Malware Analysis Report

2024-10-23 21:38

Sample ID 240717-mxf3kazgrg
Target https://getintopc.com/softwares/audio-processing/dada-life-endless-smile-sausage-fattener-vst-download/
Tags
strela discovery persistence privilege_escalation stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://getintopc.com/softwares/audio-processing/dada-life-endless-smile-sausage-fattener-vst-download/ was found to be: Known bad.

Malicious Activity Summary

strela discovery persistence privilege_escalation stealer

Strela stealer

Detects Strela Stealer payload

Downloads MZ/PE file

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-17 10:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-17 10:50

Reported

2024-07-17 10:55

Platform

win11-20240709-en

Max time kernel

300s

Max time network

299s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getintopc.com/softwares/audio-processing/dada-life-endless-smile-sausage-fattener-vst-download/

Signatures

Detects Strela Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Strela stealer

stealer strela

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\msvcr71.dll C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File created C:\Windows\SysWOW64\mfc71.dll C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\8.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\GreenLight.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\11.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\2.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\15.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Sausage Fattener 64.dat C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SmallKnob.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SausageBottom.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\BigKnob.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\12.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\RedLight.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\10.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\14.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\16.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\descript.ion C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\OverlayKnob.bmp C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7zFM.exe\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 = 5000310000000000e95812891000372d5a6970003c0009000400efbee9581289f15869562e000000059d02000000050000000000000000000000000000001c03000137002d005a0069007000000014000000 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell\open C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7zFM.exe C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7zFM.exe\shell\open C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "2" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\"" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe:Zone.Identifier C:\Program Files\7-Zip\7zFM.exe N/A
File opened for modification C:\Users\Admin\Downloads\_Getintopc.com_Sausage.Fattener.VST.v1.0.x86.x64.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 125429.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7z.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7z.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7z.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2404 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 32 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 1776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 1776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2404 wrote to memory of 332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getintopc.com/softwares/audio-processing/dada-life-endless-smile-sausage-fattener-vst-download/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff962643cb8,0x7ff962643cc8,0x7ff962643cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8

C:\Users\Admin\Downloads\7z2407-x64.exe

"C:\Users\Admin\Downloads\7z2407-x64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2612 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6568 /prefetch:2

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar"

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe

"C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe"

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:1

C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe

"C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe"

C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe

"C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Sausage.Fattener.VST.v1.0.x86.x64.rar"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Sausage.Fattener.VST.v1.0.x86.x64.rar"

C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe

"C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x000000000000047C

Network

Country Destination Domain Proto
US 8.8.8.8:53 getintopc.com udp
US 172.67.75.211:443 media.getintopc.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 216.58.201.106:443 ajax.googleapis.com tcp
US 199.232.196.134:443 referrer.disqus.com tcp
US 199.232.196.134:443 referrer.disqus.com tcp
US 151.101.128.134:443 disqus.com tcp
GB 18.244.140.59:443 c.disquscdn.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 172.217.16.227:443 www.google.co.uk tcp
GB 18.244.140.59:443 c.disquscdn.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 199.232.192.134:443 referrer.disqus.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
N/A 224.0.0.251:5353 udp
GB 88.221.134.251:443 www.bing.com tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 88.221.134.250:443 th.bing.com tcp
GB 88.221.135.32:443 www.bing.com tcp
GB 88.221.135.32:443 www.bing.com tcp
GB 88.221.135.32:443 www.bing.com tcp
GB 88.221.135.32:443 www.bing.com tcp
GB 88.221.135.32:443 www.bing.com tcp
GB 88.221.135.32:443 www.bing.com tcp
GB 88.221.135.32:443 www.bing.com tcp
GB 88.221.134.250:443 th.bing.com tcp
IE 20.190.159.68:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
GB 173.222.211.40:443 aefd.nelreports.net tcp
GB 173.222.211.40:443 aefd.nelreports.net udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
UA 45.89.245.61:443 programming-link.info tcp
UA 45.89.245.61:443 programming-link.info tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
UA 45.141.156.42:443 how-to-pc.info tcp
UA 45.141.156.42:443 how-to-pc.info tcp
UA 45.141.156.42:443 how-to-pc.info tcp
UA 45.141.156.42:443 how-to-pc.info tcp
UA 45.141.156.42:443 how-to-pc.info tcp
UA 45.141.156.42:443 how-to-pc.info tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com udp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
DE 94.130.142.176:443 94-130-142-176.top tcp
DE 94.130.142.176:443 94-130-142-176.top tcp
GB 173.222.211.40:443 aefd.nelreports.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 95.101.143.192:443 www.bing.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 172.217.16.227:443 www.google.co.uk udp
GB 216.58.201.106:443 ajax.googleapis.com udp
US 151.101.128.134:443 disqus.com tcp
UA 45.89.245.61:443 programming-link.info tcp
GB 172.217.169.78:443 fundingchoicesmessages.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
DE 138.201.124.163:443 138-201-124-163.top tcp
DE 138.201.124.163:443 138-201-124-163.top tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1fe10b6cb6b345a095320391bda78b22
SHA1 46c36ab1994b86094f34a0fbae3a3921d6690862
SHA256 85a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239
SHA512 9f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a

\??\pipe\LOCAL\crashpad_2404_YJGJBLNTWPLTPGET

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 caaeb604a99d78c4a41140a3082ca660
SHA1 6d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97
SHA256 75e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6
SHA512 1091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d474a2c0a1d4ebfc50ec33add4883e1
SHA1 448123522938f8cb9210627f052d5d7f6a0a08fe
SHA256 c79e3f2f71022378b0ce4253e07e41ae1f7f49b3f400d7d363aa432aae1cf009
SHA512 4a3df528142c77c509fb96dacb58f06f3897ec9bc12b59176e6264c6f92d5393bd86dbe43a9eeeedca07f757e8a517ccded9360e46ba4a71e91d1abe61ce9e50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d7a0fa7d54c87bc042098b77360271f
SHA1 f4c5cf8cba3525d46634ed406f7cb3fe09cc6ad1
SHA256 785ac1cf1d23c639a4e00d4376eb25d0ca03308226f15c50643619e16f6e80c6
SHA512 13b5dcd3a91f7ed58097c0818a80732a2673511fe980588a88a18724d9dfab677cd279542d5ca3167d260c03167dadfd39966b850b31b60f341c497a44d350e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 49bb32ab3ceff7123c587671555aadbf
SHA1 98dba09cb33cea47b0cbfcce17a9f7aaa479c370
SHA256 c4e7651e2e53e6b4864fb53ce91f0cd602f080b5895a27f0355514079ec11221
SHA512 c5070e2bbc5f284bb02764f6f2f7a5017f5dfa87e5f0e90036555ebe900b6eba502c25d4631d81ef5df6c711f05cc1ba4ea75dec73af1c2214c0eff699700bfe

C:\Users\Admin\Downloads\Unconfirmed 125429.crdownload

MD5 f1320bd826092e99fcec85cc96a29791
SHA1 c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
SHA256 ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
SHA512 c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7d651b53e1cc398e97f52f39d6b4ae5e
SHA1 4689e15da1674794cb64ccdc31833a8d4140eaf6
SHA256 120a83b4fa07e44da0524988a96637274fd92ab1fc6fb982e45756889b970c23
SHA512 2f77e118c2bb733cf43d3f23cf5723b5e5981d90d5f1d4f586db8379ee193e320d79a07e476732c8e4d7c581257033a7fd9002f7168ae820d54f6758b1e0fb0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583c0a.TMP

MD5 eb5a52aafb634f4681e78e36673c0b16
SHA1 eec0f670674f627e807b1705b076b867c2d3e693
SHA256 f5d6260c06aafd52b2d64d175ee35b47c850dbaa849b5339b6a3866cb57edb41
SHA512 259c57b576bc9324e4392803d654412557d089c2a2f32390ff7416c80653a36589f7556154239cc8c76f30194afeae1efaa9e66258f5679266cedb0bbda7492a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c4bd0a0cd8b7d423c60ca730f66d8e3
SHA1 353ee1042e8ee0742315a7d96d990b7785db437e
SHA256 bff5f4ad0813b476e65db6678dbf5008e1b383c58619e852983947839e9dc1a9
SHA512 ea0756e78da8a85fe276959afe277e016595d9cbeed8152cedf096405e974d84381be73ce9ecf2f1761f5f3dd5c572b60fbdf68d0a2f02813426261275d33d20

C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier

MD5 029330768a433c4996af04fe3e27604f
SHA1 19401828a1b580c5f20235ad48fc4cd5d41f9726
SHA256 73abd10179bfd69a42a315e1ba698b309f667e6b089a23e108c2c2e94e4325d4
SHA512 5bae77e27ee9d5599268b0c2416094d28f3bed027d1cd95483f9bfe180f9e76eda383add1e508aebf588d52288c06d4cdba64378a701da0b12fb15ae5125e560

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4f62fed1920369b9c3d5b1f233abfc30
SHA1 cd34c377693f6a3d3d9b18e920c40c405efca9ee
SHA256 7a162411cc07e339efd95fbb1d37bd56a339c848f331ad72e44c2e5294059419
SHA512 ee15d6bf4f51f9c2c86f5fde4585a16b72fde3e7142c5cb3f9f33892c83e47147b7d8004ff4b3bcb1751c95336f11d3950ce236dfda34528d01331ebcd7787d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 7f8965bc4a6541189bb000b832b3ba4b
SHA1 2cfc6a12844c3ec89d571ec5d87cdd5a0cdc26ad
SHA256 57e9504e17918efff5f382ae00f64cf1203fbc3190adc3774f43f49a883a16da
SHA512 7763d57e238ff0cf43550cada4c6d941a673e0e9ce8020e0b6b1a99af54217c7180c2354edf9138cd50461c07de5e0ad09527e3fc7ef87a73003ac3847dbf306

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 03e34024a397faaceee5b2fdbcd0d68b
SHA1 91bee1c5001d5b5a84069b7e98d03fee4d9f195c
SHA256 1b5461aff87f416b8dec026f7adc378048016d75260b8516bca70803406f5f6d
SHA512 c996f09f983fff864d2ed67e4945a7476f92d91cb5fd44e7796b94d1fe9cb086ed256ebe648160c4f469e256799ab370032adeba9954ad2d59d4f19491b54423

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b6116dcf0da6aa663d2f1d4a6ad968e6
SHA1 e7dd8a9884acae8d574c19fe99ffef369e2618d0
SHA256 914e172d4f6cf9d74e0e1cbb06a646daa90827af44e56a6aafadab5a64833c4f
SHA512 c385f8b91f01c4c33857494c85430a7d1ce67ab08db84e236499f3cbbc0232b6b5568bfd9f840347eeb7d66de6476a51e9e1c4ecc45d956795e166a5f3e86645

C:\Users\Admin\Downloads\Unconfirmed 496793.crdownload

MD5 1e680f54e25df306174dd9357fd88890
SHA1 ee45327f5d7c79bd4c0e9a192b3749c99734011e
SHA256 4637889c0a990ed53b4725c209fdc91060ad649a679bb10f4cf1f4e67ecdaf04
SHA512 e5508cdfb1dc5d841146ebafe504617f35c287b12b03e317d5af978190cd62884716e5fcf74ebbe7e4ae8233be5c5b4d1a9131fcba5c8a4ce7ecc06bcad0a971

C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 61fce4cc4c6eb6dda7950c7d7f3421c9
SHA1 5e07eb8fe9618fe0ed8eae2dd1a6203755fd328a
SHA256 2b0d933d4b2cc8d0d0ec3390beae79d34231fe4c04f74d09bd9bb645fafadc58
SHA512 92592a12a986c516d74b70495722fbfd3cf3aadb503bf3b06c9f68263546e0687f7229d4838d0b1bad133d2baa0d9c40a3a5b27dad9fc6cb9959ce1f6481ccd6

C:\Program Files\7-Zip\7-zip.dll

MD5 8af282b10fd825dc83d827c1d8d23b53
SHA1 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355
SHA256 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca
SHA512 cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 261e24636a890517180d1053e23d4806
SHA1 d04eac1510e2786adcff2633bfb1785dd68978cb
SHA256 7115ee094269ad3d944c2858f23bbcdd27e635d70191adb034d4b77ab4f8693a
SHA512 631223ef27f950b6e4c56ae2cc009749f5cbdf41a10d6dcda54cc2a757ba237410fb7d03db9ba01ece5f588bc026969e00311eb97ee83a6d6421e16a0817ce79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8dbaffdba6b41be78c2cc491e153d5a7
SHA1 bbe2d5333aa10410c336e1e5f6209747b01171ca
SHA256 e5694db16d7d9c0e8d3e95d4b61a0b580d3ee0e937b54f29fdb4bf0f2e88c1e8
SHA512 1e7c15e9d44d029e5529952981c52d67c19d37f297d0d2605266b3f21a44d73cf69119b3698790dc49afd79e9d3de7cd26e0aa5183c06bb185f33ae9f233aba5

C:\Program Files\7-Zip\7zG.exe

MD5 ef0279a7884b9dd13a8a2b6e6f105419
SHA1 755af3328261b37426bc495c6c64bba0c18870b2
SHA256 0cee5cb3da5dc517d2283d0d5dae69e9be68f1d8d64eca65c81daef9b0b8c69b
SHA512 9376a91b8fb3f03d5a777461b1644049eccac4d77b44334d3fe292debed16b4d40601ebe9accb29b386f37eb3ccc2415b92e5cc1735bcce600618734112d6d0e

C:\Program Files\7-Zip\7zFM.exe

MD5 79e8ca28aef2f3b1f1484430702b24e1
SHA1 76087153a547ce3f03f5b9de217c9b4b11d12f22
SHA256 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7
SHA512 b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

C:\Program Files\7-Zip\Uninstall.exe

MD5 1ae18a5934322b0b23da7c5678e2dbec
SHA1 a1ae84c861f338e8f8c2a7c0102d8b0ef9aa6da1
SHA256 e5db8a72bd2901a877c67b3acba60f386b9d6e8d3e485372f7180fb76652b93a
SHA512 01e660e2dc2ec9d4d64c4f981804f252f77bee400eb21a43077681a2fc51bc564fd5749ea8f25a4b3da0500bbf33dd3cd27ebbe3cab96e333dbd6b57966fc151

C:\Program Files\7-Zip\7z.exe

MD5 1d1b0349f970c8de7fae7a94520e21f7
SHA1 8787ce498c9f1628665dd17004676a9cc5e8f99a
SHA256 f63a2d492d7a20e7ae6ace725da0320b05a6250794c9b449e1bc48d3f63cef56
SHA512 2ff084ca8b7bd05e156fcce6faaffd861ee09e09821e8f3325093a0aec46d54481d18d61d84b35fc2c760d93aeda70648201c740fb429f6f75dbd6708774f0f2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 a0506c16fedbd8b4b92ed4c6cba66a48
SHA1 655362b156973667afcda2b8b2b6862abe4b7c8d
SHA256 7e30fa88e2f62d94bc3ee5504a500b0030ab5f52eac0756f2a13aafb3a5fc8cc
SHA512 659cb222e1d498d67853a2ea3aaab740894fef034005f42c4a02f586f96014d106289b646e2b6b95644d76a23dbf7850d1e46ba83ef3ba86e77390a79ecb1ac9

C:\Program Files\7-Zip\7z.dll

MD5 0009bd5e13766d11a23289734b383cbe
SHA1 913784502be52ce33078d75b97a1c1396414cf44
SHA256 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129
SHA512 d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fd42b1548cd42fe62e16f886635fac45
SHA1 29286d6e2ccc871589de3f657212ab123c26f18e
SHA256 ad8df2f72ff6fc7be3a16f64cb20e8fbfe178cfb1d94c7d1ea93f8cd2acad558
SHA512 3d68c010f658623af565a029cb1f164f32cf0247ab881ce72d396876ab5d83ee0318fcffc74b09f03205d74ad4c298264a9cb4d80e3e552b8978556740123bc7

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe

MD5 a5995b590f964714ef97074709162d8f
SHA1 c44e5b0d7a54ec2af1fd11db1a8ee1b7d0ae3a1a
SHA256 dcf85ee07299cad5e5a6d91d0eeb34b77d4025bf8cb9949dcfe9b5d4ea8c0d60
SHA512 445a18450a9e304f020c11c7e729003ad3804fee8ea241675d0c691a7caf0cbfc515c36126c59b8dcfadbf47e1c1f65cc610813b24c837790768f5c0d8802603

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe:Zone.Identifier

MD5 234af700a238e3426b5194149f670ce2
SHA1 7cbde025a4b284ca06e8e1b9de1bcad66bd3be81
SHA256 19cc36b2f36cdc3230c558189302b7b33213012aa4a5fcadc1842524475f28c4
SHA512 adf60b64b96746ed23f92c4e5cb57de069bc11ad9365b146f75cb6ade69b09b2975ff1e0b06d28108a43b0eb50639469f8a8ef89266c4840a35f083d468db53d

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\2.bmp

MD5 b983fb2e8d67378f2eead3af35a41276
SHA1 001d4dcdd316b285845f82743bc9353040365221
SHA256 5de6fac064d9897c7865b71528b0f4ee4375a9a1f94cfdd8ab355c17099ed75a
SHA512 c71980ee0466bf58518d914ac667516f484e991fcd03751536225ea76707e732f939e55c49137431f1d72417827339af6817ae2ef32098fe9af354c2619ecc3b

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\7.bmp

MD5 39799c0964d71e02398c91c45a46f45c
SHA1 cecbae88c112059bb6503cfb0081f4e680798be3
SHA256 e2b22df0d33ba6fb7b3a3e766560c074b15a0357714430586034f3f26ff5deb4
SHA512 cdaa3bc6def877991b0c42466b8e0ae9674ac18c742610f0b4775e92fc2f5a142579f6e3c28acc04793981606d6f22a6bf57c720a575ee6e9be593f3a4c9113f

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\1.bmp

MD5 cd5ff562751a97fe101a67e771ba502d
SHA1 40ab4ef194902fed97926363fe6f82f3ddb905c0
SHA256 acbb674a36c859af77de0aa1d3d95c1cedf000e54febb31020e6f938194ffc6b
SHA512 4d8d1bce35189b6b20e478330e9d94c5b4863446366da8bfebd5e29303ea2560c1749c00ea181716ef9b873d19f7bb0b0b67217bf33fbcf14ef06034eb93da2f

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\4.bmp

MD5 9ad72b8e9d020a07af384e0852b0ecd9
SHA1 8db3484a1d695a913b45e9970eaf9c945b8bf028
SHA256 3ffb2919fe2597e3ddc3e39922e44fb1a904af0dd715f30bea1de84136fdd4c6
SHA512 a08420200e5ebffe4f00868b8abc6172f17686719cb581afb12af6ce901cb074c1823f960bac66d50e2fa99fd228270774b5a41e1cbb14ce5fa63d996cfa37b2

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\AboutBox.bmp

MD5 8d54f93d237afeac0f9a1f38419ec778
SHA1 d46781264b4d056fa2180ac4c8e514c192e6f813
SHA256 9f41ccadf3e51aeacb40aca9bf0a37a8f81cb5240e5d9d35bbfd85857125f0af
SHA512 a8c5fa1686bc508a417fda165c7dde3c09a9b1e12256be2b29d86f90373ac6221c3b05244687de0b6795555f508061db38f1bcfe7d96fca8b7c3dfd579b92f2d

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Sausage Fattener 64.dat

MD5 54796ccdb2d6031b2e0d1259e534caac
SHA1 5c46b4ee988900a2da2a0a60314ac45ac265c9ef
SHA256 59b707eefe8286a9468d8ddb4cab4fc5ad4090ef21d68f4c57a3da2c9a5df58d
SHA512 d3fc2c18f431bb7a7aa08ebc70026409363700bc509c22e53d12e14e480fb9096cb0e583cead0e882ebeb21c1b29e7655d86bad65a041b27c377404fe41c186a

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Wheel2.bmp

MD5 53ce88ab4c2136c751b33526ed11e617
SHA1 aa101ca595414bd291ea1a4da2d295d654cc6445
SHA256 d14b8d4dae6875bfc11d2501c9bb972770d91164f7cf503b4477fa275b3d91b5
SHA512 a593b9df9e49de8bae1e2cef19ba7dd9ae75b56b818a1346557e5f82b85e09b913381be20fc94c2a6629222228bcad14072ea07325dee3ac260cd2af08cdfb64

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Sausage Fattener 32.dat

MD5 69d6f94235a27ef0e06544e9ce0d632e
SHA1 ea92ea58a7db386092a868eea87949fc5d8fa626
SHA256 662c308546fc42506073e1f12d38252f7cdaad888e13ee4cf109d062ac609955
SHA512 39432cea09d8a9921176f14aaae140ce6638c8321f5fe3808616152dc84473bcbfd0215150632d6cfc32f78c7419576a20d5e00f19507018f7de88761e577ea3

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\OverlayKnob.bmp

MD5 abff5a6d250d20116dd3539922ad60c0
SHA1 7a9216973e5b7a8003ef4df16e7cf0e43f638a70
SHA256 6418a8be1d341df869be125fee4a4530dd8b2fed02133c318525ae903d231c75
SHA512 e53e3b1fabc1d2519780a3c4c089e8622853325785d7cb77fac4fef480abcef89870c757cccd50ce9089544f76d77888955dd0e507bf5bff948d3d239780a494

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Fonts.dat

MD5 9214d2202b9f4d8374668200f6be09e4
SHA1 049c8125e7e89385d79e14e6ddb48d297f1ccefe
SHA256 2e07347d0d6ca356a51fdaab611673c3748aabc73599edafc255af33a6d95664
SHA512 b0de7e0b7e52ed9aa546de79066b314b00fed40bed911afbdf9f75a4df75fe3611285ba9f51219b7ad5469f71f4a09a87949da2b6281a439e36f9f6a0570c229

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\16.bmp

MD5 74963a0e21b0a442f0e327a9e83fcf02
SHA1 4aeba2036721e7d73a346c295eb436067c8d3976
SHA256 d2bf6a0edd77365e2593a2fa154a9a7e1c609111316e17538706d7d453cd5b43
SHA512 b5c0eadd8cebcfefa98b6080a51f1801233dd4f2e72b9df028fbcd571d046466ca9b7cf36172a524ff7c60820d40475a8e190d5bada901d3fd485e17c41daaea

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\13.bmp

MD5 a0e8b1c81ddc511fcb5310c5deee8e9b
SHA1 88f9b448d7f5ca3a00b36b06e25fbbe94ca0a451
SHA256 f329a87886a84e7d36a03ab620221ce2e5909bf595210a0a70e62065b68bd458
SHA512 3e7b08f44e8534b2208c37e8f78fc91831ef7a7f9e634577b40be3ba970141437565182e2fb5f659fceedadbadf1bb562db351a95c4ce531913a72ea35cef272

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\SausageBottom.bmp

MD5 34af6f4249eabf73d03f18404d4e279e
SHA1 e60617c8e9cbad6773d29e45b9dd361f1646a3d8
SHA256 223283d885aa71d8e1ff73f02c4df8d6d40c6b2c9b371c984a5ffedfc9244ced
SHA512 cdb44bf28b005c5b8220ab5bcedc8bc49b6962e96840048b700073eafba8faf0b9b637ce9bd8d3018ef01a053a696a43ba63dd616c554579348519da29ac061a

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\5.bmp

MD5 d659f87c193a47bdc497410bed0e443e
SHA1 12629ad7b5dfb0cf9134d7ba83f8693c897a2c58
SHA256 94f649cbb0e250d378b1f432b04faca475965e7de8a02535fc2a1f56890660fc
SHA512 0bfba7ee57c0df82b52501750a7f79af77fb7dc231621452c838456bfb43f183806b52098122780f3f94c715e65fa9e08f59836895714b5b0395bd1633b2010a

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\14.bmp

MD5 22fcb3ea5ee2414880ef094b6b965c94
SHA1 dbfb1cbb08981fdd3878faf4179f5fddf67a4a9d
SHA256 9058e0d9ea998c21309757586d30b0e5378c0c1904ebc2d95bf01223ddba269c
SHA512 f104e05e5fff7ea1b5e7e983ed8185ee5fcb3d5affe07f9d60663b61027c4de76743b4b67d21578de7f35eca75d953a8182c7d3330c2ec65966cca6a4363c294

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\11.bmp

MD5 8379b1c3d19f3648f9236187e16149e9
SHA1 d1d4ef0d7071ac00c8d3abae6b79d8ebf2798452
SHA256 fd3a02f023176a6ae82935f00f72fa13d42be28d58eec0422b9783184ea852f3
SHA512 1822e9eb3c1943d0a6e78a78d6920db26f92257a5a368e5524162c65c08eada27a4d7fdc1714279910665189398ebe510e1e4d982bedb4915d75ce9f825b215b

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\10.bmp

MD5 315fbe95e7b2a86b874b197fbdf15849
SHA1 1cfb80ce65a3ec7797a236bd21c5de45ff49ffaf
SHA256 ffa4a594d09f8faad81a30ba0999692530b1c248939328c57781ccae55129536
SHA512 d0ed7b6cac55509e08dcfb6ce4bfef8da2945cab9372e0e044297fd21f8d9a74fcb601bf8faf2e97d1350bbf9363d3d25421da34747a7a2dc7660c8b3be253b7

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\SmallKnob.bmp

MD5 62b24e641af1cebc13961addae46faf0
SHA1 a34293f03989f08cc3060baa59085299e5464c4c
SHA256 017fc7f898e5ce20e43f3bd08d0bd477a0833b71b7e37834abc0bdf230dbd793
SHA512 bed68a483c1be28b215e68e38361a830b7e84d51e1be9a36cef4d0a48a45e0e49f304e8014dbc81728edaf1106fa0b516d4c7ef834f863c6b982d8dcf72093c4

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\RedLight.bmp

MD5 548c71ea92f3f6cee75b8842d2b0212d
SHA1 6a846cb34de06b5c061959cde194c6608a5ab3c4
SHA256 812f8b2158d578426794eab877eff5ec567fd2fb9ee9d4bfe9b2087e685dc5e4
SHA512 500dcf84e074a9685f8e78bb006e3fc2ec07cc219712bb6de9931863ac0baaa62b52d632922b9e6de7b483636f3dd97ed772377d663dc84b5b866206419cb5d4

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\OrangeLight.bmp

MD5 3a1ac28b7e94224210e5baef9e38f4b7
SHA1 3e95175636cd6e7a0ffbbf2e7f498060a1afc4b4
SHA256 4d753f887657fc23b3d8de7d8b6697e24411a3862a6679a1ab99d3a682617cf6
SHA512 0c36c7c74a7e7da08ad755d990d9da41eb0d365caa914a6d27812d1e666b1a0fbab26250e30fdfc2c4dd2b9fae2590a4df1580d8f7de639e11c00c62b36e0101

C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\GreenLight.bmp

MD5 7cda43ea5240ce9f5d9cfe6ff0686cfc
SHA1 27557f50f8735529ceaae0e8593ff8d8044fec47
SHA256 915314cadd631ce017d74b3adb303c13ea1737e8f4c29b46c17a182c07b0f649
SHA512 55b4be9b37115421c44ca0f487a317fe768abe15c2b23f83ffd721ce4d16dc9faefe48c69b931beee7832ac7f748916bb754e92273b0519e2a31cbdadb9b5766

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 39e12d108c74333a25b8699a7c57ebdd
SHA1 88ac6ddc224fd4d304c8178365a2ecaa9dd12620
SHA256 bd174c8ac2b759f12c1b26f4c0059b81b63dd6a71f8d4cd3386b40c2684893de
SHA512 11c2ded9077d653699efd45af5f58b29644b62595352f2f00e1e911ed4c8fca791e9b498c52deec4fe9f5c9ba788f324be802f963a60f0ff7afea7906dc14b8e

C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\BigKnob.bmp

MD5 038308b664c7c730f28f6db0a9f4e5f1
SHA1 9535db7fa280882e827c2edd0c557547921b3ab9
SHA256 d0b440b71f97e14f9cdaa534daa3b6695c4639730be01fbb7d8643c4fe5c3d52
SHA512 6a13bf662b3fe4e138da744644547e3c7184502d3b7b0c68aafef40673748252f4d371c207d6c9a752eda719abd9dd76b440806cdeff3a746cbb1c6c76ed7777

C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\OrangeLight.bmp

MD5 c599581a4a128aefe283fc78f0164fe9
SHA1 1dd263fcfad1d5b2054e9c670925ba88677a0822
SHA256 f961fce5458d40d996876c7c0802e0555f621d6a901cc1fb1560cf1ca362ad8e
SHA512 ddb5725bc3bfa52fe5c57525a949f8ef63b9fc437859e26b36a95b98b7e9ec61a05ddc8942b6a80052e33af42e19a71685a3e0da243b136d8bc5bbfde19ee3df

C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\GreenLight.bmp

MD5 ac16658dc8cd56e5fcc586bc5ea00a50
SHA1 08a6fa7376251cd6a4f0989090fa6d7c5e4f314d
SHA256 dae8344797318866589485444c0fdc69bd708c69b975c82ce0ce949a8cbf221d
SHA512 ee15b3f29a916d54d58caef920fdf5a70d029c9e578ea71e8850c2962e0c41049c492a9e7870e3a6c17b5757d9a1851b5d6ebd4c772bce2d70739614c8ec90bb

C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\Background.bmp

MD5 b0df33ef469eb32ac0361082ca79e24b
SHA1 48ba103f7396206de392311d3bd85890eef6ca1e
SHA256 cbc2262ac4da76d3eedec54f95f18b0bc6f8e070b673f7e1e1d38f0c4e0e1c2a
SHA512 3c8652c20327c5d73cd85e52c5773bcdb301dfaf03729db18790569a69245fb455641c52c454a2b696e40aeaff9a3f4ecdd6a4fb7626a8ee354a7d94c0df8035

C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\SmallKnob.bmp

MD5 74d08b6908b10f665a2782e099d8137e
SHA1 c10238fc58d698334917276d1e2380cb86e47ada
SHA256 3c12dbd602c83761453ad6e83273c75dcd16e72e254fcb0b5874c9112d7fcf44
SHA512 d0e7e5451bec6824d95545d6f4aa2a34894a3aca5cb28ec082b5f8f95e164e3f5b0dc6d1c503c91473cbb3f465f20fff228bd1a6b01991a2e823d9554499eba9

C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\RedLight.bmp

MD5 674ab57e3f97ca76ac9d3face6689e41
SHA1 350ebd0d9d23ac753198d833a24953c106d0c556
SHA256 8663024c93b4d2379401bb178db9be8c9beb427d3c231ac6876cd70731d0f45f
SHA512 bd466b46a5839c7957eba5d717163f20cb9f8ccd1a9f201b1c334a4df88cc00b0418de6168f31366655a1b2798cfd03435dae8a1d696852db336f9aea7401df3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93aef3bfdcbb997c5bcc882de44b1ae7
SHA1 e2f55fdefcf00d5a87cb6e954e66935ce7035eb2
SHA256 b6c40831d0e006d815af63996f25ed78b20f309e7a4e4d8fcc4a9dadb810e973
SHA512 5efe92904192dccef35d5cff182ede0935f72bc8ac12e7653dddbe4e075284fd38482e40f39e93a2c8bfbdde0f8c582bc8032f75ce358452776b1bc778db750d

C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\15.bmp

MD5 db6d2dbb0a0f2836f725f942453b29ec
SHA1 83448f73bb9104178ab354128e47a239b1abdeba
SHA256 46ed9e0e6d46d8840fc3771c5b8b5a9457d91e0a994e72a8289481dcf4a83c32
SHA512 5542a2a8dcaf436d2610cf685a2760bcc93d077086658cffe2361f3da0fae5f5f76a1761034cea5f8e9ac1151944bafa726761213acccf012bd01ba38f4d5ed4

C:\Users\Admin\Desktop\Dada Life 25.01.2018 NO INSTALL.txt

MD5 6b4794c97513a04810c6673e0c996a55
SHA1 43cb8593fdbb6b996cd515cfe9c6f01d7f6d272e
SHA256 13d4fa25c2f62b00e6f665bb091796ef63f7abada7d36481967258fa66bfa488
SHA512 12216e70f5882b1c2613da5ffeb0c4492e19c6f2353af64d4bbd2fba599f694ac1414eb4aefaf99cb9be5b621c4959a1adbeb7bba20d5902ce963d5003d85a6c

C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\12.bmp

MD5 ba19c720c62fb04a6d0687763eb3f0f9
SHA1 80ca6d7bda2b287c87d36ad2535bf9ffb5bf00c2
SHA256 67c1e8f97cb11fe2d5d658e994682dcb9b81ec73ee221e2d704bff5da8f7a360
SHA512 298128377ca05e88fd5000725e4871ffb81f0b49de805552c7fc205b48a1739a64cfe246f360186259322ed162fb31320fe4f7f511b0f106677e0eb8c7ed84ce

C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\DADA Life Sausage Fattener by COLOVE Products - YouTube.url

MD5 9ed41de8fa84d2245dc5e8b970fce6de
SHA1 6dc08c79fb332dc9f19dc75ca5cf2941935a89b7
SHA256 d203ed7f77ab1db4b7fa730afb0362599ffa4d4038e0aa0dc10c572e55488557
SHA512 ecfea6acfb782e56455c1f445a105336c35cd0fc6edf3990a868c80cb0f1f4b952ad985dbd3f268fdb8aee10d848c3600b3ee4ce327a4d228aa0f9ee969910b3

C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\BigKnob.bmp

MD5 2b91e7302cd2539a270a255e19dd3bf1
SHA1 82badb2112ffb7a31e968dacefa9a4aa0fd4cb30
SHA256 85e212bcfedf00fd8bf70f567cc0e1ab4f814c7a59387a2736eb4e5ee75ee566
SHA512 57492dd9ff09a5c91df16b7a02bfabdd8b9efe49502638123131926714b8d95e499445fe828a7f2cd155d3b2ea2f6ae937e33c5f89c53c5b0958dde7438a1f2f

C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Green\Resource\BigKnob.bmp

MD5 07710f62c1fa7c03b2cd000c72923df4
SHA1 7c2b41083ade91810d31ee57c440c29c3a79a990
SHA256 7cc51068309a4a5fe1f4a74b2e33f55eb69da10d82db22cbf71a4209c4455b45
SHA512 8eb513786ea4b39416aef2e8361c1a6d9585a2db660bc295ec1c3e43c0c629cc2e67a414aeb87f7242601879502a662f7b7194def939a666c24f412fcb96ae73

C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Green\Resource\Background.bmp

MD5 75a9e8c06efafd8d6907cafc88c48dda
SHA1 a8bd1513b7a99e5844edc6daea867a189a11798a
SHA256 1e610622a9744f712ff39b22396336c611996d91d575a0ce54346aa20bce3749
SHA512 825050147b5b02fbf1b15468e940d1ee1a73073beedc278beb226ebd2604caaecd0d9b5ae7943aadbe0561bb4912b13e75970c3f9de28a2786c54e2f96ee4fae

C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Background.bmp

MD5 e7b6575ad89c95bbccfa2515646aa1a2
SHA1 0fa978c98902e11db6b86edbb94f97f7405d9cf3
SHA256 18bc67c7cf4b3f05a2995c9ebb1a32118cfbc5d4f0392fcab8c18fd4710a9921
SHA512 6bbf97623d558a7f13b06689c64259b9ba5ccec564d7aeefda5a94d7abf5fa5c14412ad1fd7a345fd58757562448cd6180b7df45cfa3b78b57a6374fb910caeb

C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Readme.txt

MD5 2b383033604da81e95760864b1b92511
SHA1 99969232d7888cc710063946ae131da25faabd04
SHA256 9c5810ac4e6899a14f7d6a2d9a32c0103b805e03a91fe01445e206653af04829
SHA512 456563c40edbfa886202b945ff14bc60058c1dae46cdd78cdbdc3f0db0c52e143a2ebe67cc9a9d2b0a09a1803138e5e290afc68eaea92377f9408d0191b91a7b

C:\Users\Admin\Desktop\UnReg Sausage Fattener.reg

MD5 fa0da1f0dcc188a4eaa2fe1ea6472883
SHA1 de65763b8d5a3ab48fd9d01590f2abd5afb3cd23
SHA256 431be2ed567582604b74a097e78cffe4d9af01f97d21563c946081a060dbd226
SHA512 8f1d1187b75da2032cfb7d1b7d0d8cb711031e894907fa0670899e21224d06afd8aadab064418fce3aae49106dc5617bea3c8820b02ce6ded014cbceb1fa0cba

C:\Users\Admin\Desktop\SymLink Installer.cmd

MD5 af20610489f1b039e41ba25869f35d67
SHA1 bc6cd9388f846c988f193c643f35e037e853c464
SHA256 26913a2e5972026dc9fa64e6d68eeb9019040515322c5e4093490db033492214
SHA512 ea13f1f69a5599725709646bbf196b745fc111dea31873ba9d96553d1427739c4f0c72ea067b57257dbf27c22f57d0c34b7b1f5000c4e4e08973f06e0d98f22f

C:\Users\Admin\Desktop\SymLink DeInstaller.cmd

MD5 5c75e6340b4f0793b6af144f769568ae
SHA1 e41cca345d9b50de5e771d32bb1eace93ae859c4
SHA256 81e7e232ff56e81fafe45596799b204df9361c0db0f7b5a7eed13698804a1bdd
SHA512 22828737147dff00f90cc0a9efe79287eb6a27f187ac4dd7340cf02d266f746dd629e0fddcda47aac9e76cd9c7c4c6a69f449f1a2bbb2cd89cc6f9a88884533b

C:\Users\Admin\Desktop\Sausage Fattener.reg

MD5 b4163f36f5fa7e7291922f6074ac2a69
SHA1 2f8cf62076621d90cb93d36fda5c484622eb2ba8
SHA256 1d6882db1106cfcbe59c0d3016030cd565e627edc613ca56aab1c73bc7e15030
SHA512 f892f439393c168970d7806fece819d98cf7e015c152a3e66a219a1619689b44a89cba019e350507953305ba514be862bfbfa88f54e5a35915580497e6d9b797

C:\Users\Admin\Desktop\INFO ONLY\How to replicate Endless Smile plugin by Dada Life in FL Studio - YouTube.url

MD5 8fec00f8d1917acd74a7a9cf7ce79c97
SHA1 85722530a45143b04bc4960bbc2f93d075ddbf0d
SHA256 3c84bd451d5e2498a254aec76ef0fcb8d8bfaa459bc7f9a5e7e08827510eb393
SHA512 a336abf2ae9a789c53a4e9cf41b61e0f8e98430e47fed7d51a3f9b0c4600be2c05a4cb117071fa152ff60ee4951c435a92d390663d44ccc40fd0229f9c297498

C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Voidtools Everything Search Engine.url

MD5 031fd45987384decf5d60c23da203130
SHA1 8a8d316525b9dd830a396809102facc614142e61
SHA256 f237047ae589689beb35db0d8e43ec6a99e81a334299f9acb0871382f880af0b
SHA512 e5fa8c931f0b860240cbbb17d6f256612e37d7cb0ee36407fd38cc5974cfbeb1fba44317c494a046c1f7ab987f4f48a11b53ba4881828bb9896ba5607868c074

C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Symbolic Links - Link Shell Extension.url

MD5 8a15917f1cb3f0ee15e45a8f6c180b12
SHA1 a385ab049854a1c6b6aff27f3e7be8cc3733a919
SHA256 cd32f8f362ac11094c36aebe74971a1aecda615984cf9d2c81304b022bd611ab
SHA512 0596fcd717ca721e851f2d11cf3296710d41aa1b5e89c66c0ebe0246ee4cc15fefc1da41c8aa6018abc27a13f96ba0de2724cea82257b52ce9f0ec07311c5844

C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Offical Pro Audio Release Log.url

MD5 b2b4dd8d916147c0628ec848f48b9b92
SHA1 eaffce8b23eed8d787a11b5898471681e7f187cb
SHA256 9dbd7bd6488402cbd12220d9d50b11b98f4794b325be6e2466595afd9683f2ce
SHA512 e6d00c591d35b239c1682df02c8814b031e342e704d142e6cc365c9c9408cc46adc7d1990ff813779ba96749f49328ec253ce235effee1c6f602658ba7e1c052

C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Microsoft Visual C++ 05-08-10-12-13-17 Redistributable.url

MD5 f40956fa2acdc7566305fc2bf21022e9
SHA1 c8667f8d947ae3d054eae374f6cbd222c79949fe
SHA256 3edf896d4acaf481ebc1b6859d8f7b1d2bd0fcd9f0e0ad4c16571dfc5acc9093
SHA512 a7e63edb1e5a5e2e5b397636af531e35894bdfc5addda1344a577b8109f3ac7ecf06079c9132ce74dd25424e08aa5da23d510247e614f3ee8a12798a3b85c8cc

C:\Users\Admin\Desktop\INFO ONLY\HELP URL\KRock-Studio Audio-Museum.url

MD5 cdccbd64b4256f5abbb564266372fbbe
SHA1 9409868eae37f8c68915dd47344e764cb5994e9d
SHA256 ae3ff3a64d430197dc92cf5096a2a848382e4ba0bb831c2f346e88b273df3db6
SHA512 355b94595c1c7fc5f737323685ee8ae922b607e553a1280a0d6afc82660086d978de0b007e8ff2d4a720ceeeca00de15b012025cb1df679f0ab9472e7a79388c

C:\Users\Admin\Desktop\INFO ONLY\HELP URL\AudioZ.url

MD5 0035474bf4e43a5d7d6a62b0b35868f0
SHA1 3065448564cd23172b3df8516cad5d65a1940454
SHA256 5618b2de83b18a15ef8f7ed73bfaf3b1e97577d51fe7de7cf9eb79e4b7cc6f8e
SHA512 42545c0401eb5ec70594609cd7f65bb64f80d73aeccb733ea5776fc926f4284ffb9f7c474e6fa40f929ec0c28d169e51310d273443e94a55f036dcbda61fa238

C:\Users\Admin\Desktop\INFO ONLY\HELP CMD.doc

MD5 6a1387bab6f3f41fdb08deda0591f59a
SHA1 3163890492a09bbfdf643ef01370ee0960c7ba09
SHA256 5feaff005786d69c9936bac7f96e5f29d5e002ede2dbca4a6fa90876fb1796f7
SHA512 2849a36853b4697fa689cf6f2c0c2dccc5dd6430903e92da4f7dd2976754bf5e8f6efd6930e24cc5695c7395a2f5898f66562ed058b163cf1a879f8bbe155f35

C:\Users\Admin\Desktop\INFO ONLY\FoldersTree.txt

MD5 9cd50ac8f65108ff24ad7089e0d6f923
SHA1 a8bfb37436f7d8e5f6787fdbfd1d6d8abc669583
SHA256 4e4113855edb9c1f72e9af2a5416f8c8bd4dc4e0accf785a81c417a56e025f1d
SHA512 21606fd70854179aa898f5978d04858208debfbee4ac22ded9186d3565295c71c10e5454e2c9549de206903e609c5d91022277ec773fc9f18d0b7114ef5ade16

C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Red\Resource\Background.bmp

MD5 6398f99153ec65a470597de9c268c8bf
SHA1 1bb20765a04bca6397598d7aeb5f8bcb28701c98
SHA256 051c14dd57e49ee6ccba401b7036ce7edcfd77a040d6b2dee5be43f2cac4db8d
SHA512 892ead21ecf5e125d33e86639d5eb406b95a36bef69e4285f8a85e317ff1527f117949de1fdb895cb4e486fadb84bcc3c6737aa1a627d692f1bae972212b3c34

C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\BigKnob.bmp

MD5 2caa041fd0a1ca3c21534a79a4e5bd52
SHA1 244dd8e9931555f2a82a5708f9aef65db02935ec
SHA256 25cb3fbd8161a89be8fb13ae349b65af37e023677427eb3d8ec875b01c803199
SHA512 75b6b51d77149e4d9b62f249bf89d7fe1ad2f49474a0e2c5e5ccadc241483b1256dac67b38e6894602e506ddde52e4dc994342e105d15ff8a7876c58547f3a16

C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\Background.bmp

MD5 dae5f315b978b285481349c44db463b0
SHA1 40d90408ea2c5029cd4e3f44c281c6074e2ae55d
SHA256 4e4828cb7cffc63ed21428d2432e71fc8f1e6a3ff0c810f4ea05622364f5254b
SHA512 e2954e5a88850de00f18543164fb60f62d355e058b25f60615034147afdfc8377241af60387e1997933eb774edc9e039b866cacf992e867f417a398a2974de9e

C:\Users\Admin\Desktop\INFO ONLY\Dada.Life.Sausage.Fattener.VST.v1.0.x86.x64-ASSiGN.nfo

MD5 2b8d943252458c992597a5460fb7cd63
SHA1 9cf49df0635c00ecfc737a345fcc69155e9f8da7
SHA256 2f0d628ab21df11ea1de138abd410cdbe429c187e6082be294a5f613b787c6d5
SHA512 7e328a86a5a4728ba8856180eca898f224a3cd57c50d1b535f30d9809c24918dcc1e18ab33af8c6c478634bcc389df842bbb475f97ca88fe36b701c6eaf1aa7a

C:\Users\Admin\Desktop\FoldersList.cmd

MD5 3a646465b4eeac10c0cf36df1d819ae6
SHA1 dd3fa0b24ff46ba5bc351f2279ae99e567e0dbc4
SHA256 bd5077b98613d4a39d0fa1e1a92721dc2bad0172c8f94d8dd7a728c595df3871
SHA512 0ae6dd80cf23ee32acb3025866b8595744cc452e46a84019cfdd57a7e47d09d8649d31c4d9beab64bdbc575629b0bfa8d5cde3b9ec817027d2fabd2679e87c2c

C:\Users\Admin\Desktop\Existing Folders.cmd

MD5 52eefe7f59738db7c62a56dceac7c4d2
SHA1 b2ba9316f1d966497272dfaca01e27b9fee25214
SHA256 109059a3ba3355c177731640590a81c9d48f2bc6ce74a4755133bb83aa8a0c3e
SHA512 33f114ae1db88445e8c0d476850a25b14acc8cc53bbaaa5db359d0dfb64227ab6e0ee8e2054985b4d58d1b4fa1ccc425d0c8bdc870cfc9303833869403141c89

C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Red\Resource\BigKnob.bmp

MD5 9330837d075d9b45adf005f3b5b33b9d
SHA1 01e71707f1606d41ddb65f30470c30bca190b614
SHA256 7a0b886fb1a04d3dd8091021c7063ec35802ced117c4541efde638a7f3af9741
SHA512 80c4dba10aa300b305e48f3af28dcae6f7a9a5addd79834b45e35e193fdda355ba862b5ca5b8f92b35d02b1ae3dc6e504eb8e9f7c79a4e8729cf0e2eb64d142a

C:\Users\Admin\Desktop\C\Program Files (x86)\VstPlugins\Dada Life\Dada Life Endless Smile.dll

MD5 641a4d4185964b2a57aa9afd87ed009c
SHA1 d0e35144dc5f2de19c2f8b9c4140eed0b5e62564
SHA256 0fdba981c3a0a5b2f7cb30ec85666fee0c1be764e904e995958021f518dcd395
SHA512 4689e21a7bf8f22f533c65e81e0c4b2904cc01285b5303938cc71325f564d81b9422825703a82d56bce26a5d36f1f41171ec89d6dd5048d0114a366717956cbf

C:\Users\Admin\Desktop\C\Program Files (x86)\VstPlugins\Dada Life\Dada Life Sausage Fattener.dll

MD5 52e95d9e2e0cfc550ce4e40f1d686480
SHA1 59984bb6becc0f6084851b623f0f2c4bbc901fe1
SHA256 42349ce1da21c41e2f72641a76d64fca1a7c7f6c405a50d331c581d2fbf10f76
SHA512 95b59db3be017ba7486dc774d80af1bc55e50dfcb86b918f266d4db77fc88061b84ba77fd1682a2af81e49608b23ffa4153763a264c85078b32d399b6ebffd03

C:\Users\Admin\Desktop\C\Program Files\VstPlugins\Dada Life\Dada Life Sausage Fattener x64.dll

MD5 8d7608fa89581b1fb6f35c48a6f110ec
SHA1 9741b557de8207c934b81e00983eeba1f71e1f7b
SHA256 7ef161e760e967040516a79d961bd137fb12a54753dad80d16caf26fc2421994
SHA512 e962f63c38bb37b65d0adbfd5020243f2bed6cffebb40c61c8ebaa43d8ae1e58e7f8d51a77c28c56046a4c7f03c65440e30f59ac6f8ae05141254228b2fc33e4

C:\Users\Admin\Desktop\C\Program Files\VstPlugins\Dada Life\Dada Life Endless Smile x64.dll

MD5 b33aa9a696ed9b1e37fab83967572b6c
SHA1 4767bf3016670356d4ca8de1cc5b095e85b929e4
SHA256 46f11d1cbb5c9882d524958517435cc97573e629a63e8730e28a463475ac2303
SHA512 6e2beb1677dad9775632bd98b98142d93d48b3019a029f3d048853ad9270334ef12c202d5b37473ed38e4901de7c156dbaa7a09cbe1010491e4ced0ce4df0cf9

C:\Users\Admin\Desktop\INFO ONLY\C\Windows\SysWOW64\mfc71.dll

MD5 1fd3f9722119bdf7b8cff0ecd1e84ea6
SHA1 9a4faa258b375e173feaca91a8bd920baf1091eb
SHA256 385ea2a454172e3f9b1b18778d4d29318a12be9f0c0c0602db72e2cce136e823
SHA512 109d7a80a5b10548200d05ab3d7deb9dc2ae8e40d84b468184895eb462211078ecdcb11f01eb50c91c65a924f8e592cd63b78e402dcaea144ff89c11f2ab07d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

MD5 679031f413c733231df260741497c811
SHA1 025a9d4ca574d19b9734ff440d8f5544c5eac885
SHA256 8c84007cef1821e55cc3bbc4e587a7e83eb93c3e0075cb83731907134df594b5
SHA512 f86a68dbc06ae9ee7150c004b3c5b2ab6d8bab5c53c5babbacd999ee3859d8270dc30fc60c8b1e63cebfb2692c6b775a3f03bcd7e4e9651006617ffaaeb75b48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 fe51ab178d3987f7ad219f0e83e87cc2
SHA1 4b24ff49fe603b5ec0251b935d2d52ebd7a15a49
SHA256 bf61b9845ca19fbd225f8dd2eb0381f7bab7f6dd8301dd9ec095b0ca07f98f0b
SHA512 26e247737998cb35c6e8a0a49f5ea468abfc22dcd239cc7855f29db65617853da4a48633f5ec392e1bc6dcb9f5988161f9c427ebb422303a224551672f78d074

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 034facf6a99a1ab07ba4fb5de19203e4
SHA1 4fecadd0c97297b00c3baa6586621b505067e97e
SHA256 2b570d86b1e7c66bbd349a4180c298a82f56bdcb78513cefaebe1e1565b5b346
SHA512 2e2d3900e090eb5fd735d9fcc8a9c1a36c120659ae5ba51c5f2c519c7542268d468a0bf2fdebd0711071ec26b8f55209a952070bf8a08673047b255413680781

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 474f6adf28f976e85a25ea18e5fad5e6
SHA1 e2e6c74ce23930ba60f3e51741f65f689d8da902
SHA256 c5346787ad289e0c36bf08cae74eea0c297a5d91327ad37c8b1ffacb3cfae2a4
SHA512 9151d269b5ce12e22751bfaf01d712babd9b77ef3664bbd39a82ff10d0ab05e79e01a5c8990e265faf5f1880c5bed51dbcf416a4699807203224ecedfa9071bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 4771f106da69f112d442612071f2fabe
SHA1 57dda5e76feb0eaf037abf089b03861449fd554d
SHA256 3cb27dfceb8b48a75b7cba0886ab9d7696057dd1186298114d7f5af9b497a0b5
SHA512 1793cd944ede4a74787f1b59173dbf46bdbf2ccac22feee6b7a18f3e6b2de26c47ad599c0896960d960e4d264c62ffa840ebbffd93c095dcfe5333b930b71c86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2f5f9a4741e697bd95d0cd464ea49c92
SHA1 0ebf6bbbc53512aadff7076120cbdc83a1fd91fd
SHA256 973e74b5bfc9bb33a38c6e6491fd1c06257e0aebcb2d97472120ec061fced50d
SHA512 36fb719682c4fb4acbcfa7164668547d70ce5b83441445d73cfa12433386aa6c0709445698e9635c293fcbd0018bee9e7653848ab9bb711be8a153e610601320

C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\Bass.dll

MD5 a8af308ff01b4477657955fbf0cc8408
SHA1 0794c059f0326e4a71be8a3ee4ac17a657d90d88
SHA256 14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594
SHA512 9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd

memory/1788-2348-0x0000000002FF0000-0x000000000303D000-memory.dmp

memory/1788-2349-0x0000000002FF0000-0x000000000303D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4c389b6605b9df2f0ade131348c080df
SHA1 ff7c3382a46a1a64729227195b2b965c905f0bb9
SHA256 24c817a1d9eac6f181401d9ba5d065f4c9001eed5d410ea27d797c57bd0e76c6
SHA512 ad33044fb044357edc29324e5f945fa154d0a2d8d9ac34315e669dad0bd74e43e3cb3062834a5b3774c6bafba36d91fa956043047dd490e0f3d1dd970a41d1dc

C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\AdvSplash.dll

MD5 13cc92f90a299f5b2b2f795d0d2e47dc
SHA1 aa69ead8520876d232c6ed96021a4825e79f542f
SHA256 eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb
SHA512 ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 98d6c2b4bc0bc3363e094c12b09b3e90
SHA1 0d3b274acc4788e6c624d8b12f4fc8b0fc1fa4f4
SHA256 9df0030ff08e7e7e0852acf5d4f95f29de34bcf120d340f26451ac4d246feb49
SHA512 34903e0a2e878b848ac4a0f831964e54a266413f757f1f7bc74c069e37e4a75ce59b4655920bc9a50126007f2eb4f8caa5609a1a5ac17d90f08dfe636ab46dbe

C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\NSIS_SkinCrafter_Plugin.dll

MD5 028251654a4d65509aa8ccb5f2ee284a
SHA1 4a4ad468a86df6b903002be4f8919017fea0c152
SHA256 8b25cf3f7aa82fadccb2ce615ce0e40c5a8a3ea7bc51180a92173ee113a0ccfe
SHA512 f252670bca0da9e8e2c519a6ef4ad6dd0c4e548aeb7566693a7d203e73e63345fc58683072020ef771d836429bed1d7b4fdf105aa3e62a969e9c8d39556e1d2d

memory/1788-2387-0x0000000003F50000-0x000000000401C000-memory.dmp

memory/1788-2379-0x0000000004820000-0x0000000004DED000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\ioSpecial.ini

MD5 6c9e444a885968858f9cbdc817e6169d
SHA1 477b877ffb0a4a5837fe1f18987badc5999cc3fa
SHA256 c550e797f63a5be1aaeadb28df33aaed5b92326137f44aaa0cecff5e2791e5f8
SHA512 ace42d06143c812d96bd779bd99a48d5bbba31680c8c4db8c222e1b04fd1ddefd72a525841e8d515f8fee7526d1957325bee37a8c349d1c5d5c11f449f4be074

C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\InstallOptions.dll

MD5 325b008aec81e5aaa57096f05d4212b5
SHA1 27a2d89747a20305b6518438eff5b9f57f7df5c3
SHA256 c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
SHA512 18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

memory/1788-2474-0x0000000002FF0000-0x000000000303D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\ioSpecial.ini

MD5 02543c76f96dc8d026525eef158bacf6
SHA1 2bc8a88369dcd70cfab075acfbe1b9ed2394c67e
SHA256 ec76c57dfad3375aa7c6439e4f62201df5504e8612d15398ab63fca58b48d46c
SHA512 06654ec05c9cfa3e62ab1ffa637d1fb64a6436bb6e2f56330140352e35c5cbec7eb4f6a7388ad2ddbb37ad18b5f5e69bf8ee7bff03f25ba1ca2fb988a1c10a62

memory/1788-2580-0x0000000002FF0000-0x000000000303D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\System.dll

MD5 c17103ae9072a06da581dec998343fc1
SHA1 b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256 dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512 d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\SkinCrafter.dll

MD5 8fea8fd177034b52e6a5886fb5e780bd
SHA1 99f511388a2420d53b8406baed48ba550842eaad
SHA256 546dddc7a31609b5bc3dc8ecef6f6782b77613853c54171fc32314c08a69e8de
SHA512 5d82a3b9cf9d69049e6278a6d835b8a9a386c97ae9a69cf658675b0a8751a344d0da1ee704e9bb9023dab7cd77fdca684bdc90837960b583eef0bb4324498696

C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\GetVersion.dll

MD5 e013b625f5ae1e2f0b442cf39c0069df
SHA1 9ec785b63279144c091366badda65278c4cdee20
SHA256 16dd6da98b7e53d374830cd4c644c01b112955f8487a285f34dc0353e9cfac15
SHA512 306f7e674d119d129db48012c43f825bffabd078fac8518aea9d514b0787752a2e876bda2ad15df7332bfc8cfba38a0d1be17ee7c58a27e09678fce9aec58418