Analysis Overview
Threat Level: Known bad
The file https://getintopc.com/softwares/audio-processing/dada-life-endless-smile-sausage-fattener-vst-download/ was found to be: Known bad.
Malicious Activity Summary
Strela stealer
Detects Strela Stealer payload
Downloads MZ/PE file
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Checks installed software on the system
Drops file in System32 directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-17 10:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-17 10:50
Reported
2024-07-17 10:55
Platform
win11-20240709-en
Max time kernel
300s
Max time network
299s
Command Line
Signatures
Detects Strela Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Strela stealer
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\msvcr71.dll | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File created | C:\Windows\SysWOW64\mfc71.dll | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\8.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\GreenLight.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\License.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip32.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\11.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\2.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\15.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lv.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Sausage Fattener 64.dat | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SmallKnob.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SausageBottom.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\BigKnob.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\12.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\RedLight.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\10.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\14.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\16.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\OverlayKnob.bmp | C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7zFM.exe\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 = 5000310000000000e95812891000372d5a6970003c0009000400efbee9581289f15869562e000000059d02000000050000000000000000000000000000001c03000137002d005a0069007000000014000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7zFM.exe | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7zFM.exe\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "2" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Applications\7z.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\_Getintopc.com_Sausage.Fattener.VST.v1.0.x86.x64.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 125429.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getintopc.com/softwares/audio-processing/dada-life-endless-smile-sausage-fattener-vst-download/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff962643cb8,0x7ff962643cc8,0x7ff962643cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2612 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar"
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6568 /prefetch:2
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar"
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe"
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:1
C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe
"C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe"
C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe
"C:\Users\Admin\Desktop\Dada_Life_NO_INSTALL.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6183020802563734073,15265374021511043483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Sausage.Fattener.VST.v1.0.x86.x64.rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\_Getintopc.com_Sausage.Fattener.VST.v1.0.x86.x64.rar"
C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe
"C:\Users\Admin\Desktop\Sausage.Fattener.VST.v1.0.x86.x64\setup.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x000000000000047C
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | getintopc.com | udp |
| US | 172.67.75.211:443 | media.getintopc.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| US | 151.101.128.134:443 | disqus.com | tcp |
| GB | 18.244.140.59:443 | c.disquscdn.com | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| GB | 18.244.140.59:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 88.221.134.251:443 | www.bing.com | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 88.221.134.250:443 | th.bing.com | tcp |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| GB | 88.221.135.32:443 | www.bing.com | tcp |
| GB | 88.221.134.250:443 | th.bing.com | tcp |
| IE | 20.190.159.68:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| UA | 45.89.245.61:443 | programming-link.info | tcp |
| UA | 45.89.245.61:443 | programming-link.info | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| UA | 45.141.156.42:443 | how-to-pc.info | tcp |
| UA | 45.141.156.42:443 | how-to-pc.info | tcp |
| UA | 45.141.156.42:443 | how-to-pc.info | tcp |
| UA | 45.141.156.42:443 | how-to-pc.info | tcp |
| UA | 45.141.156.42:443 | how-to-pc.info | tcp |
| UA | 45.141.156.42:443 | how-to-pc.info | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| DE | 94.130.142.176:443 | 94-130-142-176.top | tcp |
| DE | 94.130.142.176:443 | 94-130-142-176.top | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 95.101.143.192:443 | www.bing.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | udp |
| US | 151.101.128.134:443 | disqus.com | tcp |
| UA | 45.89.245.61:443 | programming-link.info | tcp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| DE | 138.201.124.163:443 | 138-201-124-163.top | tcp |
| DE | 138.201.124.163:443 | 138-201-124-163.top | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1fe10b6cb6b345a095320391bda78b22 |
| SHA1 | 46c36ab1994b86094f34a0fbae3a3921d6690862 |
| SHA256 | 85a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239 |
| SHA512 | 9f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a |
\??\pipe\LOCAL\crashpad_2404_YJGJBLNTWPLTPGET
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | caaeb604a99d78c4a41140a3082ca660 |
| SHA1 | 6d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97 |
| SHA256 | 75e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6 |
| SHA512 | 1091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d474a2c0a1d4ebfc50ec33add4883e1 |
| SHA1 | 448123522938f8cb9210627f052d5d7f6a0a08fe |
| SHA256 | c79e3f2f71022378b0ce4253e07e41ae1f7f49b3f400d7d363aa432aae1cf009 |
| SHA512 | 4a3df528142c77c509fb96dacb58f06f3897ec9bc12b59176e6264c6f92d5393bd86dbe43a9eeeedca07f757e8a517ccded9360e46ba4a71e91d1abe61ce9e50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6d7a0fa7d54c87bc042098b77360271f |
| SHA1 | f4c5cf8cba3525d46634ed406f7cb3fe09cc6ad1 |
| SHA256 | 785ac1cf1d23c639a4e00d4376eb25d0ca03308226f15c50643619e16f6e80c6 |
| SHA512 | 13b5dcd3a91f7ed58097c0818a80732a2673511fe980588a88a18724d9dfab677cd279542d5ca3167d260c03167dadfd39966b850b31b60f341c497a44d350e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49bb32ab3ceff7123c587671555aadbf |
| SHA1 | 98dba09cb33cea47b0cbfcce17a9f7aaa479c370 |
| SHA256 | c4e7651e2e53e6b4864fb53ce91f0cd602f080b5895a27f0355514079ec11221 |
| SHA512 | c5070e2bbc5f284bb02764f6f2f7a5017f5dfa87e5f0e90036555ebe900b6eba502c25d4631d81ef5df6c711f05cc1ba4ea75dec73af1c2214c0eff699700bfe |
C:\Users\Admin\Downloads\Unconfirmed 125429.crdownload
| MD5 | f1320bd826092e99fcec85cc96a29791 |
| SHA1 | c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed |
| SHA256 | ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba |
| SHA512 | c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7d651b53e1cc398e97f52f39d6b4ae5e |
| SHA1 | 4689e15da1674794cb64ccdc31833a8d4140eaf6 |
| SHA256 | 120a83b4fa07e44da0524988a96637274fd92ab1fc6fb982e45756889b970c23 |
| SHA512 | 2f77e118c2bb733cf43d3f23cf5723b5e5981d90d5f1d4f586db8379ee193e320d79a07e476732c8e4d7c581257033a7fd9002f7168ae820d54f6758b1e0fb0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583c0a.TMP
| MD5 | eb5a52aafb634f4681e78e36673c0b16 |
| SHA1 | eec0f670674f627e807b1705b076b867c2d3e693 |
| SHA256 | f5d6260c06aafd52b2d64d175ee35b47c850dbaa849b5339b6a3866cb57edb41 |
| SHA512 | 259c57b576bc9324e4392803d654412557d089c2a2f32390ff7416c80653a36589f7556154239cc8c76f30194afeae1efaa9e66258f5679266cedb0bbda7492a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c4bd0a0cd8b7d423c60ca730f66d8e3 |
| SHA1 | 353ee1042e8ee0742315a7d96d990b7785db437e |
| SHA256 | bff5f4ad0813b476e65db6678dbf5008e1b383c58619e852983947839e9dc1a9 |
| SHA512 | ea0756e78da8a85fe276959afe277e016595d9cbeed8152cedf096405e974d84381be73ce9ecf2f1761f5f3dd5c572b60fbdf68d0a2f02813426261275d33d20 |
C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier
| MD5 | 029330768a433c4996af04fe3e27604f |
| SHA1 | 19401828a1b580c5f20235ad48fc4cd5d41f9726 |
| SHA256 | 73abd10179bfd69a42a315e1ba698b309f667e6b089a23e108c2c2e94e4325d4 |
| SHA512 | 5bae77e27ee9d5599268b0c2416094d28f3bed027d1cd95483f9bfe180f9e76eda383add1e508aebf588d52288c06d4cdba64378a701da0b12fb15ae5125e560 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4f62fed1920369b9c3d5b1f233abfc30 |
| SHA1 | cd34c377693f6a3d3d9b18e920c40c405efca9ee |
| SHA256 | 7a162411cc07e339efd95fbb1d37bd56a339c848f331ad72e44c2e5294059419 |
| SHA512 | ee15d6bf4f51f9c2c86f5fde4585a16b72fde3e7142c5cb3f9f33892c83e47147b7d8004ff4b3bcb1751c95336f11d3950ce236dfda34528d01331ebcd7787d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | 7f8965bc4a6541189bb000b832b3ba4b |
| SHA1 | 2cfc6a12844c3ec89d571ec5d87cdd5a0cdc26ad |
| SHA256 | 57e9504e17918efff5f382ae00f64cf1203fbc3190adc3774f43f49a883a16da |
| SHA512 | 7763d57e238ff0cf43550cada4c6d941a673e0e9ce8020e0b6b1a99af54217c7180c2354edf9138cd50461c07de5e0ad09527e3fc7ef87a73003ac3847dbf306 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 03e34024a397faaceee5b2fdbcd0d68b |
| SHA1 | 91bee1c5001d5b5a84069b7e98d03fee4d9f195c |
| SHA256 | 1b5461aff87f416b8dec026f7adc378048016d75260b8516bca70803406f5f6d |
| SHA512 | c996f09f983fff864d2ed67e4945a7476f92d91cb5fd44e7796b94d1fe9cb086ed256ebe648160c4f469e256799ab370032adeba9954ad2d59d4f19491b54423 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6116dcf0da6aa663d2f1d4a6ad968e6 |
| SHA1 | e7dd8a9884acae8d574c19fe99ffef369e2618d0 |
| SHA256 | 914e172d4f6cf9d74e0e1cbb06a646daa90827af44e56a6aafadab5a64833c4f |
| SHA512 | c385f8b91f01c4c33857494c85430a7d1ce67ab08db84e236499f3cbbc0232b6b5568bfd9f840347eeb7d66de6476a51e9e1c4ecc45d956795e166a5f3e86645 |
C:\Users\Admin\Downloads\Unconfirmed 496793.crdownload
| MD5 | 1e680f54e25df306174dd9357fd88890 |
| SHA1 | ee45327f5d7c79bd4c0e9a192b3749c99734011e |
| SHA256 | 4637889c0a990ed53b4725c209fdc91060ad649a679bb10f4cf1f4e67ecdaf04 |
| SHA512 | e5508cdfb1dc5d841146ebafe504617f35c287b12b03e317d5af978190cd62884716e5fcf74ebbe7e4ae8233be5c5b4d1a9131fcba5c8a4ce7ecc06bcad0a971 |
C:\Users\Admin\Downloads\_Getintopc.com_Dada_Life_NO_INSTALL.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61fce4cc4c6eb6dda7950c7d7f3421c9 |
| SHA1 | 5e07eb8fe9618fe0ed8eae2dd1a6203755fd328a |
| SHA256 | 2b0d933d4b2cc8d0d0ec3390beae79d34231fe4c04f74d09bd9bb645fafadc58 |
| SHA512 | 92592a12a986c516d74b70495722fbfd3cf3aadb503bf3b06c9f68263546e0687f7229d4838d0b1bad133d2baa0d9c40a3a5b27dad9fc6cb9959ce1f6481ccd6 |
C:\Program Files\7-Zip\7-zip.dll
| MD5 | 8af282b10fd825dc83d827c1d8d23b53 |
| SHA1 | 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355 |
| SHA256 | 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca |
| SHA512 | cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 261e24636a890517180d1053e23d4806 |
| SHA1 | d04eac1510e2786adcff2633bfb1785dd68978cb |
| SHA256 | 7115ee094269ad3d944c2858f23bbcdd27e635d70191adb034d4b77ab4f8693a |
| SHA512 | 631223ef27f950b6e4c56ae2cc009749f5cbdf41a10d6dcda54cc2a757ba237410fb7d03db9ba01ece5f588bc026969e00311eb97ee83a6d6421e16a0817ce79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8dbaffdba6b41be78c2cc491e153d5a7 |
| SHA1 | bbe2d5333aa10410c336e1e5f6209747b01171ca |
| SHA256 | e5694db16d7d9c0e8d3e95d4b61a0b580d3ee0e937b54f29fdb4bf0f2e88c1e8 |
| SHA512 | 1e7c15e9d44d029e5529952981c52d67c19d37f297d0d2605266b3f21a44d73cf69119b3698790dc49afd79e9d3de7cd26e0aa5183c06bb185f33ae9f233aba5 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | ef0279a7884b9dd13a8a2b6e6f105419 |
| SHA1 | 755af3328261b37426bc495c6c64bba0c18870b2 |
| SHA256 | 0cee5cb3da5dc517d2283d0d5dae69e9be68f1d8d64eca65c81daef9b0b8c69b |
| SHA512 | 9376a91b8fb3f03d5a777461b1644049eccac4d77b44334d3fe292debed16b4d40601ebe9accb29b386f37eb3ccc2415b92e5cc1735bcce600618734112d6d0e |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 79e8ca28aef2f3b1f1484430702b24e1 |
| SHA1 | 76087153a547ce3f03f5b9de217c9b4b11d12f22 |
| SHA256 | 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7 |
| SHA512 | b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 1ae18a5934322b0b23da7c5678e2dbec |
| SHA1 | a1ae84c861f338e8f8c2a7c0102d8b0ef9aa6da1 |
| SHA256 | e5db8a72bd2901a877c67b3acba60f386b9d6e8d3e485372f7180fb76652b93a |
| SHA512 | 01e660e2dc2ec9d4d64c4f981804f252f77bee400eb21a43077681a2fc51bc564fd5749ea8f25a4b3da0500bbf33dd3cd27ebbe3cab96e333dbd6b57966fc151 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 1d1b0349f970c8de7fae7a94520e21f7 |
| SHA1 | 8787ce498c9f1628665dd17004676a9cc5e8f99a |
| SHA256 | f63a2d492d7a20e7ae6ace725da0320b05a6250794c9b449e1bc48d3f63cef56 |
| SHA512 | 2ff084ca8b7bd05e156fcce6faaffd861ee09e09821e8f3325093a0aec46d54481d18d61d84b35fc2c760d93aeda70648201c740fb429f6f75dbd6708774f0f2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | a0506c16fedbd8b4b92ed4c6cba66a48 |
| SHA1 | 655362b156973667afcda2b8b2b6862abe4b7c8d |
| SHA256 | 7e30fa88e2f62d94bc3ee5504a500b0030ab5f52eac0756f2a13aafb3a5fc8cc |
| SHA512 | 659cb222e1d498d67853a2ea3aaab740894fef034005f42c4a02f586f96014d106289b646e2b6b95644d76a23dbf7850d1e46ba83ef3ba86e77390a79ecb1ac9 |
C:\Program Files\7-Zip\7z.dll
| MD5 | 0009bd5e13766d11a23289734b383cbe |
| SHA1 | 913784502be52ce33078d75b97a1c1396414cf44 |
| SHA256 | 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129 |
| SHA512 | d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fd42b1548cd42fe62e16f886635fac45 |
| SHA1 | 29286d6e2ccc871589de3f657212ab123c26f18e |
| SHA256 | ad8df2f72ff6fc7be3a16f64cb20e8fbfe178cfb1d94c7d1ea93f8cd2acad558 |
| SHA512 | 3d68c010f658623af565a029cb1f164f32cf0247ab881ce72d396876ab5d83ee0318fcffc74b09f03205d74ad4c298264a9cb4d80e3e552b8978556740123bc7 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe
| MD5 | a5995b590f964714ef97074709162d8f |
| SHA1 | c44e5b0d7a54ec2af1fd11db1a8ee1b7d0ae3a1a |
| SHA256 | dcf85ee07299cad5e5a6d91d0eeb34b77d4025bf8cb9949dcfe9b5d4ea8c0d60 |
| SHA512 | 445a18450a9e304f020c11c7e729003ad3804fee8ea241675d0c691a7caf0cbfc515c36126c59b8dcfadbf47e1c1f65cc610813b24c837790768f5c0d8802603 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada_Life_NO_INSTALL.exe:Zone.Identifier
| MD5 | 234af700a238e3426b5194149f670ce2 |
| SHA1 | 7cbde025a4b284ca06e8e1b9de1bcad66bd3be81 |
| SHA256 | 19cc36b2f36cdc3230c558189302b7b33213012aa4a5fcadc1842524475f28c4 |
| SHA512 | adf60b64b96746ed23f92c4e5cb57de069bc11ad9365b146f75cb6ade69b09b2975ff1e0b06d28108a43b0eb50639469f8a8ef89266c4840a35f083d468db53d |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\2.bmp
| MD5 | b983fb2e8d67378f2eead3af35a41276 |
| SHA1 | 001d4dcdd316b285845f82743bc9353040365221 |
| SHA256 | 5de6fac064d9897c7865b71528b0f4ee4375a9a1f94cfdd8ab355c17099ed75a |
| SHA512 | c71980ee0466bf58518d914ac667516f484e991fcd03751536225ea76707e732f939e55c49137431f1d72417827339af6817ae2ef32098fe9af354c2619ecc3b |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\7.bmp
| MD5 | 39799c0964d71e02398c91c45a46f45c |
| SHA1 | cecbae88c112059bb6503cfb0081f4e680798be3 |
| SHA256 | e2b22df0d33ba6fb7b3a3e766560c074b15a0357714430586034f3f26ff5deb4 |
| SHA512 | cdaa3bc6def877991b0c42466b8e0ae9674ac18c742610f0b4775e92fc2f5a142579f6e3c28acc04793981606d6f22a6bf57c720a575ee6e9be593f3a4c9113f |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\1.bmp
| MD5 | cd5ff562751a97fe101a67e771ba502d |
| SHA1 | 40ab4ef194902fed97926363fe6f82f3ddb905c0 |
| SHA256 | acbb674a36c859af77de0aa1d3d95c1cedf000e54febb31020e6f938194ffc6b |
| SHA512 | 4d8d1bce35189b6b20e478330e9d94c5b4863446366da8bfebd5e29303ea2560c1749c00ea181716ef9b873d19f7bb0b0b67217bf33fbcf14ef06034eb93da2f |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\4.bmp
| MD5 | 9ad72b8e9d020a07af384e0852b0ecd9 |
| SHA1 | 8db3484a1d695a913b45e9970eaf9c945b8bf028 |
| SHA256 | 3ffb2919fe2597e3ddc3e39922e44fb1a904af0dd715f30bea1de84136fdd4c6 |
| SHA512 | a08420200e5ebffe4f00868b8abc6172f17686719cb581afb12af6ce901cb074c1823f960bac66d50e2fa99fd228270774b5a41e1cbb14ce5fa63d996cfa37b2 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\AboutBox.bmp
| MD5 | 8d54f93d237afeac0f9a1f38419ec778 |
| SHA1 | d46781264b4d056fa2180ac4c8e514c192e6f813 |
| SHA256 | 9f41ccadf3e51aeacb40aca9bf0a37a8f81cb5240e5d9d35bbfd85857125f0af |
| SHA512 | a8c5fa1686bc508a417fda165c7dde3c09a9b1e12256be2b29d86f90373ac6221c3b05244687de0b6795555f508061db38f1bcfe7d96fca8b7c3dfd579b92f2d |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Sausage Fattener 64.dat
| MD5 | 54796ccdb2d6031b2e0d1259e534caac |
| SHA1 | 5c46b4ee988900a2da2a0a60314ac45ac265c9ef |
| SHA256 | 59b707eefe8286a9468d8ddb4cab4fc5ad4090ef21d68f4c57a3da2c9a5df58d |
| SHA512 | d3fc2c18f431bb7a7aa08ebc70026409363700bc509c22e53d12e14e480fb9096cb0e583cead0e882ebeb21c1b29e7655d86bad65a041b27c377404fe41c186a |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Wheel2.bmp
| MD5 | 53ce88ab4c2136c751b33526ed11e617 |
| SHA1 | aa101ca595414bd291ea1a4da2d295d654cc6445 |
| SHA256 | d14b8d4dae6875bfc11d2501c9bb972770d91164f7cf503b4477fa275b3d91b5 |
| SHA512 | a593b9df9e49de8bae1e2cef19ba7dd9ae75b56b818a1346557e5f82b85e09b913381be20fc94c2a6629222228bcad14072ea07325dee3ac260cd2af08cdfb64 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Sausage Fattener 32.dat
| MD5 | 69d6f94235a27ef0e06544e9ce0d632e |
| SHA1 | ea92ea58a7db386092a868eea87949fc5d8fa626 |
| SHA256 | 662c308546fc42506073e1f12d38252f7cdaad888e13ee4cf109d062ac609955 |
| SHA512 | 39432cea09d8a9921176f14aaae140ce6638c8321f5fe3808616152dc84473bcbfd0215150632d6cfc32f78c7419576a20d5e00f19507018f7de88761e577ea3 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\OverlayKnob.bmp
| MD5 | abff5a6d250d20116dd3539922ad60c0 |
| SHA1 | 7a9216973e5b7a8003ef4df16e7cf0e43f638a70 |
| SHA256 | 6418a8be1d341df869be125fee4a4530dd8b2fed02133c318525ae903d231c75 |
| SHA512 | e53e3b1fabc1d2519780a3c4c089e8622853325785d7cb77fac4fef480abcef89870c757cccd50ce9089544f76d77888955dd0e507bf5bff948d3d239780a494 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Fonts.dat
| MD5 | 9214d2202b9f4d8374668200f6be09e4 |
| SHA1 | 049c8125e7e89385d79e14e6ddb48d297f1ccefe |
| SHA256 | 2e07347d0d6ca356a51fdaab611673c3748aabc73599edafc255af33a6d95664 |
| SHA512 | b0de7e0b7e52ed9aa546de79066b314b00fed40bed911afbdf9f75a4df75fe3611285ba9f51219b7ad5469f71f4a09a87949da2b6281a439e36f9f6a0570c229 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\16.bmp
| MD5 | 74963a0e21b0a442f0e327a9e83fcf02 |
| SHA1 | 4aeba2036721e7d73a346c295eb436067c8d3976 |
| SHA256 | d2bf6a0edd77365e2593a2fa154a9a7e1c609111316e17538706d7d453cd5b43 |
| SHA512 | b5c0eadd8cebcfefa98b6080a51f1801233dd4f2e72b9df028fbcd571d046466ca9b7cf36172a524ff7c60820d40475a8e190d5bada901d3fd485e17c41daaea |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\13.bmp
| MD5 | a0e8b1c81ddc511fcb5310c5deee8e9b |
| SHA1 | 88f9b448d7f5ca3a00b36b06e25fbbe94ca0a451 |
| SHA256 | f329a87886a84e7d36a03ab620221ce2e5909bf595210a0a70e62065b68bd458 |
| SHA512 | 3e7b08f44e8534b2208c37e8f78fc91831ef7a7f9e634577b40be3ba970141437565182e2fb5f659fceedadbadf1bb562db351a95c4ce531913a72ea35cef272 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\SausageBottom.bmp
| MD5 | 34af6f4249eabf73d03f18404d4e279e |
| SHA1 | e60617c8e9cbad6773d29e45b9dd361f1646a3d8 |
| SHA256 | 223283d885aa71d8e1ff73f02c4df8d6d40c6b2c9b371c984a5ffedfc9244ced |
| SHA512 | cdb44bf28b005c5b8220ab5bcedc8bc49b6962e96840048b700073eafba8faf0b9b637ce9bd8d3018ef01a053a696a43ba63dd616c554579348519da29ac061a |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\5.bmp
| MD5 | d659f87c193a47bdc497410bed0e443e |
| SHA1 | 12629ad7b5dfb0cf9134d7ba83f8693c897a2c58 |
| SHA256 | 94f649cbb0e250d378b1f432b04faca475965e7de8a02535fc2a1f56890660fc |
| SHA512 | 0bfba7ee57c0df82b52501750a7f79af77fb7dc231621452c838456bfb43f183806b52098122780f3f94c715e65fa9e08f59836895714b5b0395bd1633b2010a |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\14.bmp
| MD5 | 22fcb3ea5ee2414880ef094b6b965c94 |
| SHA1 | dbfb1cbb08981fdd3878faf4179f5fddf67a4a9d |
| SHA256 | 9058e0d9ea998c21309757586d30b0e5378c0c1904ebc2d95bf01223ddba269c |
| SHA512 | f104e05e5fff7ea1b5e7e983ed8185ee5fcb3d5affe07f9d60663b61027c4de76743b4b67d21578de7f35eca75d953a8182c7d3330c2ec65966cca6a4363c294 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\11.bmp
| MD5 | 8379b1c3d19f3648f9236187e16149e9 |
| SHA1 | d1d4ef0d7071ac00c8d3abae6b79d8ebf2798452 |
| SHA256 | fd3a02f023176a6ae82935f00f72fa13d42be28d58eec0422b9783184ea852f3 |
| SHA512 | 1822e9eb3c1943d0a6e78a78d6920db26f92257a5a368e5524162c65c08eada27a4d7fdc1714279910665189398ebe510e1e4d982bedb4915d75ce9f825b215b |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\(Original)\Resource\10.bmp
| MD5 | 315fbe95e7b2a86b874b197fbdf15849 |
| SHA1 | 1cfb80ce65a3ec7797a236bd21c5de45ff49ffaf |
| SHA256 | ffa4a594d09f8faad81a30ba0999692530b1c248939328c57781ccae55129536 |
| SHA512 | d0ed7b6cac55509e08dcfb6ce4bfef8da2945cab9372e0e044297fd21f8d9a74fcb601bf8faf2e97d1350bbf9363d3d25421da34747a7a2dc7660c8b3be253b7 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\SmallKnob.bmp
| MD5 | 62b24e641af1cebc13961addae46faf0 |
| SHA1 | a34293f03989f08cc3060baa59085299e5464c4c |
| SHA256 | 017fc7f898e5ce20e43f3bd08d0bd477a0833b71b7e37834abc0bdf230dbd793 |
| SHA512 | bed68a483c1be28b215e68e38361a830b7e84d51e1be9a36cef4d0a48a45e0e49f304e8014dbc81728edaf1106fa0b516d4c7ef834f863c6b982d8dcf72093c4 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\RedLight.bmp
| MD5 | 548c71ea92f3f6cee75b8842d2b0212d |
| SHA1 | 6a846cb34de06b5c061959cde194c6608a5ab3c4 |
| SHA256 | 812f8b2158d578426794eab877eff5ec567fd2fb9ee9d4bfe9b2087e685dc5e4 |
| SHA512 | 500dcf84e074a9685f8e78bb006e3fc2ec07cc219712bb6de9931863ac0baaa62b52d632922b9e6de7b483636f3dd97ed772377d663dc84b5b866206419cb5d4 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\OrangeLight.bmp
| MD5 | 3a1ac28b7e94224210e5baef9e38f4b7 |
| SHA1 | 3e95175636cd6e7a0ffbbf2e7f498060a1afc4b4 |
| SHA256 | 4d753f887657fc23b3d8de7d8b6697e24411a3862a6679a1ab99d3a682617cf6 |
| SHA512 | 0c36c7c74a7e7da08ad755d990d9da41eb0d365caa914a6d27812d1e666b1a0fbab26250e30fdfc2c4dd2b9fae2590a4df1580d8f7de639e11c00c62b36e0101 |
C:\Users\Admin\AppData\Local\Temp\7zO0A12772A\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\GreenLight.bmp
| MD5 | 7cda43ea5240ce9f5d9cfe6ff0686cfc |
| SHA1 | 27557f50f8735529ceaae0e8593ff8d8044fec47 |
| SHA256 | 915314cadd631ce017d74b3adb303c13ea1737e8f4c29b46c17a182c07b0f649 |
| SHA512 | 55b4be9b37115421c44ca0f487a317fe768abe15c2b23f83ffd721ce4d16dc9faefe48c69b931beee7832ac7f748916bb754e92273b0519e2a31cbdadb9b5766 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39e12d108c74333a25b8699a7c57ebdd |
| SHA1 | 88ac6ddc224fd4d304c8178365a2ecaa9dd12620 |
| SHA256 | bd174c8ac2b759f12c1b26f4c0059b81b63dd6a71f8d4cd3386b40c2684893de |
| SHA512 | 11c2ded9077d653699efd45af5f58b29644b62595352f2f00e1e911ed4c8fca791e9b498c52deec4fe9f5c9ba788f324be802f963a60f0ff7afea7906dc14b8e |
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\BigKnob.bmp
| MD5 | 038308b664c7c730f28f6db0a9f4e5f1 |
| SHA1 | 9535db7fa280882e827c2edd0c557547921b3ab9 |
| SHA256 | d0b440b71f97e14f9cdaa534daa3b6695c4639730be01fbb7d8643c4fe5c3d52 |
| SHA512 | 6a13bf662b3fe4e138da744644547e3c7184502d3b7b0c68aafef40673748252f4d371c207d6c9a752eda719abd9dd76b440806cdeff3a746cbb1c6c76ed7777 |
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\OrangeLight.bmp
| MD5 | c599581a4a128aefe283fc78f0164fe9 |
| SHA1 | 1dd263fcfad1d5b2054e9c670925ba88677a0822 |
| SHA256 | f961fce5458d40d996876c7c0802e0555f621d6a901cc1fb1560cf1ca362ad8e |
| SHA512 | ddb5725bc3bfa52fe5c57525a949f8ef63b9fc437859e26b36a95b98b7e9ec61a05ddc8942b6a80052e33af42e19a71685a3e0da243b136d8bc5bbfde19ee3df |
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\GreenLight.bmp
| MD5 | ac16658dc8cd56e5fcc586bc5ea00a50 |
| SHA1 | 08a6fa7376251cd6a4f0989090fa6d7c5e4f314d |
| SHA256 | dae8344797318866589485444c0fdc69bd708c69b975c82ce0ce949a8cbf221d |
| SHA512 | ee15b3f29a916d54d58caef920fdf5a70d029c9e578ea71e8850c2962e0c41049c492a9e7870e3a6c17b5757d9a1851b5d6ebd4c772bce2d70739614c8ec90bb |
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\Background.bmp
| MD5 | b0df33ef469eb32ac0361082ca79e24b |
| SHA1 | 48ba103f7396206de392311d3bd85890eef6ca1e |
| SHA256 | cbc2262ac4da76d3eedec54f95f18b0bc6f8e070b673f7e1e1d38f0c4e0e1c2a |
| SHA512 | 3c8652c20327c5d73cd85e52c5773bcdb301dfaf03729db18790569a69245fb455641c52c454a2b696e40aeaff9a3f4ecdd6a4fb7626a8ee354a7d94c0df8035 |
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\SmallKnob.bmp
| MD5 | 74d08b6908b10f665a2782e099d8137e |
| SHA1 | c10238fc58d698334917276d1e2380cb86e47ada |
| SHA256 | 3c12dbd602c83761453ad6e83273c75dcd16e72e254fcb0b5874c9112d7fcf44 |
| SHA512 | d0e7e5451bec6824d95545d6f4aa2a34894a3aca5cb28ec082b5f8f95e164e3f5b0dc6d1c503c91473cbb3f465f20fff228bd1a6b01991a2e823d9554499eba9 |
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\RedLight.bmp
| MD5 | 674ab57e3f97ca76ac9d3face6689e41 |
| SHA1 | 350ebd0d9d23ac753198d833a24953c106d0c556 |
| SHA256 | 8663024c93b4d2379401bb178db9be8c9beb427d3c231ac6876cd70731d0f45f |
| SHA512 | bd466b46a5839c7957eba5d717163f20cb9f8ccd1a9f201b1c334a4df88cc00b0418de6168f31366655a1b2798cfd03435dae8a1d696852db336f9aea7401df3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93aef3bfdcbb997c5bcc882de44b1ae7 |
| SHA1 | e2f55fdefcf00d5a87cb6e954e66935ce7035eb2 |
| SHA256 | b6c40831d0e006d815af63996f25ed78b20f309e7a4e4d8fcc4a9dadb810e973 |
| SHA512 | 5efe92904192dccef35d5cff182ede0935f72bc8ac12e7653dddbe4e075284fd38482e40f39e93a2c8bfbdde0f8c582bc8032f75ce358452776b1bc778db750d |
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\15.bmp
| MD5 | db6d2dbb0a0f2836f725f942453b29ec |
| SHA1 | 83448f73bb9104178ab354128e47a239b1abdeba |
| SHA256 | 46ed9e0e6d46d8840fc3771c5b8b5a9457d91e0a994e72a8289481dcf4a83c32 |
| SHA512 | 5542a2a8dcaf436d2610cf685a2760bcc93d077086658cffe2361f3da0fae5f5f76a1761034cea5f8e9ac1151944bafa726761213acccf012bd01ba38f4d5ed4 |
C:\Users\Admin\Desktop\Dada Life 25.01.2018 NO INSTALL.txt
| MD5 | 6b4794c97513a04810c6673e0c996a55 |
| SHA1 | 43cb8593fdbb6b996cd515cfe9c6f01d7f6d272e |
| SHA256 | 13d4fa25c2f62b00e6f665bb091796ef63f7abada7d36481967258fa66bfa488 |
| SHA512 | 12216e70f5882b1c2613da5ffeb0c4492e19c6f2353af64d4bbd2fba599f694ac1414eb4aefaf99cb9be5b621c4959a1adbeb7bba20d5902ce963d5003d85a6c |
C:\Users\Admin\Desktop\C\Program Files\Dada Life\Sausage Fattener\Resource\12.bmp
| MD5 | ba19c720c62fb04a6d0687763eb3f0f9 |
| SHA1 | 80ca6d7bda2b287c87d36ad2535bf9ffb5bf00c2 |
| SHA256 | 67c1e8f97cb11fe2d5d658e994682dcb9b81ec73ee221e2d704bff5da8f7a360 |
| SHA512 | 298128377ca05e88fd5000725e4871ffb81f0b49de805552c7fc205b48a1739a64cfe246f360186259322ed162fb31320fe4f7f511b0f106677e0eb8c7ed84ce |
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\DADA Life Sausage Fattener by COLOVE Products - YouTube.url
| MD5 | 9ed41de8fa84d2245dc5e8b970fce6de |
| SHA1 | 6dc08c79fb332dc9f19dc75ca5cf2941935a89b7 |
| SHA256 | d203ed7f77ab1db4b7fa730afb0362599ffa4d4038e0aa0dc10c572e55488557 |
| SHA512 | ecfea6acfb782e56455c1f445a105336c35cd0fc6edf3990a868c80cb0f1f4b952ad985dbd3f268fdb8aee10d848c3600b3ee4ce327a4d228aa0f9ee969910b3 |
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\BigKnob.bmp
| MD5 | 2b91e7302cd2539a270a255e19dd3bf1 |
| SHA1 | 82badb2112ffb7a31e968dacefa9a4aa0fd4cb30 |
| SHA256 | 85e212bcfedf00fd8bf70f567cc0e1ab4f814c7a59387a2736eb4e5ee75ee566 |
| SHA512 | 57492dd9ff09a5c91df16b7a02bfabdd8b9efe49502638123131926714b8d95e499445fe828a7f2cd155d3b2ea2f6ae937e33c5f89c53c5b0958dde7438a1f2f |
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Green\Resource\BigKnob.bmp
| MD5 | 07710f62c1fa7c03b2cd000c72923df4 |
| SHA1 | 7c2b41083ade91810d31ee57c440c29c3a79a990 |
| SHA256 | 7cc51068309a4a5fe1f4a74b2e33f55eb69da10d82db22cbf71a4209c4455b45 |
| SHA512 | 8eb513786ea4b39416aef2e8361c1a6d9585a2db660bc295ec1c3e43c0c629cc2e67a414aeb87f7242601879502a662f7b7194def939a666c24f412fcb96ae73 |
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Green\Resource\Background.bmp
| MD5 | 75a9e8c06efafd8d6907cafc88c48dda |
| SHA1 | a8bd1513b7a99e5844edc6daea867a189a11798a |
| SHA256 | 1e610622a9744f712ff39b22396336c611996d91d575a0ce54346aa20bce3749 |
| SHA512 | 825050147b5b02fbf1b15468e940d1ee1a73073beedc278beb226ebd2604caaecd0d9b5ae7943aadbe0561bb4912b13e75970c3f9de28a2786c54e2f96ee4fae |
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Blue\Resource\Background.bmp
| MD5 | e7b6575ad89c95bbccfa2515646aa1a2 |
| SHA1 | 0fa978c98902e11db6b86edbb94f97f7405d9cf3 |
| SHA256 | 18bc67c7cf4b3f05a2995c9ebb1a32118cfbc5d4f0392fcab8c18fd4710a9921 |
| SHA512 | 6bbf97623d558a7f13b06689c64259b9ba5ccec564d7aeefda5a94d7abf5fa5c14412ad1fd7a345fd58757562448cd6180b7df45cfa3b78b57a6374fb910caeb |
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Readme.txt
| MD5 | 2b383033604da81e95760864b1b92511 |
| SHA1 | 99969232d7888cc710063946ae131da25faabd04 |
| SHA256 | 9c5810ac4e6899a14f7d6a2d9a32c0103b805e03a91fe01445e206653af04829 |
| SHA512 | 456563c40edbfa886202b945ff14bc60058c1dae46cdd78cdbdc3f0db0c52e143a2ebe67cc9a9d2b0a09a1803138e5e290afc68eaea92377f9408d0191b91a7b |
C:\Users\Admin\Desktop\UnReg Sausage Fattener.reg
| MD5 | fa0da1f0dcc188a4eaa2fe1ea6472883 |
| SHA1 | de65763b8d5a3ab48fd9d01590f2abd5afb3cd23 |
| SHA256 | 431be2ed567582604b74a097e78cffe4d9af01f97d21563c946081a060dbd226 |
| SHA512 | 8f1d1187b75da2032cfb7d1b7d0d8cb711031e894907fa0670899e21224d06afd8aadab064418fce3aae49106dc5617bea3c8820b02ce6ded014cbceb1fa0cba |
C:\Users\Admin\Desktop\SymLink Installer.cmd
| MD5 | af20610489f1b039e41ba25869f35d67 |
| SHA1 | bc6cd9388f846c988f193c643f35e037e853c464 |
| SHA256 | 26913a2e5972026dc9fa64e6d68eeb9019040515322c5e4093490db033492214 |
| SHA512 | ea13f1f69a5599725709646bbf196b745fc111dea31873ba9d96553d1427739c4f0c72ea067b57257dbf27c22f57d0c34b7b1f5000c4e4e08973f06e0d98f22f |
C:\Users\Admin\Desktop\SymLink DeInstaller.cmd
| MD5 | 5c75e6340b4f0793b6af144f769568ae |
| SHA1 | e41cca345d9b50de5e771d32bb1eace93ae859c4 |
| SHA256 | 81e7e232ff56e81fafe45596799b204df9361c0db0f7b5a7eed13698804a1bdd |
| SHA512 | 22828737147dff00f90cc0a9efe79287eb6a27f187ac4dd7340cf02d266f746dd629e0fddcda47aac9e76cd9c7c4c6a69f449f1a2bbb2cd89cc6f9a88884533b |
C:\Users\Admin\Desktop\Sausage Fattener.reg
| MD5 | b4163f36f5fa7e7291922f6074ac2a69 |
| SHA1 | 2f8cf62076621d90cb93d36fda5c484622eb2ba8 |
| SHA256 | 1d6882db1106cfcbe59c0d3016030cd565e627edc613ca56aab1c73bc7e15030 |
| SHA512 | f892f439393c168970d7806fece819d98cf7e015c152a3e66a219a1619689b44a89cba019e350507953305ba514be862bfbfa88f54e5a35915580497e6d9b797 |
C:\Users\Admin\Desktop\INFO ONLY\How to replicate Endless Smile plugin by Dada Life in FL Studio - YouTube.url
| MD5 | 8fec00f8d1917acd74a7a9cf7ce79c97 |
| SHA1 | 85722530a45143b04bc4960bbc2f93d075ddbf0d |
| SHA256 | 3c84bd451d5e2498a254aec76ef0fcb8d8bfaa459bc7f9a5e7e08827510eb393 |
| SHA512 | a336abf2ae9a789c53a4e9cf41b61e0f8e98430e47fed7d51a3f9b0c4600be2c05a4cb117071fa152ff60ee4951c435a92d390663d44ccc40fd0229f9c297498 |
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Voidtools Everything Search Engine.url
| MD5 | 031fd45987384decf5d60c23da203130 |
| SHA1 | 8a8d316525b9dd830a396809102facc614142e61 |
| SHA256 | f237047ae589689beb35db0d8e43ec6a99e81a334299f9acb0871382f880af0b |
| SHA512 | e5fa8c931f0b860240cbbb17d6f256612e37d7cb0ee36407fd38cc5974cfbeb1fba44317c494a046c1f7ab987f4f48a11b53ba4881828bb9896ba5607868c074 |
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Symbolic Links - Link Shell Extension.url
| MD5 | 8a15917f1cb3f0ee15e45a8f6c180b12 |
| SHA1 | a385ab049854a1c6b6aff27f3e7be8cc3733a919 |
| SHA256 | cd32f8f362ac11094c36aebe74971a1aecda615984cf9d2c81304b022bd611ab |
| SHA512 | 0596fcd717ca721e851f2d11cf3296710d41aa1b5e89c66c0ebe0246ee4cc15fefc1da41c8aa6018abc27a13f96ba0de2724cea82257b52ce9f0ec07311c5844 |
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Offical Pro Audio Release Log.url
| MD5 | b2b4dd8d916147c0628ec848f48b9b92 |
| SHA1 | eaffce8b23eed8d787a11b5898471681e7f187cb |
| SHA256 | 9dbd7bd6488402cbd12220d9d50b11b98f4794b325be6e2466595afd9683f2ce |
| SHA512 | e6d00c591d35b239c1682df02c8814b031e342e704d142e6cc365c9c9408cc46adc7d1990ff813779ba96749f49328ec253ce235effee1c6f602658ba7e1c052 |
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\Microsoft Visual C++ 05-08-10-12-13-17 Redistributable.url
| MD5 | f40956fa2acdc7566305fc2bf21022e9 |
| SHA1 | c8667f8d947ae3d054eae374f6cbd222c79949fe |
| SHA256 | 3edf896d4acaf481ebc1b6859d8f7b1d2bd0fcd9f0e0ad4c16571dfc5acc9093 |
| SHA512 | a7e63edb1e5a5e2e5b397636af531e35894bdfc5addda1344a577b8109f3ac7ecf06079c9132ce74dd25424e08aa5da23d510247e614f3ee8a12798a3b85c8cc |
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\KRock-Studio Audio-Museum.url
| MD5 | cdccbd64b4256f5abbb564266372fbbe |
| SHA1 | 9409868eae37f8c68915dd47344e764cb5994e9d |
| SHA256 | ae3ff3a64d430197dc92cf5096a2a848382e4ba0bb831c2f346e88b273df3db6 |
| SHA512 | 355b94595c1c7fc5f737323685ee8ae922b607e553a1280a0d6afc82660086d978de0b007e8ff2d4a720ceeeca00de15b012025cb1df679f0ab9472e7a79388c |
C:\Users\Admin\Desktop\INFO ONLY\HELP URL\AudioZ.url
| MD5 | 0035474bf4e43a5d7d6a62b0b35868f0 |
| SHA1 | 3065448564cd23172b3df8516cad5d65a1940454 |
| SHA256 | 5618b2de83b18a15ef8f7ed73bfaf3b1e97577d51fe7de7cf9eb79e4b7cc6f8e |
| SHA512 | 42545c0401eb5ec70594609cd7f65bb64f80d73aeccb733ea5776fc926f4284ffb9f7c474e6fa40f929ec0c28d169e51310d273443e94a55f036dcbda61fa238 |
C:\Users\Admin\Desktop\INFO ONLY\HELP CMD.doc
| MD5 | 6a1387bab6f3f41fdb08deda0591f59a |
| SHA1 | 3163890492a09bbfdf643ef01370ee0960c7ba09 |
| SHA256 | 5feaff005786d69c9936bac7f96e5f29d5e002ede2dbca4a6fa90876fb1796f7 |
| SHA512 | 2849a36853b4697fa689cf6f2c0c2dccc5dd6430903e92da4f7dd2976754bf5e8f6efd6930e24cc5695c7395a2f5898f66562ed058b163cf1a879f8bbe155f35 |
C:\Users\Admin\Desktop\INFO ONLY\FoldersTree.txt
| MD5 | 9cd50ac8f65108ff24ad7089e0d6f923 |
| SHA1 | a8bfb37436f7d8e5f6787fdbfd1d6d8abc669583 |
| SHA256 | 4e4113855edb9c1f72e9af2a5416f8c8bd4dc4e0accf785a81c417a56e025f1d |
| SHA512 | 21606fd70854179aa898f5978d04858208debfbee4ac22ded9186d3565295c71c10e5454e2c9549de206903e609c5d91022277ec773fc9f18d0b7114ef5ade16 |
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Red\Resource\Background.bmp
| MD5 | 6398f99153ec65a470597de9c268c8bf |
| SHA1 | 1bb20765a04bca6397598d7aeb5f8bcb28701c98 |
| SHA256 | 051c14dd57e49ee6ccba401b7036ce7edcfd77a040d6b2dee5be43f2cac4db8d |
| SHA512 | 892ead21ecf5e125d33e86639d5eb406b95a36bef69e4285f8a85e317ff1527f117949de1fdb895cb4e486fadb84bcc3c6737aa1a627d692f1bae972212b3c34 |
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\BigKnob.bmp
| MD5 | 2caa041fd0a1ca3c21534a79a4e5bd52 |
| SHA1 | 244dd8e9931555f2a82a5708f9aef65db02935ec |
| SHA256 | 25cb3fbd8161a89be8fb13ae349b65af37e023677427eb3d8ec875b01c803199 |
| SHA512 | 75b6b51d77149e4d9b62f249bf89d7fe1ad2f49474a0e2c5e5ccadc241483b1256dac67b38e6894602e506ddde52e4dc994342e105d15ff8a7876c58547f3a16 |
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Orange\Resource\Background.bmp
| MD5 | dae5f315b978b285481349c44db463b0 |
| SHA1 | 40d90408ea2c5029cd4e3f44c281c6074e2ae55d |
| SHA256 | 4e4828cb7cffc63ed21428d2432e71fc8f1e6a3ff0c810f4ea05622364f5254b |
| SHA512 | e2954e5a88850de00f18543164fb60f62d355e058b25f60615034147afdfc8377241af60387e1997933eb774edc9e039b866cacf992e867f417a398a2974de9e |
C:\Users\Admin\Desktop\INFO ONLY\Dada.Life.Sausage.Fattener.VST.v1.0.x86.x64-ASSiGN.nfo
| MD5 | 2b8d943252458c992597a5460fb7cd63 |
| SHA1 | 9cf49df0635c00ecfc737a345fcc69155e9f8da7 |
| SHA256 | 2f0d628ab21df11ea1de138abd410cdbe429c187e6082be294a5f613b787c6d5 |
| SHA512 | 7e328a86a5a4728ba8856180eca898f224a3cd57c50d1b535f30d9809c24918dcc1e18ab33af8c6c478634bcc389df842bbb475f97ca88fe36b701c6eaf1aa7a |
C:\Users\Admin\Desktop\FoldersList.cmd
| MD5 | 3a646465b4eeac10c0cf36df1d819ae6 |
| SHA1 | dd3fa0b24ff46ba5bc351f2279ae99e567e0dbc4 |
| SHA256 | bd5077b98613d4a39d0fa1e1a92721dc2bad0172c8f94d8dd7a728c595df3871 |
| SHA512 | 0ae6dd80cf23ee32acb3025866b8595744cc452e46a84019cfdd57a7e47d09d8649d31c4d9beab64bdbc575629b0bfa8d5cde3b9ec817027d2fabd2679e87c2c |
C:\Users\Admin\Desktop\Existing Folders.cmd
| MD5 | 52eefe7f59738db7c62a56dceac7c4d2 |
| SHA1 | b2ba9316f1d966497272dfaca01e27b9fee25214 |
| SHA256 | 109059a3ba3355c177731640590a81c9d48f2bc6ce74a4755133bb83aa8a0c3e |
| SHA512 | 33f114ae1db88445e8c0d476850a25b14acc8cc53bbaaa5db359d0dfb64227ab6e0ee8e2054985b4d58d1b4fa1ccc425d0c8bdc870cfc9303833869403141c89 |
C:\Users\Admin\Desktop\Dada Life Sausage Fattener by COLOVE Skins\Red\Resource\BigKnob.bmp
| MD5 | 9330837d075d9b45adf005f3b5b33b9d |
| SHA1 | 01e71707f1606d41ddb65f30470c30bca190b614 |
| SHA256 | 7a0b886fb1a04d3dd8091021c7063ec35802ced117c4541efde638a7f3af9741 |
| SHA512 | 80c4dba10aa300b305e48f3af28dcae6f7a9a5addd79834b45e35e193fdda355ba862b5ca5b8f92b35d02b1ae3dc6e504eb8e9f7c79a4e8729cf0e2eb64d142a |
C:\Users\Admin\Desktop\C\Program Files (x86)\VstPlugins\Dada Life\Dada Life Endless Smile.dll
| MD5 | 641a4d4185964b2a57aa9afd87ed009c |
| SHA1 | d0e35144dc5f2de19c2f8b9c4140eed0b5e62564 |
| SHA256 | 0fdba981c3a0a5b2f7cb30ec85666fee0c1be764e904e995958021f518dcd395 |
| SHA512 | 4689e21a7bf8f22f533c65e81e0c4b2904cc01285b5303938cc71325f564d81b9422825703a82d56bce26a5d36f1f41171ec89d6dd5048d0114a366717956cbf |
C:\Users\Admin\Desktop\C\Program Files (x86)\VstPlugins\Dada Life\Dada Life Sausage Fattener.dll
| MD5 | 52e95d9e2e0cfc550ce4e40f1d686480 |
| SHA1 | 59984bb6becc0f6084851b623f0f2c4bbc901fe1 |
| SHA256 | 42349ce1da21c41e2f72641a76d64fca1a7c7f6c405a50d331c581d2fbf10f76 |
| SHA512 | 95b59db3be017ba7486dc774d80af1bc55e50dfcb86b918f266d4db77fc88061b84ba77fd1682a2af81e49608b23ffa4153763a264c85078b32d399b6ebffd03 |
C:\Users\Admin\Desktop\C\Program Files\VstPlugins\Dada Life\Dada Life Sausage Fattener x64.dll
| MD5 | 8d7608fa89581b1fb6f35c48a6f110ec |
| SHA1 | 9741b557de8207c934b81e00983eeba1f71e1f7b |
| SHA256 | 7ef161e760e967040516a79d961bd137fb12a54753dad80d16caf26fc2421994 |
| SHA512 | e962f63c38bb37b65d0adbfd5020243f2bed6cffebb40c61c8ebaa43d8ae1e58e7f8d51a77c28c56046a4c7f03c65440e30f59ac6f8ae05141254228b2fc33e4 |
C:\Users\Admin\Desktop\C\Program Files\VstPlugins\Dada Life\Dada Life Endless Smile x64.dll
| MD5 | b33aa9a696ed9b1e37fab83967572b6c |
| SHA1 | 4767bf3016670356d4ca8de1cc5b095e85b929e4 |
| SHA256 | 46f11d1cbb5c9882d524958517435cc97573e629a63e8730e28a463475ac2303 |
| SHA512 | 6e2beb1677dad9775632bd98b98142d93d48b3019a029f3d048853ad9270334ef12c202d5b37473ed38e4901de7c156dbaa7a09cbe1010491e4ced0ce4df0cf9 |
C:\Users\Admin\Desktop\INFO ONLY\C\Windows\SysWOW64\mfc71.dll
| MD5 | 1fd3f9722119bdf7b8cff0ecd1e84ea6 |
| SHA1 | 9a4faa258b375e173feaca91a8bd920baf1091eb |
| SHA256 | 385ea2a454172e3f9b1b18778d4d29318a12be9f0c0c0602db72e2cce136e823 |
| SHA512 | 109d7a80a5b10548200d05ab3d7deb9dc2ae8e40d84b468184895eb462211078ecdcb11f01eb50c91c65a924f8e592cd63b78e402dcaea144ff89c11f2ab07d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | 679031f413c733231df260741497c811 |
| SHA1 | 025a9d4ca574d19b9734ff440d8f5544c5eac885 |
| SHA256 | 8c84007cef1821e55cc3bbc4e587a7e83eb93c3e0075cb83731907134df594b5 |
| SHA512 | f86a68dbc06ae9ee7150c004b3c5b2ab6d8bab5c53c5babbacd999ee3859d8270dc30fc60c8b1e63cebfb2692c6b775a3f03bcd7e4e9651006617ffaaeb75b48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | fe51ab178d3987f7ad219f0e83e87cc2 |
| SHA1 | 4b24ff49fe603b5ec0251b935d2d52ebd7a15a49 |
| SHA256 | bf61b9845ca19fbd225f8dd2eb0381f7bab7f6dd8301dd9ec095b0ca07f98f0b |
| SHA512 | 26e247737998cb35c6e8a0a49f5ea468abfc22dcd239cc7855f29db65617853da4a48633f5ec392e1bc6dcb9f5988161f9c427ebb422303a224551672f78d074 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 034facf6a99a1ab07ba4fb5de19203e4 |
| SHA1 | 4fecadd0c97297b00c3baa6586621b505067e97e |
| SHA256 | 2b570d86b1e7c66bbd349a4180c298a82f56bdcb78513cefaebe1e1565b5b346 |
| SHA512 | 2e2d3900e090eb5fd735d9fcc8a9c1a36c120659ae5ba51c5f2c519c7542268d468a0bf2fdebd0711071ec26b8f55209a952070bf8a08673047b255413680781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 474f6adf28f976e85a25ea18e5fad5e6 |
| SHA1 | e2e6c74ce23930ba60f3e51741f65f689d8da902 |
| SHA256 | c5346787ad289e0c36bf08cae74eea0c297a5d91327ad37c8b1ffacb3cfae2a4 |
| SHA512 | 9151d269b5ce12e22751bfaf01d712babd9b77ef3664bbd39a82ff10d0ab05e79e01a5c8990e265faf5f1880c5bed51dbcf416a4699807203224ecedfa9071bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
| MD5 | 4771f106da69f112d442612071f2fabe |
| SHA1 | 57dda5e76feb0eaf037abf089b03861449fd554d |
| SHA256 | 3cb27dfceb8b48a75b7cba0886ab9d7696057dd1186298114d7f5af9b497a0b5 |
| SHA512 | 1793cd944ede4a74787f1b59173dbf46bdbf2ccac22feee6b7a18f3e6b2de26c47ad599c0896960d960e4d264c62ffa840ebbffd93c095dcfe5333b930b71c86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2f5f9a4741e697bd95d0cd464ea49c92 |
| SHA1 | 0ebf6bbbc53512aadff7076120cbdc83a1fd91fd |
| SHA256 | 973e74b5bfc9bb33a38c6e6491fd1c06257e0aebcb2d97472120ec061fced50d |
| SHA512 | 36fb719682c4fb4acbcfa7164668547d70ce5b83441445d73cfa12433386aa6c0709445698e9635c293fcbd0018bee9e7653848ab9bb711be8a153e610601320 |
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\Bass.dll
| MD5 | a8af308ff01b4477657955fbf0cc8408 |
| SHA1 | 0794c059f0326e4a71be8a3ee4ac17a657d90d88 |
| SHA256 | 14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594 |
| SHA512 | 9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd |
memory/1788-2348-0x0000000002FF0000-0x000000000303D000-memory.dmp
memory/1788-2349-0x0000000002FF0000-0x000000000303D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4c389b6605b9df2f0ade131348c080df |
| SHA1 | ff7c3382a46a1a64729227195b2b965c905f0bb9 |
| SHA256 | 24c817a1d9eac6f181401d9ba5d065f4c9001eed5d410ea27d797c57bd0e76c6 |
| SHA512 | ad33044fb044357edc29324e5f945fa154d0a2d8d9ac34315e669dad0bd74e43e3cb3062834a5b3774c6bafba36d91fa956043047dd490e0f3d1dd970a41d1dc |
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\AdvSplash.dll
| MD5 | 13cc92f90a299f5b2b2f795d0d2e47dc |
| SHA1 | aa69ead8520876d232c6ed96021a4825e79f542f |
| SHA256 | eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb |
| SHA512 | ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98d6c2b4bc0bc3363e094c12b09b3e90 |
| SHA1 | 0d3b274acc4788e6c624d8b12f4fc8b0fc1fa4f4 |
| SHA256 | 9df0030ff08e7e7e0852acf5d4f95f29de34bcf120d340f26451ac4d246feb49 |
| SHA512 | 34903e0a2e878b848ac4a0f831964e54a266413f757f1f7bc74c069e37e4a75ce59b4655920bc9a50126007f2eb4f8caa5609a1a5ac17d90f08dfe636ab46dbe |
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\NSIS_SkinCrafter_Plugin.dll
| MD5 | 028251654a4d65509aa8ccb5f2ee284a |
| SHA1 | 4a4ad468a86df6b903002be4f8919017fea0c152 |
| SHA256 | 8b25cf3f7aa82fadccb2ce615ce0e40c5a8a3ea7bc51180a92173ee113a0ccfe |
| SHA512 | f252670bca0da9e8e2c519a6ef4ad6dd0c4e548aeb7566693a7d203e73e63345fc58683072020ef771d836429bed1d7b4fdf105aa3e62a969e9c8d39556e1d2d |
memory/1788-2387-0x0000000003F50000-0x000000000401C000-memory.dmp
memory/1788-2379-0x0000000004820000-0x0000000004DED000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\ioSpecial.ini
| MD5 | 6c9e444a885968858f9cbdc817e6169d |
| SHA1 | 477b877ffb0a4a5837fe1f18987badc5999cc3fa |
| SHA256 | c550e797f63a5be1aaeadb28df33aaed5b92326137f44aaa0cecff5e2791e5f8 |
| SHA512 | ace42d06143c812d96bd779bd99a48d5bbba31680c8c4db8c222e1b04fd1ddefd72a525841e8d515f8fee7526d1957325bee37a8c349d1c5d5c11f449f4be074 |
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\InstallOptions.dll
| MD5 | 325b008aec81e5aaa57096f05d4212b5 |
| SHA1 | 27a2d89747a20305b6518438eff5b9f57f7df5c3 |
| SHA256 | c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b |
| SHA512 | 18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf |
memory/1788-2474-0x0000000002FF0000-0x000000000303D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\ioSpecial.ini
| MD5 | 02543c76f96dc8d026525eef158bacf6 |
| SHA1 | 2bc8a88369dcd70cfab075acfbe1b9ed2394c67e |
| SHA256 | ec76c57dfad3375aa7c6439e4f62201df5504e8612d15398ab63fca58b48d46c |
| SHA512 | 06654ec05c9cfa3e62ab1ffa637d1fb64a6436bb6e2f56330140352e35c5cbec7eb4f6a7388ad2ddbb37ad18b5f5e69bf8ee7bff03f25ba1ca2fb988a1c10a62 |
memory/1788-2580-0x0000000002FF0000-0x000000000303D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\System.dll
| MD5 | c17103ae9072a06da581dec998343fc1 |
| SHA1 | b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d |
| SHA256 | dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f |
| SHA512 | d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f |
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\SkinCrafter.dll
| MD5 | 8fea8fd177034b52e6a5886fb5e780bd |
| SHA1 | 99f511388a2420d53b8406baed48ba550842eaad |
| SHA256 | 546dddc7a31609b5bc3dc8ecef6f6782b77613853c54171fc32314c08a69e8de |
| SHA512 | 5d82a3b9cf9d69049e6278a6d835b8a9a386c97ae9a69cf658675b0a8751a344d0da1ee704e9bb9023dab7cd77fdca684bdc90837960b583eef0bb4324498696 |
C:\Users\Admin\AppData\Local\Temp\nsnF886.tmp\GetVersion.dll
| MD5 | e013b625f5ae1e2f0b442cf39c0069df |
| SHA1 | 9ec785b63279144c091366badda65278c4cdee20 |
| SHA256 | 16dd6da98b7e53d374830cd4c644c01b112955f8487a285f34dc0353e9cfac15 |
| SHA512 | 306f7e674d119d129db48012c43f825bffabd078fac8518aea9d514b0787752a2e876bda2ad15df7332bfc8cfba38a0d1be17ee7c58a27e09678fce9aec58418 |