4cd3386b40c2684893de

SHA512
11c2ded9077d653699efd45af5f58b29644b62595352f2f00e1e911ed4c8fca791e9b498c52deec4fe9f5c9ba788f324be802f963a60f0ff7afea7906dc14b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
261e24636a890517180d1053e23d4806

SHA1
d04eac1510e2786adcff2633bfb1785dd68978cb

SHA256
7115ee094269ad3d944c2858f23bbcdd27e635d70191adb034d4b77ab4f8693a

SHA512
631223ef27f950b6e4c56ae2cc009749f5cbdf41a10d6dcda54cc2a757ba237410fb7d03db9ba01ece5f588bc026969e00311eb97ee83a6d6421e16a0817ce79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
a0506c16fedbd8b4b92ed4c6cba66a48

SHA1
655362b156973667afcda2b8b2b6862abe4b7c8d

SHA256
7e30fa88e2f62d94bc3ee5504a500b0030ab5f52eac0756f2a13aafb3a5fc8cc

SHA512
659cb222e1d498d67853a2ea3aaab740894fef034005f42c4a02f586f96014d106289b646e2b6b95644d76a23dbf7850d1e46ba83ef3ba86e77390a79ecb1ac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\10.bmp

Filesize
132KB

MD5
315fbe95e7b2a86b874b197fbdf15849

SHA1
1cfb80ce65a3ec7797a236bd21c5de45ff49ffaf

SHA256
ffa4a594d09f8faad81a30ba0999692530b1c248939328c57781ccae55129536

SHA512
d0ed7b6cac55509e08dcfb6ce4bfef8da2945cab9372e0e044297fd21f8d9a74fcb601bf8faf2e97d1350bbf9363d3d25421da34747a7a2dc7660c8b3be253b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\11.bmp

Filesize
132KB

MD5
8379b1c3d19f3648f9236187e16149e9

SHA1
d1d4ef0d7071ac00c8d3abae6b79d8ebf2798452

SHA256
fd3a02f023176a6ae82935f00f72fa13d42be28d58eec0422b9783184ea852f3

SHA512
1822e9eb3c1943d0a6e78a78d6920db26f92257a5a368e5524162c65c08eada27a4d7fdc1714279910665189398ebe510e1e4d982bedb4915d75ce9f825b215b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\14.bmp

Filesize
132KB

MD5
22fcb3ea5ee2414880ef094b6b965c94

SHA1
dbfb1cbb08981fdd3878faf4179f5fddf67a4a9d

SHA256
9058e0d9ea998c21309757586d30b0e5378c0c1904ebc2d95bf01223ddba269c

SHA512
f104e05e5fff7ea1b5e7e983ed8185ee5fcb3d5affe07f9d60663b61027c4de76743b4b67d21578de7f35eca75d953a8182c7d3330c2ec65966cca6a4363c294

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\2.bmp

Filesize
132KB

MD5
b983fb2e8d67378f2eead3af35a41276

SHA1
001d4dcdd316b285845f82743bc9353040365221

SHA256
5de6fac064d9897c7865b71528b0f4ee4375a9a1f94cfdd8ab355c17099ed75a

SHA512
c71980ee0466bf58518d914ac667516f484e991fcd03751536225ea76707e732f939e55c49137431f1d72417827339af6817ae2ef32098fe9af354c2619ecc3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\5.bmp

Filesize
132KB

MD5
d659f87c193a47bdc497410bed0e443e

SHA1
12629ad7b5dfb0cf9134d7ba83f8693c897a2c58

SHA256
94f649cbb0e250d378b1f432b04faca475965e7de8a02535fc2a1f56890660fc

SHA512
0bfba7ee57c0df82b52501750a7f79af77fb7dc231621452c838456bfb43f183806b52098122780f3f94c715e65fa9e08f59836895714b5b0395bd1633b2010a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\7.bmp

Filesize
132KB

MD5
39799c0964d71e02398c91c45a46f45c

SHA1
cecbae88c112059bb6503cfb0081f4e680798be3

SHA256
e2b22df0d33ba6fb7b3a3e766560c074b15a0357714430586034f3f26ff5deb4

SHA512
cdaa3bc6def877991b0c42466b8e0ae9674ac18c742610f0b4775e92fc2f5a142579f6e3c28acc04793981606d6f22a6bf57c720a575ee6e9be593f3a4c9113f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\SausageBottom.bmp

Filesize
86KB

MD5
34af6f4249eabf73d03f18404d4e279e

SHA1
e60617c8e9cbad6773d29e45b9dd361f1646a3d8

SHA256
223283d885aa71d8e1ff73f02c4df8d6d40c6b2c9b371c984a5ffedfc9244ced

SHA512
cdb44bf28b005c5b8220ab5bcedc8bc49b6962e96840048b700073eafba8faf0b9b637ce9bd8d3018ef01a053a696a43ba63dd616c554579348519da29ac061a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\1.bmp

Filesize
132KB

MD5
cd5ff562751a97fe101a67e771ba502d

SHA1
40ab4ef194902fed97926363fe6f82f3ddb905c0

SHA256
acbb674a36c859af77de0aa1d3d95c1cedf000e54febb31020e6f938194ffc6b

SHA512
4d8d1bce35189b6b20e478330e9d94c5b4863446366da8bfebd5e29303ea2560c1749c00ea181716ef9b873d19f7bb0b0b67217bf33fbcf14ef06034eb93da2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\13.bmp

Filesize
132KB

MD5
a0e8b1c81ddc511fcb5310c5deee8e9b

SHA1
88f9b448d7f5ca3a00b36b06e25fbbe94ca0a451

SHA256
f329a87886a84e7d36a03ab620221ce2e5909bf595210a0a70e62065b68bd458

SHA512
3e7b08f44e8534b2208c37e8f78fc91831ef7a7f9e634577b40be3ba970141437565182e2fb5f659fceedadbadf1bb562db351a95c4ce531913a72ea35cef272

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\16.bmp

Filesize
132KB

MD5
74963a0e21b0a442f0e327a9e83fcf02

SHA1
4aeba2036721e7d73a346c295eb436067c8d3976

SHA256
d2bf6a0edd77365e2593a2fa154a9a7e1c609111316e17538706d7d453cd5b43

SHA512
b5c0eadd8cebcfefa98b6080a51f1801233dd4f2e72b9df028fbcd571d046466ca9b7cf36172a524ff7c60820d40475a8e190d5bada901d3fd485e17c41daaea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\4.bmp

Filesize
132KB

MD5
9ad72b8e9d020a07af384e0852b0ecd9

SHA1
8db3484a1d695a913b45e9970eaf9c945b8bf028

SHA256
3ffb2919fe2597e3ddc3e39922e44fb1a904af0dd715f30bea1de84136fdd4c6

SHA512
a08420200e5ebffe4f00868b8abc6172f17686719cb581afb12af6ce901cb074c1823f960bac66d50e2fa99fd228270774b5a41e1cbb14ce5fa63d996cfa37b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\AboutBox.bmp

Filesize
261KB

MD5
8d54f93d237afeac0f9a1f38419ec778

SHA1
d46781264b4d056fa2180ac4c8e514c192e6f813

SHA256
9f41ccadf3e51aeacb40aca9bf0a37a8f81cb5240e5d9d35bbfd85857125f0af

SHA512
a8c5fa1686bc508a417fda165c7dde3c09a9b1e12256be2b29d86f90373ac6221c3b05244687de0b6795555f508061db38f1bcfe7d96fca8b7c3dfd579b92f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Fonts.dat

Filesize
417KB

MD5
9214d2202b9f4d8374668200f6be09e4

SHA1
049c8125e7e89385d79e14e6ddb48d297f1ccefe

SHA256
2e07347d0d6ca356a51fdaab611673c3748aabc73599edafc255af33a6d95664

SHA512
b0de7e0b7e52ed9aa546de79066b314b00fed40bed911afbdf9f75a4df75fe3611285ba9f51219b7ad5469f71f4a09a87949da2b6281a439e36f9f6a0570c229

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\OverlayKnob.bmp

Filesize
100KB

MD5
abff5a6d250d20116dd3539922ad60c0

SHA1
7a9216973e5b7a8003ef4df16e7cf0e43f638a70

SHA256
6418a8be1d341df869be125fee4a4530dd8b2fed02133c318525ae903d231c75

SHA512
e53e3b1fabc1d2519780a3c4c089e8622853325785d7cb77fac4fef480abcef89870c757cccd50ce9089544f76d77888955dd0e507bf5bff948d3d239780a494

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Sausage Fattener 32.dat

Filesize
845KB

MD5
69d6f94235a27ef0e06544e9ce0d632e

SHA1
ea92ea58a7db386092a868eea87949fc5d8fa626

SHA256
662c308546fc42506073e1f12d38252f7cdaad888e13ee4cf109d062ac609955

SHA512
39432cea09d8a9921176f14aaae140ce6638c8321f5fe3808616152dc84473bcbfd0215150632d6cfc32f78c7419576a20d5e00f19507018f7de88761e577ea3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Sausage Fattener 64.dat

Filesize
745KB

MD5
54796ccdb2d6031b2e0d1259e534caac

SHA1
5c46b4ee988900a2da2a0a60314ac45ac265c9ef

SHA256
59b707eefe8286a9468d8ddb4cab4fc5ad4090ef21d68f4c57a3da2c9a5df58d

SHA512
d3fc2c18f431bb7a7aa08ebc70026409363700bc509c22e53d12e14e480fb9096cb0e583cead0e882ebeb21c1b29e7655d86bad65a041b27c377404fe41c186a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Wheel2.bmp

Filesize
53KB

MD5
53ce88ab4c2136c751b33526ed11e617

SHA1
aa101ca595414bd291ea1a4da2d295d654cc6445

SHA256
d14b8d4dae6875bfc11d2501c9bb972770d91164f7cf503b4477fa275b3d91b5

SHA512
a593b9df9e49de8bae1e2cef19ba7dd9ae75b56b818a1346557e5f82b85e09b913381be20fc94c2a6629222228bcad14072ea07325dee3ac260cd2af08cdfb64

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\GreenLight.bmp

Filesize
7KB

MD5
7cda43ea5240ce9f5d9cfe6ff0686cfc

SHA1
27557f50f8735529ceaae0e8593ff8d8044fec47

SHA256
915314cadd631ce017d74b3adb303c13ea1737e8f4c29b46c17a182c07b0f649

SHA512
55b4be9b37115421c44ca0f487a317fe768abe15c2b23f83ffd721ce4d16dc9faefe48c69b931beee7832ac7f748916bb754e92273b0519e2a31cbdadb9b5766

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\OrangeLight.bmp

Filesize
7KB

MD5
3a1ac28b7e94224210e5baef9e38f4b7

SHA1
3e95175636cd6e7a0ffbbf2e7f498060a1afc4b4

SHA256
4d753f887657fc23b3d8de7d8b6697e24411a3862a6679a1ab99d3a682617cf6

SHA512
0c36c7c74a7e7da08ad755d990d9da41eb0d365caa914a6d27812d1e666b1a0fbab26250e30fdfc2c4dd2b9fae2590a4df1580d8f7de639e11c00c62b36e0101

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\RedLight.bmp

Filesize
7KB

MD5
548c71ea92f3f6cee75b8842d2b0212d

SHA1
6a846cb34de06b5c061959cde194c6608a5ab3c4

SHA256
812f8b2158d578426794eab877eff5ec567fd2fb9ee9d4bfe9b2087e685dc5e4

SHA512
500dcf84e074a9685f8e78bb006e3fc2ec07cc219712bb6de9931863ac0baaa62b52d632922b9e6de7b483636f3dd97ed772377d663dc84b5b866206419cb5d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\SmallKnob.bmp

Filesize
2KB

MD5
62b24e641af1cebc13961addae46faf0

SHA1
a34293f03989f08cc3060baa59085299e5464c4c

SHA256
017fc7f898e5ce20e43f3bd08d0bd477a0833b71b7e37834abc0bdf230dbd793

SHA512
bed68a483c1be28b215e68e38361a830b7e84d51e1be9a36cef4d0a48a45e0e49f304e8014dbc81728edaf1106fa0b516d4c7ef834f863c6b982d8dcf72093c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe

Filesize
7.1MB

MD5
a5995b590f964714ef97074709162d8f

SHA1
c44e5b0d7a54ec2af1fd11db1a8ee1b7d0ae3a1a

SHA256
dcf85ee07299cad5e5a6d91d0eeb34b77d4025bf8cb9949dcfe9b5d4ea8c0d60

SHA512
445a18450a9e304f020c11c7e729003ad3804fee8ea241675d0c691a7caf0cbfc515c36126c59b8dcfadbf47e1c1f65cc610813b24c837790768f5c0d8802603

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe:Zone.Identifier

Filesize
191B

MD5
234af700a238e3426b5194149f670ce2

SHA1
7cbde025a4b284ca06e8e1b9de1bcad66bd3be81

SHA256
19cc36b2f36cdc3230c558189302b7b33213012aa4a5fcadc1842524475f28c4

SHA512
adf60b64b96746ed23f92c4e5cb57de069bc11ad9365b146f75cb6ade69b09b2975ff1e0b06d28108a43b0eb50639469f8a8ef89266c4840a35f083d468db53d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\AdvSplash.dll

Filesize
6KB

MD5
13cc92f90a299f5b2b2f795d0d2e47dc

SHA1
aa69ead8520876d232c6ed96021a4825e79f542f

SHA256
eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

SHA512
ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\Bass.dll

Filesize
101KB

MD5
a8af308ff01b4477657955fbf0cc8408

SHA1
0794c059f0326e4a71be8a3ee4ac17a657d90d88

SHA256
14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594

SHA512
9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\GetVersion.dll

Filesize
8KB

MD5
e013b625f5ae1e2f0b442cf39c0069df

SHA1
9ec785b63279144c091366badda65278c4cdee20

SHA256
16dd6da98b7e53d374830cd4c644c01b112955f8487a285f34dc0353e9cfac15

SHA512
306f7e674d119d129db48012c43f825bffabd078fac8518aea9d514b0787752a2e876bda2ad15df7332bfc8cfba38a0d1be17ee7c58a27e09678fce9aec58418

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\NSIS_SkinCrafter_Plugin.dll

Filesize
5.8MB

MD5
028251654a4d65509aa8ccb5f2ee284a

SHA1
4a4ad468a86df6b903002be4f8919017fea0c152

SHA256
8b25cf3f7aa82fadccb2ce615ce0e40c5a8a3ea7bc51180a92173ee113a0ccfe

SHA512
f252670bca0da9e8e2c519a6ef4ad6dd0c4e548aeb7566693a7d203e73e63345fc58683072020ef771d836429bed1d7b4fdf105aa3e62a969e9c8d39556e1d2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\SkinCrafter.dll

Filesize
792KB

MD5
8fea8fd177034b52e6a5886fb5e780bd

SHA1
99f511388a2420d53b8406baed48ba550842eaad

SHA256
546dddc7a31609b5bc3dc8ecef6f6782b77613853c54171fc32314c08a69e8de

SHA512
5d82a3b9cf9d69049e6278a6d835b8a9a386c97ae9a69cf658675b0a8751a344d0da1ee704e9bb9023dab7cd77fdca684bdc90837960b583eef0bb4324498696

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\ioSpecial.ini

Filesize
746B

MD5
6c9e444a885968858f9cbdc817e6169d

SHA1
477b877ffb0a4a5837fe1f18987badc5999cc3fa

SHA256
c550e797f63a5be1aaeadb28df33aaed5b92326137f44aaa0cecff5e2791e5f8

SHA512
ace42d06143c812d96bd779bd99a48d5bbba31680c8c4db8c222e1b04fd1ddefd72a525841e8d515f8fee7526d1957325bee37a8c349d1c5d5c11f449f4be074

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\ioSpecial.ini

Filesize
572B

MD5
02543c76f96dc8d026525eef158bacf6

SHA1
2bc8a88369dcd70cfab075acfbe1b9ed2394c67e

SHA256
ec76c57dfad3375aa7c6439e4f62201df5504e8612d15398ab63fca58b48d46c

SHA512
06654ec05c9cfa3e62ab1ffa637d1fb64a6436bb6e2f56330140352e35c5cbec7eb4f6a7388ad2ddbb37ad18b5f5e69bf8ee7bff03f25ba1ca2fb988a1c10a62

Download Submit
C:\Users\Admin\Desktop\C\Program Files (x86)\VstPlugins\Dada Life\Dada Life Endless Smile.dll

Filesize
6.5MB

MD5
641a4d4185964b2a57aa9afd87ed009c

SHA1
d0e35144dc5f2de19c2f8b9c4140eed0b5e62564

SHA256
0fdba981c3a0a5b2f7cb30ec85666fee0c1be764e904e995958021f518dcd395

SHA512
4689e21a7bf8f22f533c65e81e0c4b2904cc01285b5303938cc71325f564d81b9422825703a82d56bce26a5d36f1f41171ec89d6dd5048d0114a366717956cbf

Download Submit
C:\Users\Admin\Desktop\C\Program Files (x86)\VstPlugins\Dada Life\Dada Life Sausage Fattener.dll

Filesize
95KB

MD5
52e95d9e2e0cfc550ce4e40f1d686480

SHA1
59984bb6becc0f6084851b623f0f2c4bbc901fe1

SHA256
42349ce1da21c41e2f72641a76d64fca1a7c7f6c405a50d331c581d2fbf10f76

SHA512
95b59db3be017ba7486dc774d80af1bc55e50dfcb86b918f266d4db77fc88061b84ba77fd1682a2af81e49608b23ffa4153763a264c85078b32d399b6ebffd03

Download Submit
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\12.bmp

Filesize
132KB

MD5
ba19c720c62fb04a6d0687763eb3f0f9

SHA1
80ca6d7bda2b287c87d36ad2535bf9ffb5bf00c2

SHA256
67c1e8f97cb11fe2d5d658e994682dcb9b81ec73ee221e2d704bff5da8f7a360

SHA512
298128377ca05e88fd5000725e4871ffb81f0b49de805552c7fc205b48a1739a64cfe246f360186259322ed162fb31320fe4f7f511b0f106677e0eb8c7ed84ce

Download Submit
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\15.bmp

Filesize
132KB

MD5
db6d2dbb0a0f2836f725f942453b29ec

SHA1
83448f73bb9104178ab354128e47a239b1abdeba

SHA256
46ed9e0e6d46d8840fc3771c5b8b5a9457d91e0a994e72a8289481dcf4a83c32

SHA512
5542a2a8dcaf436d2610cf685a2760bcc93d077086658cffe2361f3da0fae5f5f76a1761034cea5f8e9ac1151944bafa726761213acccf012bd01ba38f4d5ed4

Download Submit
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\Background.bmp

Filesize
1.1MB

MD5
b0df33ef469eb32ac0361082ca79e24b

SHA1
48ba103f7396206de392311d3bd85890eef6ca1e

SHA256
cbc2262ac4da76d3eedec54f95f18b0bc6f8e070b673f7e1e1d38f0c4e0e1c2a

SHA512
3c8652c20327c5d73cd85e52c5773bcdb301dfaf03729db18790569a69245fb455641c52c454a2b696e40aeaff9a3f4ecdd6a4fb7626a8ee354a7d94c0df8035

Download Submit
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\BigKnob.bmp

Filesize
100KB

MD5
038308b664c7c730f28f6db0a9f4e5f1

SHA1
9535db7fa280882e827c2edd0c557547921b3ab9

SHA256
d0b440b71f97e14f9cdaa534daa3b6695c4639730be01fbb7d8643c4fe5c3d52

SHA512
6a13bf662b3fe4e138da744644547e3c7184502d3b7b0c68aafef40673748252f4d371c207d6c9a752eda719abd9dd76b440806cdeff3a746cbb1c6c76ed7777

Download Submit
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\GreenLight.bmp

Filesize
6KB

MD5
ac16658dc8cd56e5fcc586bc5ea00a50

SHA1
08a6fa7376251cd6a4f0989090fa6d7c5e4f314d

SHA256
dae8344797318866589485444c0fdc69bd708c69b975c82ce0ce949a8cbf221d

SHA512
ee15b3f29a916d54d58caef920fdf5a70d029c9e578ea71e8850c2962e0c41049c492a9e7870e3a6c17b5757d9a1851b5d6ebd4c772bce2d70739614c8ec90bb

Download Submit
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\OrangeLight.bmp

Filesize
6KB

MD5
c599581a4a128aefe283fc78f0164fe9

SHA1
1dd263fcfad1d5b2054e9c670925ba88677a0822

SHA256
f961fce5458d40d996876c7c0802e0555f621d6a901cc1fb1560cf1ca362ad8e

SHA512
ddb5725bc3bfa52fe5c57525a949f8ef63b9fc437859e26b36a95b98b7e9ec61a05ddc8942b6a80052e33af42e19a71685a3e0da243b136d8bc5bbfde19ee3df

Download Submit
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\RedLight.bmp

Filesize
6KB

MD5
674ab57e3f97ca76ac9d3face6689e41

SHA1
350ebd0d9d23ac753198d833a24953c106d0c556

SHA256
8663024c93b4d2379401bb178db9be8c9beb427d3c231ac6876cd70731d0f45f

SHA512
bd466b46a5839c7957eba5d717163f20cb9f8ccd1a9f201b1c334a4df88cc00b0418de6168f31366655a1b2798cfd03435dae8a1d696852db336f9aea7401df3

Download Submit
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\SmallKnob.bmp

Filesize
1KB

MD5
74d08b6908b10f665a2782e099d8137e

SHA1
c10238fc58d698334917276d1e2380cb86e47ada

SHA256
3c12dbd602c83761453ad6e83273c75dcd16e72e254fcb0b5874c9112d7fcf44

SHA512
d0e7e5451bec6824d95545d6f4aa2a34894a3aca5cb28ec082b5f8f95e164e3f5b0dc6d1c503c91473cbb3f465f20fff228bd1a6b01991a2e823d9554499eba9

Download Submit
C:\Users\Admin\Desktop\C\Program Files\VstPlugins\Dada Life\Dada Life Endless Smile x64.dll

Filesize
6.8MB

MD5
b33aa9a696ed9b1e37fab83967572b6c

SHA1
4767bf3016670356d4ca8de1cc5b095e85b929e4

SHA256
46f11d1cbb5c9882d524958517435cc97573e629a63e8730e28a463475ac2303

SHA512
6e2beb1677dad9775632bd98b98142d93d48b3019a029f3d048853ad9270334ef12c202d5b37473ed38e4901de7c156dbaa7a09cbe1010491e4ced0ce4df0cf9

Download Submit
C:\Users\Admin\Desktop\C\Program Files\VstPlugins\Dada Life\Dada Life Sausage Fattener x64.dll

Filesize
92KB

MD5
8d7608fa89581b1fb6f35c48a6f110ec

SHA1
9741b557de8207c934b81e00983eeba1f71e1f7b

SHA256
7ef161e760e967040516a79d961bd137fb12a54753dad80d16caf26fc2421994

SHA512
e962f63c38bb37b65d0adbfd5020243f2bed6cffebb40c61c8ebaa43d8ae1e58e7f8d51a77c28c56046a4c7f03c65440e30f59ac6f8ae05141254228b2fc33e4

Download Submit
C:\Users\Admin\Desktop\Dada Life 25.01.2018 NO INSTALL.txt

Filesize
12KB

MD5
6b4794c97513a04810c6673e0c996a55

SHA1
43cb8593fdbb6b996cd515cfe9c6f01d7f6d272e

SHA256
13d4fa25c2f62b00e6f665bb091796ef63f7abada7d36481967258fa66bfa488

SHA512
12216e70f5882b1c2613da5ffeb0c4492e19c6f2353af64d4bbd2fba599f694ac1414eb4aefaf99cb9be5b621c4959a1adbeb7bba20d5902ce963d5003d85a6c

Download Submit
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Background.bmp

Filesize
867KB

MD5
e7b6575ad89c95bbccfa2515646aa1a2

SHA1
0fa978c98902e11db6b86edbb94f97f7405d9cf3

SHA256
18bc67c7cf4b3f05a2995c9ebb1a32118cfbc5d4f0392fcab8c18fd4710a9921

SHA512
6bbf97623d558a7f13b06689c64259b9ba5ccec564d7aeefda5a94d7abf5fa5c14412ad1fd7a345fd58757562448cd6180b7df45cfa3b78b57a6374fb910caeb

Download Submit
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\BigKnob.bmp

Filesize
100KB

MD5
2b91e7302cd2539a270a255e19dd3bf1

SHA1
82badb2112ffb7a31e968dacefa9a4aa0fd4cb30

SHA256
85e212bcfedf00fd8bf70f567cc0e1ab4f814c7a59387a2736eb4e5ee75ee566

SHA512
57492dd9ff09a5c91df16b7a02bfabdd8b9efe49502638123131926714b8d95e499445fe828a7f2cd155d3b2ea2f6ae937e33c5f89c53c5b0958dde7438a1f2f

Download Submit
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\DADA Life Sausage Fattener by COLOVE Products - YouTube.url

Filesize
69B

MD5
9ed41de8fa84d2245dc5e8b970fce6de

SHA1
6dc08c79fb332dc9f19dc75ca5cf2941935a89b7

SHA256
d203ed7f77ab1db4b7fa730afb0362599ffa4d4038e0aa0dc10c572e55488557

SHA512
ecfea6acfb782e56455c1f445a105336c35cd0fc6edf3990a868c80cb0f1f4b952ad985dbd3f268fdb8aee10d848c3600b3ee4ce327a4d228aa0f9ee969910b3

Download Submit
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Green\Resource\Background.bmp

Filesize
867KB

MD5
75a9e8c06efafd8d6907cafc88c48dda

SHA1
a8bd1513b7a99e5844edc6daea867a189a11798a

SHA256
1e610622a9744f712ff39b22396336c611996d91d575a0ce54346aa20bce3749

SHA512
825050147b5b02fbf1b15468e940d1ee1a73073beedc278beb226ebd2604caaecd0d9b5ae7943aadbe0561bb4912b13e75970c3f9de28a2786c54e2f96ee4fae

Download Submit
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Green\Resource\BigKnob.bmp

Filesize
100KB

MD5
07710f62c1fa7c03b2cd000c72923df4

SHA1
7c2b41083ade91810d31ee57c440c29c3a79a990

SHA256
7cc51068309a4a5fe1f4a74b2e33f55eb69da10d82db22cbf71a4209c4455b45

SHA512
8eb513786ea4b39416aef2e8361c1a6d9585a2db660bc295ec1c3e43c0c629cc2e67a414aeb87f7242601879502a662f7b7194def939a666c24f412fcb96ae73

Download Submit
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\Background.bmp

Filesize
867KB

MD5
dae5f315b978b285481349c44db463b0

SHA1
40d90408ea2c5029cd4e3f44c281c6074e2ae55d

SHA256
4e4828cb7cffc63ed21428d2432e71fc8f1e6a3ff0c810f4ea05622364f5254b

SHA512
e2954e5a88850de00f18543164fb60f62d355e058b25f60615034147afdfc8377241af60387e1997933eb774edc9e039b866cacf992e867f417a398a2974de9e

Download Submit
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\BigKnob.bmp

Filesize
100KB

MD5
2caa041fd0a1ca3c21534a79a4e5bd52

SHA1
244dd8e9931555f2a82a5708f9aef65db02935ec

SHA256
25cb3fbd8161a89be8fb13ae349b65af37e023677427eb3d8ec875b01c803199

SHA512
75b6b51d77149e4d9b62f249bf89d7fe1ad2f49474a0e2c5e5ccadc241483b1256dac67b38e6894602e506ddde52e4dc994342e105d15ff8a7876c58547f3a16

Download Submit
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Readme.txt

Filesize
1KB

MD5
2b383033604da81e95760864b1b92511

SHA1
99969232d7888cc710063946ae131da25faabd04

SHA256
9c5810ac4e6899a14f7d6a2d9a32c0103b805e03a91fe01445e206653af04829

SHA512
456563c40edbfa886202b945ff14bc60058c1dae46cdd78cdbdc3f0db0c52e143a2ebe67cc9a9d2b0a09a1803138e5e290afc68eaea92377f9408d0191b91a7b

Download Submit
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Red\Resource\Background.bmp

Filesize
867KB

MD5
6398f99153ec65a470597de9c268c8bf

SHA1
1bb20765a04bca6397598d7aeb5f8bcb28701c98

SHA256
051c14dd57e49ee6ccba401b7036ce7edcfd77a040d6b2dee5be43f2cac4db8d

SHA512
892ead21ecf5e125d33e86639d5eb406b95a36bef69e4285f8a85e317ff1527f117949de1fdb895cb4e486fadb84bcc3c6737aa1a627d692f1bae972212b3c34

Download Submit
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Red\Resource\BigKnob.bmp

Filesize
100KB

MD5
9330837d075d9b45adf005f3b5b33b9d

SHA1
01e71707f1606d41ddb65f30470c30bca190b614

SHA256
7a0b886fb1a04d3dd8091021c7063ec35802ced117c4541efde638a7f3af9741

SHA512
80c4dba10aa300b305e48f3af28dcae6f7a9a5addd79834b45e35e193fdda355ba862b5ca5b8f92b35d02b1ae3dc6e504eb8e9f7c79a4e8729cf0e2eb64d142a

Download Submit
C:\Users\Admin\Desktop\Existing Folders.cmd

Filesize
2KB

MD5
52eefe7f59738db7c62a56dceac7c4d2

SHA1
b2ba9316f1d966497272dfaca01e27b9fee25214

SHA256
109059a3ba3355c177731640590a81c9d48f2bc6ce74a4755133bb83aa8a0c3e

SHA512
33f114ae1db88445e8c0d476850a25b14acc8cc53bbaaa5db359d0dfb64227ab6e0ee8e2054985b4d58d1b4fa1ccc425d0c8bdc870cfc9303833869403141c89

Download Submit
C:\Users\Admin\Desktop\FoldersList.cmd

Filesize
215B

MD5
3a646465b4eeac10c0cf36df1d819ae6

SHA1
dd3fa0b24ff46ba5bc351f2279ae99e567e0dbc4

SHA256
bd5077b98613d4a39d0fa1e1a92721dc2bad0172c8f94d8dd7a728c595df3871

SHA512
0ae6dd80cf23ee32acb3025866b8595744cc452e46a84019cfdd57a7e47d09d8649d31c4d9beab64bdbc575629b0bfa8d5cde3b9ec817027d2fabd2679e87c2c

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\C\Windows\SysWOW64\mfc71.dll

Filesize
1.0MB

MD5
1fd3f9722119bdf7b8cff0ecd1e84ea6

SHA1
9a4faa258b375e173feaca91a8bd920baf1091eb

SHA256
385ea2a454172e3f9b1b18778d4d29318a12be9f0c0c0602db72e2cce136e823

SHA512
109d7a80a5b10548200d05ab3d7deb9dc2ae8e40d84b468184895eb462211078ecdcb11f01eb50c91c65a924f8e592cd63b78e402dcaea144ff89c11f2ab07d6

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\Dada.Life.Sausage.Fattener.VST.v1.0.x86.x64-ASSiGN.nfo

Filesize
25KB

MD5
2b8d943252458c992597a5460fb7cd63

SHA1
9cf49df0635c00ecfc737a345fcc69155e9f8da7

SHA256
2f0d628ab21df11ea1de138abd410cdbe429c187e6082be294a5f613b787c6d5

SHA512
7e328a86a5a4728ba8856180eca898f224a3cd57c50d1b535f30d9809c24918dcc1e18ab33af8c6c478634bcc389df842bbb475f97ca88fe36b701c6eaf1aa7a

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\FoldersTree.txt

Filesize
579B

MD5
9cd50ac8f65108ff24ad7089e0d6f923

SHA1
a8bfb37436f7d8e5f6787fdbfd1d6d8abc669583

SHA256
4e4113855edb9c1f72e9af2a5416f8c8bd4dc4e0accf785a81c417a56e025f1d

SHA512
21606fd70854179aa898f5978d04858208debfbee4ac22ded9186d3565295c71c10e5454e2c9549de206903e609c5d91022277ec773fc9f18d0b7114ef5ade16

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\HELP CMD.doc

Filesize
119KB

MD5
6a1387bab6f3f41fdb08deda0591f59a

SHA1
3163890492a09bbfdf643ef01370ee0960c7ba09

SHA256
5feaff005786d69c9936bac7f96e5f29d5e002ede2dbca4a6fa90876fb1796f7

SHA512
2849a36853b4697fa689cf6f2c0c2dccc5dd6430903e92da4f7dd2976754bf5e8f6efd6930e24cc5695c7395a2f5898f66562ed058b163cf1a879f8bbe155f35

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\AudioZ.url

Filesize
63B

MD5
0035474bf4e43a5d7d6a62b0b35868f0

SHA1
3065448564cd23172b3df8516cad5d65a1940454

SHA256
5618b2de83b18a15ef8f7ed73bfaf3b1e97577d51fe7de7cf9eb79e4b7cc6f8e

SHA512
42545c0401eb5ec70594609cd7f65bb64f80d73aeccb733ea5776fc926f4284ffb9f7c474e6fa40f929ec0c28d169e51310d273443e94a55f036dcbda61fa238

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\KRock-Studio Audio-Museum.url

Filesize
61B

MD5
cdccbd64b4256f5abbb564266372fbbe

SHA1
9409868eae37f8c68915dd47344e764cb5994e9d

SHA256
ae3ff3a64d430197dc92cf5096a2a848382e4ba0bb831c2f346e88b273df3db6

SHA512
355b94595c1c7fc5f737323685ee8ae922b607e553a1280a0d6afc82660086d978de0b007e8ff2d4a720ceeeca00de15b012025cb1df679f0ab9472e7a79388c

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Microsoft Visual C++ 05-08-10-12-13-17 Redistributable.url

Filesize
68B

MD5
f40956fa2acdc7566305fc2bf21022e9

SHA1
c8667f8d947ae3d054eae374f6cbd222c79949fe

SHA256
3edf896d4acaf481ebc1b6859d8f7b1d2bd0fcd9f0e0ad4c16571dfc5acc9093

SHA512
a7e63edb1e5a5e2e5b397636af531e35894bdfc5addda1344a577b8109f3ac7ecf06079c9132ce74dd25424e08aa5da23d510247e614f3ee8a12798a3b85c8cc

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Offical Pro Audio Release Log.url

Filesize
64B

MD5
b2b4dd8d916147c0628ec848f48b9b92

SHA1
eaffce8b23eed8d787a11b5898471681e7f187cb

SHA256
9dbd7bd6488402cbd12220d9d50b11b98f4794b325be6e2466595afd9683f2ce

SHA512
e6d00c591d35b239c1682df02c8814b031e342e704d142e6cc365c9c9408cc46adc7d1990ff813779ba96749f49328ec253ce235effee1c6f602658ba7e1c052

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Symbolic Links - Link Shell Extension.url

Filesize
93B

MD5
8a15917f1cb3f0ee15e45a8f6c180b12

SHA1
a385ab049854a1c6b6aff27f3e7be8cc3733a919

SHA256
cd32f8f362ac11094c36aebe74971a1aecda615984cf9d2c81304b022bd611ab

SHA512
0596fcd717ca721e851f2d11cf3296710d41aa1b5e89c66c0ebe0246ee4cc15fefc1da41c8aa6018abc27a13f96ba0de2724cea82257b52ce9f0ec07311c5844

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Voidtools Everything Search Engine.url

Filesize
67B

MD5
031fd45987384decf5d60c23da203130

SHA1
8a8d316525b9dd830a396809102facc614142e61

SHA256
f237047ae589689beb35db0d8e43ec6a99e81a334299f9acb0871382f880af0b

SHA512
e5fa8c931f0b860240cbbb17d6f256612e37d7cb0ee36407fd38cc5974cfbeb1fba44317c494a046c1f7ab987f4f48a11b53ba4881828bb9896ba5607868c074

Download Submit
C:\Users\Admin\Desktop\INFO ONLY\How to replicate Endless Smile plugin by Dada Life in FL Studio - YouTube.url

Filesize
69B

MD5
8fec00f8d1917acd74a7a9cf7ce79c97

SHA1
85722530a45143b04bc4960bbc2f93d075ddbf0d

SHA256
3c84bd451d5e2498a254aec76ef0fcb8d8bfaa459bc7f9a5e7e08827510eb393

SHA512
a336abf2ae9a789c53a4e9cf41b61e0f8e98430e47fed7d51a3f9b0c4600be2c05a4cb117071fa152ff60ee4951c435a92d390663d44ccc40fd0229f9c297498

Download Submit
C:\Users\Admin\Desktop\Sausage Fattener.reg

Filesize
170B

MD5
b4163f36f5fa7e7291922f6074ac2a69

SHA1
2f8cf62076621d90cb93d36fda5c484622eb2ba8

SHA256
1d6882db1106cfcbe59c0d3016030cd565e627edc613ca56aab1c73bc7e15030

SHA512
f892f439393c168970d7806fece819d98cf7e015c152a3e66a219a1619689b44a89cba019e350507953305ba514be862bfbfa88f54e5a35915580497e6d9b797

Download Submit
C:\Users\Admin\Desktop\SymLink DeInstaller.cmd

Filesize
2KB

MD5
5c75e6340b4f0793b6af144f769568ae

SHA1
e41cca345d9b50de5e771d32bb1eace93ae859c4

SHA256
81e7e232ff56e81fafe45596799b204df9361c0db0f7b5a7eed13698804a1bdd

SHA512
22828737147dff00f90cc0a9efe79287eb6a27f187ac4dd7340cf02d266f746dd629e0fddcda47aac9e76cd9c7c4c6a69f449f1a2bbb2cd89cc6f9a88884533b

Download Submit
C:\Users\Admin\Desktop\SymLink Installer.cmd

Filesize
2KB

MD5
af20610489f1b039e41ba25869f35d67

SHA1
bc6cd9388f846c988f193c643f35e037e853c464

SHA256
26913a2e5972026dc9fa64e6d68eeb9019040515322c5e4093490db033492214

SHA512
ea13f1f69a5599725709646bbf196b745fc111dea31873ba9d96553d1427739c4f0c72ea067b57257dbf27c22f57d0c34b7b1f5000c4e4e08973f06e0d98f22f

Download Submit
C:\Users\Admin\Desktop\UnReg Sausage Fattener.reg

Filesize
105B

MD5
fa0da1f0dcc188a4eaa2fe1ea6472883

SHA1
de65763b8d5a3ab48fd9d01590f2abd5afb3cd23

SHA256
431be2ed567582604b74a097e78cffe4d9af01f97d21563c946081a060dbd226

SHA512
8f1d1187b75da2032cfb7d1b7d0d8cb711031e894907fa0670899e21224d06afd8aadab064418fce3aae49106dc5617bea3c8820b02ce6ded014cbceb1fa0cba

Download Submit
C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier

Filesize
621B

MD5
029330768a433c4996af04fe3e27604f

SHA1
19401828a1b580c5f20235ad48fc4cd5d41f9726

SHA256
73abd10179bfd69a42a315e1ba698b309f667e6b089a23e108c2c2e94e4325d4

SHA512
5bae77e27ee9d5599268b0c2416094d28f3bed027d1cd95483f9bfe180f9e76eda383add1e508aebf588d52288c06d4cdba64378a701da0b12fb15ae5125e560

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 125429.crdownload

Filesize
1.5MB

MD5
f1320bd826092e99fcec85cc96a29791

SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 496793.crdownload

Filesize
7.0MB

MD5
1e680f54e25df306174dd9357fd88890

SHA1
ee45327f5d7c79bd4c0e9a192b3749c99734011e

SHA256
4637889c0a990ed53b4725c209fdc91060ad649a679bb10f4cf1f4e67ecdaf04

SHA512
e5508cdfb1dc5d841146ebafe504617f35c287b12b03e317d5af978190cd62884716e5fcf74ebbe7e4ae8233be5c5b4d1a9131fcba5c8a4ce7ecc06bcad0a971

Download Submit
C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1788-2379-0x0000000004820000-0x0000000004DED000-memory.dmp

Filesize
5.8MB

Download
memory/1788-2474-0x0000000002FF0000-0x000000000303D000-memory.dmp

Filesize
308KB

Download
memory/1788-2387-0x0000000003F50000-0x000000000401C000-memory.dmp

Filesize
816KB

Download
memory/1788-2580-0x0000000002FF0000-0x000000000303D000-memory.dmp

Filesize
308KB

Download
memory/1788-2349-0x0000000002FF0000-0x000000000303D000-memory.dmp

Filesize
308KB

Download
memory/1788-2348-0x0000000002FF0000-0x000000000303D000-memory.dmp

Filesize
308KB

Download