strela | 81e45c1e6d6a718624159e116e6daa8c1547f39bef7f56163303e7eca8abfae1

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

3.9MB
MD5

81e69b29c4c09391a12b665e7661f48e
SHA1

b103b694d12544c9db444badd9e2263d219698b1
SHA256

81e45c1e6d6a718624159e116e6daa8c1547f39bef7f56163303e7eca8abfae1
SHA512

5476b9fa6967aefcb73793c965224c93d2ab46268830fcb71c69bc864e22e0cb92512959fe7a728ee77c2bde00e3ce9eda64d015ff1ef34273292707680c0042
SSDEEP

98304:QhVVJqioKMFh1qKsbZcMgsGwNmlCNE4CJgcMyfQP/4:QhV1pMzHQCMFGImHgcM54

Score

10^/10

strela discovery stealer

Malware Config

Signatures

Detects Strela Stealer payload 2 IoCs

resource	yara_rule
behavioral1/files/0x00090000000162e3-26.dat	family_strela
behavioral1/memory/1644-27-0x0000000004630000-0x0000000004BFD000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

Executes dropped EXE 2 IoCs

pid	Process
2368	uninstall.exe
2144	Au_.exe

Loads dropped DLL 11 IoCs

pid	Process
1644	setup.exe
1644	setup.exe
1644	setup.exe
1644	setup.exe
1644	setup.exe
1644	setup.exe
1644	setup.exe
1644	setup.exe
1644	setup.exe
1200	Process not Found
2368	uninstall.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\gdiplus.dll	setup.exe
File created	C:\Windows\SysWOW64\msvcr71.dll	setup.exe
File created	C:\Windows\SysWOW64\mfc71.dll	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\11.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\4.bmp	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\7.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SausageBottom.bmp	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Background.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\12.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Sausage Fattener x64.dll	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\14.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\16.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\BigKnob.bmp	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SausageBottomAlpha.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\4.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\11.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\1.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Sausage Fattener.dll	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\15.bmp	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\2.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\OverlayKnob.bmp	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Wheel2.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SausageBottom.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\5.bmp	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Sausage Fattener x64.dll	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\AboutBox.bmp	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\RedLight.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\8.bmp	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\OrangeLight.bmp	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\13.bmp	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\12.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\8.bmp	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\16.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\uninstall.exe	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\3.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\9.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Fonts.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Fonts.dat	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\5.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\6.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Sausage Fattener 64.dat	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SausageBottomAlpha.bmp	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\10.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\OverlayKnob.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\2.bmp	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Sausage Fattener.dll	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\10.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Background.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\uninstall.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Sausage Fattener 32.dat	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\9.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\RedLight.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SmallKnob.bmp	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Sausage Fattener 64.dat	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\OrangeLight.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\BigKnob.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SmallKnob.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\GreenLight.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\6.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\3.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\14.bmp	Au_.exe
File opened for modification	C:\Program Files (x86)\Steinberg\	Au_.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\1.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\13.bmp	setup.exe
File opened for modification	C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\AboutBox.bmp	Au_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	uninstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Au_.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000019650-260.dat	nsis_installer_1
behavioral1/files/0x0005000000019650-260.dat	nsis_installer_2

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1644	setup.exe
1644	setup.exe
1644	setup.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2144	2368	uninstall.exe	39
PID 2368 wrote to memory of 2144	2368	uninstall.exe	39
PID 2368 wrote to memory of 2144	2368	uninstall.exe	39
PID 2368 wrote to memory of 2144	2368	uninstall.exe	39

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2992

C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\uninstall.exe
"C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\uninstall.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\1.bmp

Filesize
132KB

MD5
cd5ff562751a97fe101a67e771ba502d

SHA1
40ab4ef194902fed97926363fe6f82f3ddb905c0

SHA256
acbb674a36c859af77de0aa1d3d95c1cedf000e54febb31020e6f938194ffc6b

SHA512
4d8d1bce35189b6b20e478330e9d94c5b4863446366da8bfebd5e29303ea2560c1749c00ea181716ef9b873d19f7bb0b0b67217bf33fbcf14ef06034eb93da2f

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\10.bmp

Filesize
132KB

MD5
315fbe95e7b2a86b874b197fbdf15849

SHA1
1cfb80ce65a3ec7797a236bd21c5de45ff49ffaf

SHA256
ffa4a594d09f8faad81a30ba0999692530b1c248939328c57781ccae55129536

SHA512
d0ed7b6cac55509e08dcfb6ce4bfef8da2945cab9372e0e044297fd21f8d9a74fcb601bf8faf2e97d1350bbf9363d3d25421da34747a7a2dc7660c8b3be253b7

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\11.bmp

Filesize
132KB

MD5
8379b1c3d19f3648f9236187e16149e9

SHA1
d1d4ef0d7071ac00c8d3abae6b79d8ebf2798452

SHA256
fd3a02f023176a6ae82935f00f72fa13d42be28d58eec0422b9783184ea852f3

SHA512
1822e9eb3c1943d0a6e78a78d6920db26f92257a5a368e5524162c65c08eada27a4d7fdc1714279910665189398ebe510e1e4d982bedb4915d75ce9f825b215b

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\12.bmp

Filesize
132KB

MD5
ba19c720c62fb04a6d0687763eb3f0f9

SHA1
80ca6d7bda2b287c87d36ad2535bf9ffb5bf00c2

SHA256
67c1e8f97cb11fe2d5d658e994682dcb9b81ec73ee221e2d704bff5da8f7a360

SHA512
298128377ca05e88fd5000725e4871ffb81f0b49de805552c7fc205b48a1739a64cfe246f360186259322ed162fb31320fe4f7f511b0f106677e0eb8c7ed84ce

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\13.bmp

Filesize
132KB

MD5
a0e8b1c81ddc511fcb5310c5deee8e9b

SHA1
88f9b448d7f5ca3a00b36b06e25fbbe94ca0a451

SHA256
f329a87886a84e7d36a03ab620221ce2e5909bf595210a0a70e62065b68bd458

SHA512
3e7b08f44e8534b2208c37e8f78fc91831ef7a7f9e634577b40be3ba970141437565182e2fb5f659fceedadbadf1bb562db351a95c4ce531913a72ea35cef272

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\14.bmp

Filesize
132KB

MD5
22fcb3ea5ee2414880ef094b6b965c94

SHA1
dbfb1cbb08981fdd3878faf4179f5fddf67a4a9d

SHA256
9058e0d9ea998c21309757586d30b0e5378c0c1904ebc2d95bf01223ddba269c

SHA512
f104e05e5fff7ea1b5e7e983ed8185ee5fcb3d5affe07f9d60663b61027c4de76743b4b67d21578de7f35eca75d953a8182c7d3330c2ec65966cca6a4363c294

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\15.bmp

Filesize
132KB

MD5
db6d2dbb0a0f2836f725f942453b29ec

SHA1
83448f73bb9104178ab354128e47a239b1abdeba

SHA256
46ed9e0e6d46d8840fc3771c5b8b5a9457d91e0a994e72a8289481dcf4a83c32

SHA512
5542a2a8dcaf436d2610cf685a2760bcc93d077086658cffe2361f3da0fae5f5f76a1761034cea5f8e9ac1151944bafa726761213acccf012bd01ba38f4d5ed4

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\16.bmp

Filesize
132KB

MD5
74963a0e21b0a442f0e327a9e83fcf02

SHA1
4aeba2036721e7d73a346c295eb436067c8d3976

SHA256
d2bf6a0edd77365e2593a2fa154a9a7e1c609111316e17538706d7d453cd5b43

SHA512
b5c0eadd8cebcfefa98b6080a51f1801233dd4f2e72b9df028fbcd571d046466ca9b7cf36172a524ff7c60820d40475a8e190d5bada901d3fd485e17c41daaea

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\2.bmp

Filesize
132KB

MD5
b983fb2e8d67378f2eead3af35a41276

SHA1
001d4dcdd316b285845f82743bc9353040365221

SHA256
5de6fac064d9897c7865b71528b0f4ee4375a9a1f94cfdd8ab355c17099ed75a

SHA512
c71980ee0466bf58518d914ac667516f484e991fcd03751536225ea76707e732f939e55c49137431f1d72417827339af6817ae2ef32098fe9af354c2619ecc3b

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\3.bmp

Filesize
132KB

MD5
a21bc00d83d44f8ac7a4025e352a9cdd

SHA1
b44314553d206c68f901e623227b257b9b1cf4e6

SHA256
91d0a751e34a1cdf6329bdab73d8c583a2600d359d4a6ee78e0a557a56d6825c

SHA512
928c5060e863c6ca2052cbd51d4a4bb0170b8f5499a0cd8c6434a5ffa3c1314cc557f17bc550d8e356687c943538462b854175452e873ec256e515ad5e20fbb4

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\4.bmp

Filesize
132KB

MD5
9ad72b8e9d020a07af384e0852b0ecd9

SHA1
8db3484a1d695a913b45e9970eaf9c945b8bf028

SHA256
3ffb2919fe2597e3ddc3e39922e44fb1a904af0dd715f30bea1de84136fdd4c6

SHA512
a08420200e5ebffe4f00868b8abc6172f17686719cb581afb12af6ce901cb074c1823f960bac66d50e2fa99fd228270774b5a41e1cbb14ce5fa63d996cfa37b2

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\5.bmp

Filesize
132KB

MD5
d659f87c193a47bdc497410bed0e443e

SHA1
12629ad7b5dfb0cf9134d7ba83f8693c897a2c58

SHA256
94f649cbb0e250d378b1f432b04faca475965e7de8a02535fc2a1f56890660fc

SHA512
0bfba7ee57c0df82b52501750a7f79af77fb7dc231621452c838456bfb43f183806b52098122780f3f94c715e65fa9e08f59836895714b5b0395bd1633b2010a

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\6.bmp

Filesize
132KB

MD5
f508f16cbeba970dc3929da448f21098

SHA1
245bdeccbcda280250a37617a497d9b3321978da

SHA256
719967864c4c6ed44a07ee40d9474047635f98ff970bdefc5229aaa4e2bf3bef

SHA512
87ab56a227998c8da0b4934b1f1029c187b86f20b7c2a83107edd58334642a478b93d54ca0f7aa09c5083060a8b59e4d5f2dbea3d289a791c920db5001029301

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\7.bmp

Filesize
132KB

MD5
39799c0964d71e02398c91c45a46f45c

SHA1
cecbae88c112059bb6503cfb0081f4e680798be3

SHA256
e2b22df0d33ba6fb7b3a3e766560c074b15a0357714430586034f3f26ff5deb4

SHA512
cdaa3bc6def877991b0c42466b8e0ae9674ac18c742610f0b4775e92fc2f5a142579f6e3c28acc04793981606d6f22a6bf57c720a575ee6e9be593f3a4c9113f

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\8.bmp

Filesize
132KB

MD5
ab990f0dd2ad493b807647e0cd25fd3f

SHA1
6bb429442e42f04eb5f1037fc73dc15fc35e44aa

SHA256
4f027fa514a301e6281d1cab0362eeb315df6c773a4c2d3974dbcb7dad74f655

SHA512
f0b96c5bb7d39c3260e33123c937c95b4c15ef9aab2d8dc6afbcb440a152806af0f63fcc2cd92950aa89b0c62c54bae5396b4f7816b4be4eaf8e5662da283aec

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\9.bmp

Filesize
132KB

MD5
dc1faf224db8690ec068079fb1fef01f

SHA1
beb18c46955e435ba33c7ef4c028e43cb08f05ba

SHA256
ba8ca656f0e81b8205ac3f4a3f944d61b7b1d988d7936b82d9143b8dafeed7fe

SHA512
b25654ac3775af1ab97673738a09d0122fca5ec201e5de6352c7fe87e37e3007f726852a182f1abf9e5009fb5370b6715b431cd7e4698350ecc8444ee0f46d82

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\AboutBox.bmp

Filesize
261KB

MD5
8d54f93d237afeac0f9a1f38419ec778

SHA1
d46781264b4d056fa2180ac4c8e514c192e6f813

SHA256
9f41ccadf3e51aeacb40aca9bf0a37a8f81cb5240e5d9d35bbfd85857125f0af

SHA512
a8c5fa1686bc508a417fda165c7dde3c09a9b1e12256be2b29d86f90373ac6221c3b05244687de0b6795555f508061db38f1bcfe7d96fca8b7c3dfd579b92f2d

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Background.bmp

Filesize
1.1MB

MD5
b0df33ef469eb32ac0361082ca79e24b

SHA1
48ba103f7396206de392311d3bd85890eef6ca1e

SHA256
cbc2262ac4da76d3eedec54f95f18b0bc6f8e070b673f7e1e1d38f0c4e0e1c2a

SHA512
3c8652c20327c5d73cd85e52c5773bcdb301dfaf03729db18790569a69245fb455641c52c454a2b696e40aeaff9a3f4ecdd6a4fb7626a8ee354a7d94c0df8035

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\BigKnob.bmp

Filesize
100KB

MD5
038308b664c7c730f28f6db0a9f4e5f1

SHA1
9535db7fa280882e827c2edd0c557547921b3ab9

SHA256
d0b440b71f97e14f9cdaa534daa3b6695c4639730be01fbb7d8643c4fe5c3d52

SHA512
6a13bf662b3fe4e138da744644547e3c7184502d3b7b0c68aafef40673748252f4d371c207d6c9a752eda719abd9dd76b440806cdeff3a746cbb1c6c76ed7777

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Fonts.dat

Filesize
417KB

MD5
9214d2202b9f4d8374668200f6be09e4

SHA1
049c8125e7e89385d79e14e6ddb48d297f1ccefe

SHA256
2e07347d0d6ca356a51fdaab611673c3748aabc73599edafc255af33a6d95664

SHA512
b0de7e0b7e52ed9aa546de79066b314b00fed40bed911afbdf9f75a4df75fe3611285ba9f51219b7ad5469f71f4a09a87949da2b6281a439e36f9f6a0570c229

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\GreenLight.bmp

Filesize
6KB

MD5
ac16658dc8cd56e5fcc586bc5ea00a50

SHA1
08a6fa7376251cd6a4f0989090fa6d7c5e4f314d

SHA256
dae8344797318866589485444c0fdc69bd708c69b975c82ce0ce949a8cbf221d

SHA512
ee15b3f29a916d54d58caef920fdf5a70d029c9e578ea71e8850c2962e0c41049c492a9e7870e3a6c17b5757d9a1851b5d6ebd4c772bce2d70739614c8ec90bb

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\OrangeLight.bmp

Filesize
6KB

MD5
c599581a4a128aefe283fc78f0164fe9

SHA1
1dd263fcfad1d5b2054e9c670925ba88677a0822

SHA256
f961fce5458d40d996876c7c0802e0555f621d6a901cc1fb1560cf1ca362ad8e

SHA512
ddb5725bc3bfa52fe5c57525a949f8ef63b9fc437859e26b36a95b98b7e9ec61a05ddc8942b6a80052e33af42e19a71685a3e0da243b136d8bc5bbfde19ee3df

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\OverlayKnob.bmp

Filesize
100KB

MD5
abff5a6d250d20116dd3539922ad60c0

SHA1
7a9216973e5b7a8003ef4df16e7cf0e43f638a70

SHA256
6418a8be1d341df869be125fee4a4530dd8b2fed02133c318525ae903d231c75

SHA512
e53e3b1fabc1d2519780a3c4c089e8622853325785d7cb77fac4fef480abcef89870c757cccd50ce9089544f76d77888955dd0e507bf5bff948d3d239780a494

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\RedLight.bmp

Filesize
6KB

MD5
674ab57e3f97ca76ac9d3face6689e41

SHA1
350ebd0d9d23ac753198d833a24953c106d0c556

SHA256
8663024c93b4d2379401bb178db9be8c9beb427d3c231ac6876cd70731d0f45f

SHA512
bd466b46a5839c7957eba5d717163f20cb9f8ccd1a9f201b1c334a4df88cc00b0418de6168f31366655a1b2798cfd03435dae8a1d696852db336f9aea7401df3

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Sausage Fattener 32.dat

Filesize
845KB

MD5
69d6f94235a27ef0e06544e9ce0d632e

SHA1
ea92ea58a7db386092a868eea87949fc5d8fa626

SHA256
662c308546fc42506073e1f12d38252f7cdaad888e13ee4cf109d062ac609955

SHA512
39432cea09d8a9921176f14aaae140ce6638c8321f5fe3808616152dc84473bcbfd0215150632d6cfc32f78c7419576a20d5e00f19507018f7de88761e577ea3

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Sausage Fattener 64.dat

Filesize
745KB

MD5
54796ccdb2d6031b2e0d1259e534caac

SHA1
5c46b4ee988900a2da2a0a60314ac45ac265c9ef

SHA256
59b707eefe8286a9468d8ddb4cab4fc5ad4090ef21d68f4c57a3da2c9a5df58d

SHA512
d3fc2c18f431bb7a7aa08ebc70026409363700bc509c22e53d12e14e480fb9096cb0e583cead0e882ebeb21c1b29e7655d86bad65a041b27c377404fe41c186a

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SausageBottom.bmp

Filesize
86KB

MD5
34af6f4249eabf73d03f18404d4e279e

SHA1
e60617c8e9cbad6773d29e45b9dd361f1646a3d8

SHA256
223283d885aa71d8e1ff73f02c4df8d6d40c6b2c9b371c984a5ffedfc9244ced

SHA512
cdb44bf28b005c5b8220ab5bcedc8bc49b6962e96840048b700073eafba8faf0b9b637ce9bd8d3018ef01a053a696a43ba63dd616c554579348519da29ac061a

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SausageBottomAlpha.bmp

Filesize
86KB

MD5
a2ee9a815337bff1292f9dfb707c0858

SHA1
06069c862f101e6767950aa9f991f6087cfa6a53

SHA256
040fc672e445e01866ba76ad0c9aca0039b6d96ce574b61d79cb4089b48716de

SHA512
807246e5565f369ac94f080047859809d65c86c80833270ca0b1a560ad259dfd8ac2c7e007bb91cf90ff6c74d61c92db51eba8c2e2d5a95c6955d6381ef43dc2

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\SmallKnob.bmp

Filesize
1KB

MD5
74d08b6908b10f665a2782e099d8137e

SHA1
c10238fc58d698334917276d1e2380cb86e47ada

SHA256
3c12dbd602c83761453ad6e83273c75dcd16e72e254fcb0b5874c9112d7fcf44

SHA512
d0e7e5451bec6824d95545d6f4aa2a34894a3aca5cb28ec082b5f8f95e164e3f5b0dc6d1c503c91473cbb3f465f20fff228bd1a6b01991a2e823d9554499eba9

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Resource\Wheel2.bmp

Filesize
53KB

MD5
53ce88ab4c2136c751b33526ed11e617

SHA1
aa101ca595414bd291ea1a4da2d295d654cc6445

SHA256
d14b8d4dae6875bfc11d2501c9bb972770d91164f7cf503b4477fa275b3d91b5

SHA512
a593b9df9e49de8bae1e2cef19ba7dd9ae75b56b818a1346557e5f82b85e09b913381be20fc94c2a6629222228bcad14072ea07325dee3ac260cd2af08cdfb64

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Sausage Fattener.dll

Filesize
95KB

MD5
52e95d9e2e0cfc550ce4e40f1d686480

SHA1
59984bb6becc0f6084851b623f0f2c4bbc901fe1

SHA256
42349ce1da21c41e2f72641a76d64fca1a7c7f6c405a50d331c581d2fbf10f76

SHA512
95b59db3be017ba7486dc774d80af1bc55e50dfcb86b918f266d4db77fc88061b84ba77fd1682a2af81e49608b23ffa4153763a264c85078b32d399b6ebffd03

Download Submit
C:\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\uninstall.exe

Filesize
38KB

MD5
4d80cf1dcb4050035ababe91073376ed

SHA1
66479ddbc4426fb45a526d7a6fb1df1ad09eedde

SHA256
09511049b3b5d519bd9ad7fffe29fbae5bde288364e69cff6490a64d6e4f601e

SHA512
972bddb89968cb422c6e35aad471b3ca262a40169ff624a207d5a4053efd211251fa04f6381a34230163d0a22239897e751b24dbfa8390444ffe77b7d3c261cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\Bass.dll

Filesize
101KB

MD5
a8af308ff01b4477657955fbf0cc8408

SHA1
0794c059f0326e4a71be8a3ee4ac17a657d90d88

SHA256
14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594

SHA512
9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\ioSpecial.ini

Filesize
572B

MD5
12ab2f019cf5a9efa09b084f1177c815

SHA1
6c32ef1e6683690d0bea3e9362d9946755bb2724

SHA256
bcad77d1b7e7eeaca8f68b031e30e6fd02b30e559353a8bcf86636503f2bc050

SHA512
23bfc3ace979acd323fe2fed56834591de714079364aefe3a92e34c84a495e688ccaf62f08c6510cb160c77b3a05f78d0586868c4734a339413dc45ba10e921a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\ioSpecial.ini

Filesize
710B

MD5
66f13813caf15cb1e98388b875c8dd49

SHA1
24e7771fbf6543bc87dc8b12c244f62b3dc0fc1a

SHA256
fdcbcc53369d6d3f6c00ac04d2668b0da8462f7085983001eae207d872f893eb

SHA512
86b442482ce159eb0873d307981fd640be7d56b1721922ff60981d326968cbc1be93d07967783283a4bfe4a7cfe0c147a1f553e20e81e2484f16374ae187e165

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dada Life\Sausage Fattener\Uninstall.lnk

Filesize
1KB

MD5
974634c90d3e3ce941226f6709623512

SHA1
55bade254ce7a86c41353fccbc38f36c7e52efcf

SHA256
3ee0b373f3f83f1ab82c472ec3750c2df2d640341268a1319075664b6c20b441

SHA512
165d71c760589ff675e287ac7c5c7ee98d9d73ca6f208d0c35fcb9b7fbb63a24867d217eeb07aa031400ee6d9481a80c9d7db64752aa93ba01ea2b885b5c77dd

Download Submit
\Program Files (x86)\Steinberg\Vstplugins\Dada Life\Sausage Fattener\Sausage Fattener x64.dll

Filesize
92KB

MD5
8d7608fa89581b1fb6f35c48a6f110ec

SHA1
9741b557de8207c934b81e00983eeba1f71e1f7b

SHA256
7ef161e760e967040516a79d961bd137fb12a54753dad80d16caf26fc2421994

SHA512
e962f63c38bb37b65d0adbfd5020243f2bed6cffebb40c61c8ebaa43d8ae1e58e7f8d51a77c28c56046a4c7f03c65440e30f59ac6f8ae05141254228b2fc33e4

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\AdvSplash.dll

Filesize
6KB

MD5
13cc92f90a299f5b2b2f795d0d2e47dc

SHA1
aa69ead8520876d232c6ed96021a4825e79f542f

SHA256
eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

SHA512
ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\GetVersion.dll

Filesize
8KB

MD5
e013b625f5ae1e2f0b442cf39c0069df

SHA1
9ec785b63279144c091366badda65278c4cdee20

SHA256
16dd6da98b7e53d374830cd4c644c01b112955f8487a285f34dc0353e9cfac15

SHA512
306f7e674d119d129db48012c43f825bffabd078fac8518aea9d514b0787752a2e876bda2ad15df7332bfc8cfba38a0d1be17ee7c58a27e09678fce9aec58418

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\NSIS_SkinCrafter_Plugin.dll

Filesize
5.8MB

MD5
028251654a4d65509aa8ccb5f2ee284a

SHA1
4a4ad468a86df6b903002be4f8919017fea0c152

SHA256
8b25cf3f7aa82fadccb2ce615ce0e40c5a8a3ea7bc51180a92173ee113a0ccfe

SHA512
f252670bca0da9e8e2c519a6ef4ad6dd0c4e548aeb7566693a7d203e73e63345fc58683072020ef771d836429bed1d7b4fdf105aa3e62a969e9c8d39556e1d2d

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\SkinCrafter.dll

Filesize
792KB

MD5
8fea8fd177034b52e6a5886fb5e780bd

SHA1
99f511388a2420d53b8406baed48ba550842eaad

SHA256
546dddc7a31609b5bc3dc8ecef6f6782b77613853c54171fc32314c08a69e8de

SHA512
5d82a3b9cf9d69049e6278a6d835b8a9a386c97ae9a69cf658675b0a8751a344d0da1ee704e9bb9023dab7cd77fdca684bdc90837960b583eef0bb4324498696

Download Submit
\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Windows\SysWOW64\mfc71.dll

Filesize
1.0MB

MD5
1fd3f9722119bdf7b8cff0ecd1e84ea6

SHA1
9a4faa258b375e173feaca91a8bd920baf1091eb

SHA256
385ea2a454172e3f9b1b18778d4d29318a12be9f0c0c0602db72e2cce136e823

SHA512
109d7a80a5b10548200d05ab3d7deb9dc2ae8e40d84b468184895eb462211078ecdcb11f01eb50c91c65a924f8e592cd63b78e402dcaea144ff89c11f2ab07d6

Download Submit
\Windows\SysWOW64\msvcr71.dll

Filesize
340KB

MD5
ca2f560921b7b8be1cf555a5a18d54c3

SHA1
432dbcf54b6f1142058b413a9d52668a2bde011d

SHA256
c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

SHA512
23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

Download Submit
memory/1644-27-0x0000000004630000-0x0000000004BFD000-memory.dmp

Filesize
5.8MB

Download
memory/1644-36-0x0000000004C00000-0x0000000004CCC000-memory.dmp

Filesize
816KB

Download
memory/1644-42-0x0000000002870000-0x00000000028BD000-memory.dmp

Filesize
308KB

Download
memory/1644-121-0x00000000028BC000-0x00000000028BD000-memory.dmp

Filesize
4KB

Download
memory/1644-120-0x0000000002870000-0x00000000028BD000-memory.dmp

Filesize
308KB

Download
memory/1644-14-0x00000000028BC000-0x00000000028BD000-memory.dmp

Filesize
4KB

Download
memory/1644-13-0x0000000002870000-0x00000000028BD000-memory.dmp

Filesize
308KB

Download
memory/1644-124-0x0000000002870000-0x00000000028BD000-memory.dmp

Filesize
308KB

Download
memory/1644-125-0x0000000002870000-0x00000000028BD000-memory.dmp

Filesize
308KB

Download