fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e

Analysis

max time kernel
105s
max time network
100s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
13-07-2023 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winamp_latest_full.exe
Size

12.4MB
MD5

39b72e2cbf2fb8da961538de3e892eba
SHA1

237ce8611cb8e2ede8a5d6b982597f7e93b2cd81
SHA256

fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e
SHA512

36e8b9d759d960390e8f1b4ac420d591204cb95a776be668db365c453cb702cadee9b34c03779044fdc04c2d2929ac542e01bba50094f8352e2724a082611b59
SSDEEP

393216:udNH1gz1+ZUUG9NWpHYV6ohIBfqHts7UU2wP3:udZk1vUG964V6ysUs7U/u3

Score

8^/10

discovery evasion

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 5 IoCs
evasion

Modify Existing Service
T1031

Processes:

netsh.exenetsh.exenetsh.exenetsh.exenetsh.exe

pid process

2724 netsh.exe
836 netsh.exe
2820 netsh.exe
872 netsh.exe
1604 netsh.exe
Executes dropped EXE 3 IoCs

Processes:

elevator.exewinamp.exewinamp.exe

pid process

2956 elevator.exe
1088 winamp.exe
552 winamp.exe

pid	process
2724	netsh.exe
836	netsh.exe
2820	netsh.exe
872	netsh.exe
1604	netsh.exe

pid	process
2956	elevator.exe
1088	winamp.exe
552	winamp.exe

Loads dropped DLL 64 IoCs

Processes:

winamp_latest_full.exerundll32.exewinamp.exe

pid	process
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
2292	winamp_latest_full.exe
1720	rundll32.exe
1720	rundll32.exe
1720	rundll32.exe
1720	rundll32.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe
1088	winamp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

winamp.exe

description ioc process

File opened (read-only) \??\D: winamp.exe

description	ioc	process
File opened (read-only)	\??\D:	winamp.exe

Drops file in Program Files directory 64 IoCs

Processes:

winamp_latest_full.exe

description	ioc	process
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar + Geiss - Snapshot Of Space (LSB mix).milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\fiShbRaiN - breakfast cruiser.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\buttons_switchto.png	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi + Martin - dive.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Geiss - Swirlie 4.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\textures\smalltiled_colors3.jpg	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\fmt.dll	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - mix to mono.sps	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\data\comp_ps.fx	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\data\comp_vs.fx	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Unchained - Quine.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\System\xspf.w5s	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\tabsheet\tabsheet.xml	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Che - Terracarbon Stream.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Stahlregen & AdamFx + Eo.S + Flexi + Geiss + Phat + Rovastar + Zylot - Fractopia Kaleidoscope.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\xml\ml.xml	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\justin - joy.avs	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Zylot & Krash - Snowflake Halo (Ice Cube mix).milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\fiShbRaiN - toffee cream and icing sugar.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\cockos - variable length delay.sps	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\Scripts\standardframe.maki	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Bento\window\menu_play.png	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Bento\xml\notifier-normal.xml	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rozzor - Learning Curve (Invert Tweak).milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Stahlregen & fiSHbRaiN + flexi + Geiss + shifter - Stonecraft (Beetle Relief mix).milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\ml_history.dll	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\ct_bg.png	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\seekpos.png	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Community Picks\Duo - Hash the Planet.avs	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\Eo.S. + Phat - cubetrace - v2.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\Rovastar - Jester's Calling 2.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Bento\xml\notifier.xml	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S. - glowsticks v2 03 music shifter edit b (Stahl's Reactive RMX V2i2 - feat. flexi + phat).milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - strangely dynamic world.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Martin - liquid arrows.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\colormap.ape	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\fck - checkers with metaballs (skupers remix).avs	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Aderrasi - Airhandler (Principle of Sharing).milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Forum collaboration thread - second try #6 [Goody(2), Stahlregen (3), fed (1)].milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - simple delay.sps	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\browser\icontextbutton.xml	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\standardframe\standardframe.xml	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\scripts\videoavs.maki	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Fvese - Rebirth.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - hardcore mix 1.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Hexcollie, Flexi + Adam - Julian Sploosh.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\martin - Thinking about you.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\button_mute_bg.PNG	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\scripts\notifications_fade_times.maki	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Aderrasi - Ert (Wary Mix).milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Geiss - Motion Blur 2 (Stahl's Neon Jelly 2 RMX).milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\winampFLV.swf	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\martin - starfield sectors.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\System\wac_network.w5s	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Geiss - Inkblot.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\martin - mucus cervix.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - cell tissue.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - jellyfish jam.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - predator-prey-spirals [stahlregens gelatine finish].milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\scripts\visbuttons.maki	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\texer2.ape	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Krash + Geiss + martin - War Machine (Stahl's ultimate Mash Mix).milk	winamp_latest_full.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

winamp.exewinamp_latest_full.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.VOC\shell\Play\ = "&Play in Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MOD\ = "ProTracker"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MOD\shell\open	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MED\shell\open\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MUS\shell\Enqueue	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PSM\shell	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PLM\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SWF\DefaultIcon\ = "C:\\Program Files (x86)\\Winamp\\winamp.exe,1"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M4A\shell\ListBookmark	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.CAF\shell\ListBookmark\ = "Add to Winamp's &Bookmark list"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RF64\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SF	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.J2B\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MMS\shell\Enqueue	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MO3\shell\Play\command	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MO3\shell\Play\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\feed\URL Protocol	winamp_latest_full.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NSA\shell\open\	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M2V\shell\open\command	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DSM\shell\Enqueue\DropTarget	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DTM	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.UMX\shell	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DBM\shell\open\	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AVI\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.CAF\shell\Enqueue\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.CAF\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.HTK\shell\ListBookmark\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SD2\shell\open\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.W64\shell\ListBookmark\ = "Add to Winamp's &Bookmark list"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.XI\shell\ = "Play"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.IMF\DefaultIcon\ = "C:\\Program Files (x86)\\Winamp\\winamp.exe,1"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PSM\shell\ListBookmark\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.GDM\shell\open	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M4A\shell\open	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.FLV\shell\open\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMA\ = "Windows Media Audio File"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMA\shell\Enqueue\command	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RAW\shell\open\DropTarget	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SFX\shell\open\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.GDM\shell\ = "Play"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OGG\shell\Enqueue\DropTarget\Clsid = "{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.m2v	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.XMZ\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.XPK\shell\Enqueue\ = "&Enqueue in Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\audio/x-scpls\Extension = ".pls"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.LangZip\shell\Install\ = "Install"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MPEG\shell\Enqueue\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AVR\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PVF	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.FAR\shell	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OXM\ = "OggMod FastTracker 2"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xpk	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.flv	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xm	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.FAR\shell\ = "Play"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MMS\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.STK\shell\Enqueue\command	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.STP\shell\open\DropTarget	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OKT\shell\open	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP2\shell\ListBookmark\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP1\shell	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AAC\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RAW\shell\ListBookmark\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.wav	winamp.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery
T1018

Processes:

ping.exeping.exe

pid process

1172 ping.exe
820 ping.exe
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

winamp.exe

pid process

552 winamp.exe
552 winamp.exe
552 winamp.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

winamp.exe

pid process

552 winamp.exe
552 winamp.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

winamp.exe

pid process

552 winamp.exe

pid	process
1172	ping.exe
820	ping.exe

pid	process
552	winamp.exe
552	winamp.exe
552	winamp.exe

pid	process
552	winamp.exe
552	winamp.exe

pid	process
552	winamp.exe

Suspicious use of WriteProcessMemory 43 IoCs

Processes:

winamp_latest_full.exewinamp.exe

description	pid	process	target process
PID 2292 wrote to memory of 2956	2292	winamp_latest_full.exe	elevator.exe
PID 2292 wrote to memory of 2956	2292	winamp_latest_full.exe	elevator.exe
PID 2292 wrote to memory of 2956	2292	winamp_latest_full.exe	elevator.exe
PID 2292 wrote to memory of 2956	2292	winamp_latest_full.exe	elevator.exe
PID 2292 wrote to memory of 2724	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 2724	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 2724	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 2724	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 836	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 836	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 836	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 836	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 2820	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 2820	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 2820	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 2820	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 872	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 872	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 872	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 872	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 1604	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 1604	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 1604	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 1604	2292	winamp_latest_full.exe	netsh.exe
PID 2292 wrote to memory of 1172	2292	winamp_latest_full.exe	ping.exe
PID 2292 wrote to memory of 1172	2292	winamp_latest_full.exe	ping.exe
PID 2292 wrote to memory of 1172	2292	winamp_latest_full.exe	ping.exe
PID 2292 wrote to memory of 1172	2292	winamp_latest_full.exe	ping.exe
PID 2292 wrote to memory of 820	2292	winamp_latest_full.exe	ping.exe
PID 2292 wrote to memory of 820	2292	winamp_latest_full.exe	ping.exe
PID 2292 wrote to memory of 820	2292	winamp_latest_full.exe	ping.exe
PID 2292 wrote to memory of 820	2292	winamp_latest_full.exe	ping.exe
PID 2292 wrote to memory of 1720	2292	winamp_latest_full.exe	rundll32.exe
PID 2292 wrote to memory of 1720	2292	winamp_latest_full.exe	rundll32.exe
PID 2292 wrote to memory of 1720	2292	winamp_latest_full.exe	rundll32.exe
PID 2292 wrote to memory of 1720	2292	winamp_latest_full.exe	rundll32.exe
PID 2292 wrote to memory of 1720	2292	winamp_latest_full.exe	rundll32.exe
PID 2292 wrote to memory of 1720	2292	winamp_latest_full.exe	rundll32.exe
PID 2292 wrote to memory of 1720	2292	winamp_latest_full.exe	rundll32.exe
PID 1088 wrote to memory of 552	1088	winamp.exe	winamp.exe
PID 1088 wrote to memory of 552	1088	winamp.exe	winamp.exe
PID 1088 wrote to memory of 552	1088	winamp.exe	winamp.exe
PID 1088 wrote to memory of 552	1088	winamp.exe	winamp.exe

C:\Users\Admin\AppData\Local\Temp\winamp_latest_full.exe
"C:\Users\Admin\AppData\Local\Temp\winamp_latest_full.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2292

C:\Program Files (x86)\Winamp\elevator.exe
"C:\Program Files (x86)\Winamp\elevator.exe" /RegServer
2⤵
- Executes dropped EXE
PID:2956

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes
2⤵
- Modifies Windows Firewall
PID:2724

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCP
2⤵
- Modifies Windows Firewall
PID:836

C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram program="C:\Program Files (x86)\Winamp\winamp.exe" name="Winamp" mode=ENABLE scope=ALL profile=ALL
2⤵
- Modifies Windows Firewall
PID:2820

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yes
2⤵
- Modifies Windows Firewall
PID:872

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDP
2⤵
- Modifies Windows Firewall
PID:1604

C:\Windows\SysWOW64\ping.exe
ping -n 1 -w 400 www.google.com
2⤵
- Runs ping.exe
PID:1172

C:\Windows\SysWOW64\ping.exe
ping -n 1 -w 400 www.yahoo.com
2⤵
- Runs ping.exe
PID:820

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\SHELLD~1.DLL,RunDll_ShellExecute "open" "C:\Program Files (x86)\Winamp\winamp.exe" "/NEW /REG=S" "C:\Program Files (x86)\Winamp" 1
2⤵
- Loads dropped DLL
PID:1720

C:\Program Files (x86)\Winamp\winamp.exe
"C:\Program Files (x86)\Winamp\winamp.exe" /NEW /REG=S
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1088

C:\Program Files (x86)\Winamp\winamp.exe
"C:\Program Files (x86)\Winamp\winamp.exe" /NEW C:\Users\Admin\AppData\Roaming\Winamp\winamp.m3u8
2⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Winamp\Components\ssdp.w6c

Filesize
31KB

MD5
80e53207d1f5f684b098bf70b66c34b1

SHA1
848367ff79a68319c9211abfae289a3802a809f6

SHA256
dd55372e906699c3e35f02313736f74a13d1e526d0b9620cadb70d57e530af63

SHA512
cd7e0b59a2eb0ccf164e958e758d53646dd6a229a67cb37e2d524fb36d19116117b7390a368bc47043faf407d788e839aee20f501b7c90d367515acdf65690ac

Download Submit
C:\Program Files (x86)\Winamp\Elevator.exe

Filesize
97KB

MD5
59803a5bb88b88a6d83342eeb3816ad9

SHA1
cafa43cacd584deb0d54ac31ae9030f90455c6b7

SHA256
a8e9655510906994fdef3993bebabf0a5e0b6604f02c0ccc28fd31be3aa684bf

SHA512
85038570bb2fb39e7ee8994ccb3f8f9203c0d8360fea889d238c13b3b49a7ab85488edd01d3ec7e37288ffbd0db7e84cfe0353e199289a854311d27990cb9eea

Download Submit
C:\Program Files (x86)\Winamp\Plugins\gen_crasher.dll

Filesize
57KB

MD5
e52a7ef27aa85d2d763a47a0e3d0ec49

SHA1
918c0487e0798e9f16a2c8cab659b113eca57f65

SHA256
7c2d2c9db724b7ac4fa17b871c741182be0dab51f89b75a8d114d9d6d95b09fc

SHA512
7fd1bb7e2edb029b2853d64e5443213d0d8abb1aa97bf5c92ebde1ee3a42248867b998a89da657cd140fa68e98a1b961647362b049bac494f0a4032fe9024cc8

Download Submit
C:\Program Files (x86)\Winamp\Shared\jnetlib.dll

Filesize
2.4MB

MD5
0e1d9c1b1d067ca068a120258d56f10b

SHA1
3f2f1354261a9de037bd83021a6fe2be024f371c

SHA256
df0e962303ee3a276e342d2a8c022fa756db6b6c93f680171b165c22feb70521

SHA512
66be377de7eeeb09dd4197882aced2486d411082b428f91a074322bcaff61d10223e4d842367f9c42679c74e3601657e3d95b73d610d868c22b9272067e66c2b

Download Submit
C:\Program Files (x86)\Winamp\Shared\jnetlib.dll

Filesize
2.4MB

MD5
0e1d9c1b1d067ca068a120258d56f10b

SHA1
3f2f1354261a9de037bd83021a6fe2be024f371c

SHA256
df0e962303ee3a276e342d2a8c022fa756db6b6c93f680171b165c22feb70521

SHA512
66be377de7eeeb09dd4197882aced2486d411082b428f91a074322bcaff61d10223e4d842367f9c42679c74e3601657e3d95b73d610d868c22b9272067e66c2b

Download Submit
C:\Program Files (x86)\Winamp\Shared\libmp4v2.dll

Filesize
196KB

MD5
94ac898b7a10067e78d714849b5742a5

SHA1
9f6a171c27f1bf34f6d005879891ebf67e6cb283

SHA256
0dd4c133afdfe6f2e6d5e00ef7fd5494da1eb7cf7e2c5d9832803e90af9d75e8

SHA512
87cc90a0144e534a601467c02865573fd537ecc05c9154a38eaf00d2b2e5ae605a420c08b41df8c8638041e2c364aeb7d566f3074717388d51d361e95911fb77

Download Submit
C:\Program Files (x86)\Winamp\Shared\nde.dll

Filesize
85KB

MD5
7ef49a648488189e84785031e5233980

SHA1
fcdb8d02a04a664afbc901aef516d4bde9cc48f3

SHA256
1f856e87de95f73f6e7848473c62cb9868ec70a0d01686f56a9bbedceb89170f

SHA512
98c379ec0e538e7d92c93d374b4b3f7da8c282a4b4865c82b1626abccadfb5d13b458d15af6260ec8d644e9d2a8ab596f270f274bfe61e289bd5a9e37e424b02

Download Submit
C:\Program Files (x86)\Winamp\Shared\nde.dll

Filesize
85KB

MD5
7ef49a648488189e84785031e5233980

SHA1
fcdb8d02a04a664afbc901aef516d4bde9cc48f3

SHA256
1f856e87de95f73f6e7848473c62cb9868ec70a0d01686f56a9bbedceb89170f

SHA512
98c379ec0e538e7d92c93d374b4b3f7da8c282a4b4865c82b1626abccadfb5d13b458d15af6260ec8d644e9d2a8ab596f270f274bfe61e289bd5a9e37e424b02

Download Submit
C:\Program Files (x86)\Winamp\Shared\nsutil.dll

Filesize
420KB

MD5
0e87445c382776b590b6898ec3e4e0f4

SHA1
5770be505b48c73bd5fabd108c21c6728efb570e

SHA256
cd614597bd78bcfdb3d9d5dd1f7462a85d5a1f4b01ac479666d9b1516bccf137

SHA512
c9da42f43c922406f06b90763ad6302053e9a4d8eb00fb1c74f652aacc5a43eb9b1c713c8130b6c009222db4fce3ba662408749928316f1fe65dea847cff092f

Download Submit
C:\Program Files (x86)\Winamp\Shared\nxlite.dll

Filesize
78KB

MD5
0eb8f691e53a5ecf93b14d8d6c72e6ce

SHA1
2b40b27c1668791a146978e861005bc9095a66a1

SHA256
7cd7679b154f7d40f22d37b02e8aed2a694a2c23c997ba1cd1e4ead21164939e

SHA512
9efc89c2512e4bac51142ad3e34e10755ded7b055d93eb44a44abb7f4ef0822e4eab039237d7238cce007f56a447e1986de13febb0623839b7c065a4b1377367

Download Submit
C:\Program Files (x86)\Winamp\Shared\nxlite.dll

Filesize
78KB

MD5
0eb8f691e53a5ecf93b14d8d6c72e6ce

SHA1
2b40b27c1668791a146978e861005bc9095a66a1

SHA256
7cd7679b154f7d40f22d37b02e8aed2a694a2c23c997ba1cd1e4ead21164939e

SHA512
9efc89c2512e4bac51142ad3e34e10755ded7b055d93eb44a44abb7f4ef0822e4eab039237d7238cce007f56a447e1986de13febb0623839b7c065a4b1377367

Download Submit
C:\Program Files (x86)\Winamp\System\aacdec.w5s

Filesize
37KB

MD5
3f22364b04bdd95b5bb6193c993049ca

SHA1
fdf195aeb9c9b624f766cb9a11bc0d8e1f20d5d9

SHA256
772373cbb9e6da051368248bb8a73e11ae7aa232860861933b92e97d15c305ec

SHA512
04aceef8ad8fc0823183e9e187ab65f69c7a435bb6d69542cbb7e1208ec11ff8f1fff09ddd6e3f0d0a9246c8b42faba4b2f009bc4368742ef0b8b042bd6c1382

Download Submit
C:\Program Files (x86)\Winamp\System\adpcm.w5s

Filesize
30KB

MD5
63fbcc000aa4d0d75c569e4279eb29bf

SHA1
4e5909b204e7b383981104bd2b2b4a68f392374c

SHA256
d454db3897b4b7e85110875999a6c4594e875b3b86644e71661884296cdc5217

SHA512
286a6c2a1566734ac9438656053b85bbfd1c4a842ff3fc70e58e2fe2a661de96c3ecdfc09908756125a24016c255ec97e821cfb77c029bb9379fc217d21c02c7

Download Submit
C:\Program Files (x86)\Winamp\System\alac.w5s

Filesize
36KB

MD5
9cd27176dfd77f682b074bf9dac1736a

SHA1
e82e2910c2b3451637a03d21ecb61f6f1de49559

SHA256
8df472ca07447a30326107dc21f5fd5448a62a71d5c53a6fc87cecf77fcc4e44

SHA512
c142e23739cc8797634072cd0912080a22c83ca0feddf7514ab2e031008c411de118ca8e1127601031b5ab8c5eb215f5a8fb5523a92498c727ed122601519372

Download Submit
C:\Program Files (x86)\Winamp\System\albumart.w5s

Filesize
38KB

MD5
d7af4c04092842e5b4994ebed8bd05ca

SHA1
391add7a9bb2fe52da52e436b8f9c3c4546ab9d3

SHA256
c68698231754f25e069ca761d497b3c683f8166a81da076d33fc6d7489ac3769

SHA512
d02ca853abf9006c5760fc9e447633201c1d3e00b997aa75eaece259b42ff2dfa3cd4e63a87e4ecce97ccf45e2d2c0dff90d3f310d4e53de9d4d1cf32fa8b4ff

Download Submit
C:\Program Files (x86)\Winamp\System\bmp.w5s

Filesize
56KB

MD5
076b8084cb144b8e395dea3d3191a414

SHA1
72015b308c80a5955e68d256748af263c5edeecd

SHA256
91a1c75cd2a4cdc4a19f15e8061084ddbd9cf0fb2b03cad6d85b568254f58585

SHA512
7b960d176780e558e152c33a0897dd4f3aa5e3fe8fbfcc64eaf73785f53edcb96ff2143b2ca58499c98ac20f6c4484e6110b1880f2cf84cc5902a4607d505eea

Download Submit
C:\Program Files (x86)\Winamp\System\devices.w5s

Filesize
51KB

MD5
86f1ec62db6e736f27d9a2732115f81e

SHA1
79a3e2f46db95b55e2c7afa5411dbdb9ba92285a

SHA256
a3df6c40e8cf6f2765cd1bc446bb16aae858407656c7239b920d0dedd135d049

SHA512
5f00a464e77da7dc731e41ab29215251355a71552de99c88e8e4b294890f2837f9008ee14be3fb1c2eade3ff3917172a8ced997852813c4c834ffb8fa758daf1

Download Submit
C:\Program Files (x86)\Winamp\System\f263.w5s

Filesize
45KB

MD5
56f562aa73a4c3bfc542c43f27e62275

SHA1
d5f4f448d58789b7140e06d7d401073931db9612

SHA256
1b18b6a3c03eb26eb89a2c5f0e552090a7073fe6db553622005081cc12b20bdc

SHA512
13da391b91d52197fd68c8a9f86db4a0ba0a60d3da7a95f7de0366d7e9309492c0a676482075aa561cde1baebfba1d8e32f390cfdbc9a456d55983207f10739d

Download Submit
C:\Program Files (x86)\Winamp\System\filereader.w5s

Filesize
30KB

MD5
05fe16de167a516089ef3e96ad03f77d

SHA1
c64357d9bfc7398110024cb13860d23d136b3a03

SHA256
47ae2faa3fd9a92df816e43fe36dee412a1a95adc9c547f2bf4b54a3d1fb024c

SHA512
ad038ec5006bd3b8abf6a81ec851096fcc6a480fdbbff6c1f5271b8dc734c047b746521ee2ddf66ae4f914c943ab1db225b05b84481917f5f5b5f8808614f491

Download Submit
C:\Program Files (x86)\Winamp\System\gif.w5s

Filesize
35KB

MD5
7f85166b45e3835e9fe933408795b1dd

SHA1
65c400fb3528c64f2e85d651f7dcad3acda0e95a

SHA256
43f9cb8257a7f482f9039e8c4b86b15b5d5d03061e647ce75e2a95cd7386aede

SHA512
d5009021d2a208eb51754a1ca77cb591b9618a7cd577bde5551d2a3133ad3a4271cf46cb8362109652c9ae10d3f2abcbc2029d9e9c35c0caff151095778dbcd3

Download Submit
C:\Program Files (x86)\Winamp\System\h264.w5s

Filesize
45KB

MD5
66f906268252787285b860f8dc0cd68b

SHA1
adbb65e3e28438896cb97fa1aa7a48e41eba44b4

SHA256
2141213600d7d2c9a12d98a324c8381ab7be8792ba57b7b6e68770adb1f40813

SHA512
0be66230cdb767d9c0b2e91503160a3be43b036e653da68ca748d103346cd121ca29890dd9fa986cdb61ffd7815633ec85a6dd4a322c31f9783ef0ab34f64f0f

Download Submit
C:\Program Files (x86)\Winamp\System\h264.w5s

Filesize
45KB

MD5
66f906268252787285b860f8dc0cd68b

SHA1
adbb65e3e28438896cb97fa1aa7a48e41eba44b4

SHA256
2141213600d7d2c9a12d98a324c8381ab7be8792ba57b7b6e68770adb1f40813

SHA512
0be66230cdb767d9c0b2e91503160a3be43b036e653da68ca748d103346cd121ca29890dd9fa986cdb61ffd7815633ec85a6dd4a322c31f9783ef0ab34f64f0f

Download Submit
C:\Program Files (x86)\Winamp\System\jpeg.w5s

Filesize
251KB

MD5
27b80a94170e65b0c9dcfb197c17476e

SHA1
15c01f7833bd5383e6ef7bb2a5d46df67c338593

SHA256
df87f5df936c9da4ad87a50754bf42dd63dd58ebaf7cfa230ec3b6f5e111e0b7

SHA512
0ca7080b4f23ba1e120e9eb641931f50c71528e3a083f67f0252a6fb2ccc4a660dfbe8db99125fc271a81fd449d526d5e0c015b91d304f92049e714c3bbffe54

Download Submit
C:\Program Files (x86)\Winamp\System\mp3.w5s

Filesize
254KB

MD5
dc512563b8bb0545b7420500d4d11af3

SHA1
74f4eae887e33590cf24760e16e05a1ff4b73562

SHA256
59f8c48f9130bd4fc475d2f3cac9700a550fbcb1cf346955777535e9ee61a9be

SHA512
5940b675685103bec5eb7d752da6a6c65f52ed50b4c93f69e4a58a33d33736cbf40e3fac7aef443797143439165463d5a0c26c944bf278381616f73cdba28d4b

Download Submit
C:\Program Files (x86)\Winamp\System\wasabi2.w5s

Filesize
51KB

MD5
e64e27195d6c298276d518c3bdbfdc9e

SHA1
ecb372039808d0d4aad7a5594e71ccc36291f124

SHA256
2fcefbca651857ec1eddbc3e582bc5aec40277dd4c00118290ac934a4a6eb09c

SHA512
9139052d756c1553196c3d00fb534fd33fcdddde3e4e6292af9a6acc9eb2dc6fb48b47db2e3f25a59852ce68d1dbda05ffcabed777471ba9c2de8964156e8346

Download Submit
C:\Program Files (x86)\Winamp\paths.ini

Filesize
30B

MD5
8ad85a252352aa655f18d1b9300667b1

SHA1
5d2939f3b6c29739303f2caa4560d1f5376309c6

SHA256
fb7293e289aa918d2cbc3c362cea48dd061b0e12616924460466f26df28ff05c

SHA512
aa3c14551846a2a89b7c4ecbb9ac63e3c83501de5e088634c77e92ffd068a0aa547ad5c0d06890b553469013ff0de0dfe2058de86677966ace9c4d0b8c7b5525

Download Submit
C:\Program Files (x86)\Winamp\winamp.exe

Filesize
2.3MB

MD5
ebebc6e8f41e6c04dd661a14761d75d9

SHA1
9762e726a682f54bd9606bf08867a6206a1a39f7

SHA256
addf561fcdc496c1318ddc3586352aa7f6c1feb684a9e8ffa285409beac5b446

SHA512
9493e6576fe94e4ee8aacbf10389acc21a0298eea07217c53fbfe6b87ba2dd010c9f0081c5574ac3e896720e7e9b4683adb2dcaba4231c6a9fbb738181081c3e

Download Submit
C:\Program Files (x86)\Winamp\winamp.exe

Filesize
2.3MB

MD5
ebebc6e8f41e6c04dd661a14761d75d9

SHA1
9762e726a682f54bd9606bf08867a6206a1a39f7

SHA256
addf561fcdc496c1318ddc3586352aa7f6c1feb684a9e8ffa285409beac5b446

SHA512
9493e6576fe94e4ee8aacbf10389acc21a0298eea07217c53fbfe6b87ba2dd010c9f0081c5574ac3e896720e7e9b4683adb2dcaba4231c6a9fbb738181081c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\Dialer.dll

Filesize
3KB

MD5
adea8024c99d7802fa3c9e5d34877aad

SHA1
4e015a5be3e668aa3e9758370413f2bb8ec5ad1a

SHA256
242b6aeb759e31b64e014e3df6b5c478fb309d56b4df8cdb59b2cd03bfa77db2

SHA512
717a9f08842e96e9395fe8fff19138d7e599e3dd4f44b7b55d9be86211f20cd89a1d315df1f241afc52456da738623401ee721b17e9fd5949fe1decfc1b2819d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\LangDLL.dll

Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\SHELLD~1.DLL

Filesize
4KB

MD5
9c266c2dc7eca5bcab2d8df4990e0c1f

SHA1
662da3d9ca18aacdbaef884065fbfffdfacfabfa

SHA256
ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd

SHA512
e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\execDos.dll

Filesize
5KB

MD5
0deb397ca1e716bb7b15e1754e52b2ac

SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\install.ini

Filesize
1KB

MD5
f895788ea4e71385243f1bf7e1538747

SHA1
276aaed3c97b09909c6b9fc1d2cec4eb83e2bedb

SHA256
7fe85013aa3e406531285bf41c37a80c036eba456d0329aeb1e81a39550e468b

SHA512
a28a70d51101b3c07a38fe133b5886d9e7e27e03ffb6764e4d4f415de836e4e8de4f7a1471ba23205500f1e0765b7f0f5255d33744d057b7c8161cb06d60ecc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\install.ini

Filesize
26B

MD5
385081d5feee87a4ed1a6e5dcee85f36

SHA1
8517162855b477e5498e95ff2e82584ef06d5c6d

SHA256
bdc6fb93206c1e7a590f2d4e97d0dab7d3badaf8b4e1a7b8487e9cf59f05eddc

SHA512
52bcb1cdae8abbe4b14ff85b57e03426d61e5cb25b1535a827af526ec66c00ae0a327b187cd10279cf18c379c912d3e478ef9966bb497a8b626824fe32d1093f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\modern-wizard.bmp

Filesize
150KB

MD5
2d63e33fa1cf672338a22c88fa45e6a0

SHA1
86c510009d6c71d05eb2707fe6a10039df525192

SHA256
7ae875cfcb6e3b1f4a06460fbda99d8014dc4674ee256b0b79ec656777c7e292

SHA512
d42a7401c1d0d77d517d2f8086286bd6cf487cf5400cd8b8d720bcaf15149727751677f444fd9a8e340072deabad51347956894c1c034dd81df793b3b8087252

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\nsis_winamp.dll

Filesize
4KB

MD5
1e1ded1cf1c69852f2074693459fb3b5

SHA1
81b165cae4d38a98760131989fdd8aed2c918679

SHA256
5946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec

SHA512
a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\nsisdl.dll

Filesize
15KB

MD5
ee68463fed225c5c98d800bdbd205598

SHA1
306364af624de3028e2078c4d8c234fa497bd723

SHA256
419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04

SHA512
b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\feedback.ini

Filesize
884B

MD5
34596887db65b4d559bd92adbbd58eb3

SHA1
a610a496b41bc38bdb43e04b64c1e8ee2703fb8d

SHA256
b481b979a63b97651e2231b684e8d98f7c8a8e77163beeea49710a90da03c566

SHA512
115cee2deece2c0a5e83a68e14252272c9bdc2b8102fa33d21d56dd3db0bdf764b093fd4faca1afafcc3c92f8df065bd782c4d7b97c43a92b43b3761be3aa6dd

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
85B

MD5
661f2206ac253963428371f575ce29e2

SHA1
a3ae20abb92b0a39f5be0e48387ff36c878d8999

SHA256
5eddd08dbbbb3f45bdbd18c5cb621e1d8b4f88961a51b25fb61c972887a20bae

SHA512
49a4ab478e326a5b820399c64169cf1a28bc1c7f00cc3a3c5b34b3e5f0553527087c4bd43eb2b4244202186f47e5ea969bf962290ce338f0e28b974d2af6d767

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
ff21f35fe476c1f400123cbcea4fae69

SHA1
afd1e621f5eae0666cbb869e7c85bf59bd18696f

SHA256
df9e3e4d59b3ba0f21672752a0f3ce345d219644a999eff7f46140c560020200

SHA512
6586a1f209bf749a645fa8c0297968579ecb27f70f1e7d56c6cc7c1070f8bb0e71cf03c2a29c46c9c92e5179fe5b2d736fca5bcd730f962a35a56c473bd27ecc

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
6ac5751cb0476ecb4cc07a869e64ae8c

SHA1
04f29345b10aedea6833bb9ff81d9c9c0374c841

SHA256
f7cb06f471bed9e4bf1b96e1a99adbf3f40c6375985daad885cde12d3635ca44

SHA512
137acd61b31a390332a2da84ef5bb16c4f4bbeafe423e5076c9008961f9e0c00ad32eff151b8424305b43a9f1094a857daa2dc83583858c9136f8f2822da1f66

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat

Filesize
466B

MD5
9df561ac28d5ff4fafddc01b150da711

SHA1
782b2ea268ee856f289e379c8a1e01cc7eab5ecc

SHA256
865ae5de28197f958eaada19f4de9876db7e09c3b0dbe019efdbd4d5c1ba6c75

SHA512
53942c31dfaf97d7d2cda5bccc35857d6c4bbffe598e74874e76659bd0095729d442740e7dd8d0f11533b69869f572479a73ea9d22d583c12f025b7246f71832

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat.o1d00000228

Filesize
8B

MD5
76a66845f666c52790c3442f7e1a491a

SHA1
e392a609d9dc81fab060d8aece449fe616a40053

SHA256
101f682d9c519400a4d36b6a09cf0dd39a9faab6353b3ce0eb2f071860b6d05a

SHA512
71a6ab36ebfb6ff89ec6fbedfd1982fe0fb7e8c76981d24467eb73a924dc96cc4a0483381beead6517f829fa8babead0176a8df229072040564e708d99b4c783

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx

Filesize
68B

MD5
d39305c16a773b222871032c4148600e

SHA1
196b2a21dabfd3d001e2c79f3fdc7c411c4ca261

SHA256
01786514a6a5bb357099b7c11c23615c0e8e6e07aced1f3764f034b6a6be8d29

SHA512
bc16b755eb56da66ff8290d1498c9ebbe7a29e27c50a4326cf3cd9018d20c13bccb4d23e63429e07ac33e323ec19e11a69ad2e25c1b5a4a67341ea2019862093

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx.o1d00000228

Filesize
32B

MD5
137faa0c3baa69f733eaadb966b64ade

SHA1
a55982685efc19bb0afffa2eb1f3750241480eb8

SHA256
9cc291dcb5847e7f0e6d4bf322164461c6607da934ce9d376c0e15f7ddd33181

SHA512
b6286a581aa3d1add62836804a1fc79a2399fd6fa7144945b47f2ff8c0ebe88af3f289bee95db0cae1aa7c532b487a4bb6a9e65710c581afa2b7f13989885d78

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met1910.vmd

Filesize
126B

MD5
2cdaffaec77db6248825896e5c424893

SHA1
fc8df8ddc7811bfcf8f426dce0316c7eb6366b69

SHA256
6217223a02d019b85e566e2804ae6ae4dd3643c95578279a27909c9eedbdb961

SHA512
387e12cab715c8d9530b21725808c91bface84949f03d17312890464ec53ffbd79ce3a83685e0897e208a2e26e85c8296b848d91b0677df1bac446c229cfe05e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met28E2.vmd

Filesize
116B

MD5
c386b2dab1e50ba2766d84fbff261563

SHA1
04689715512886016010a77f4cb1e6659e0df0b5

SHA256
ae6359b0c31c69599ebb789f3016908d680c7079d452c4648a3af0226b78a84b

SHA512
f67d207fad5f0a78d1c7e507257aa903704020f8339720c7e6e23e7d4699d084a57628703a0cd4f33b0460e5454a6d33b99c51f37e346a95504949ce30929723

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met38B4.vmd

Filesize
116B

MD5
c83239613245411ebd5416fe69629720

SHA1
e0b7924b12a88958fb9e18d5d8bdf1ed9ab84337

SHA256
a1defd5d6eed464399dc2a0f2c07d1f3a10e45963899ff4b824f748b690362d1

SHA512
f3d264e25bbceb2c58d741bfa16c35213df9a629ac59ef9a275c2ec60320b6580c6f1468627e966e14bc27695d9e157ce264a6259a4f78995e7fbe304d5e4528

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met4886.vmd

Filesize
127B

MD5
252e14c85c8b8288fda93614891308eb

SHA1
636d352077cab476c805fac2bc4ff58d83a14b99

SHA256
cd160e25ecd10aeada7cbe1b0913b8dc8098d009e43b9a549765e0250531c81b

SHA512
7c5654607006bd1300874257f9c452b7e5aeaf90e4815ccfa0f195988f7d51dfb8dce68c71d15649242f8d05f970d67101917c4ddeef12ea05d39fa8aa1f293b

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met93E.vmd

Filesize
174B

MD5
9936bebab9c4e0e2aac7dceffc42dbac

SHA1
c1d2b8ceed49c904db7f174e06cc4e8ef851a87b

SHA256
ee730918e759544d7d087fe0b2e0aee12145ec36ecd4f4aced4336d85503a124

SHA512
16a5da57970c1d9b0e00bd8ac21ad53260b48db7b7b8bdb1953c625e8b6a9a132afa53fcb835163b73fe6a5dae40aa5ddffda9a11f42e8942c07b180363f2ff0

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metF97C.vmd

Filesize
103B

MD5
eebb8da8e062bd685542bffe0bb94e74

SHA1
75faddb50b83eae36988c1e3eab075fe8d5a3415

SHA256
ec58f79fffd619862667c1a7644ad34f76c4623f2b7857a5341640c893d4de18

SHA512
8a23a32b28a558e9a5d3a615d4412b768af8948f132b09e97ca121471db46693a4d05ce4df64f1ad951749d65c4d19000e08f7870d99eef9b90b62d2864f1bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metF98B.vmd

Filesize
125B

MD5
d39c2a872b313f71c47f6bef8a44b425

SHA1
fb0b1e55ba114f0ec0856cec44934c692690e487

SHA256
84f5b0b1ecb3612db2d369b18c758cd0de8ad31b371943343fc5b776092fceae

SHA512
b21b234843480ade18abbfc1dcae5edd536def427bfbd39d0c384e439c2b0692d1654703e32b4648ffb6f719fc1236edbc588bffd242ea7792fbb41b82d65b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Winamp.ini

Filesize
237B

MD5
d82bebf2fe2519b17520980e5c1afeaa

SHA1
a641366b7825b943ae8fb6f8b6c61f94c56c1c23

SHA256
ab3985dd5094e8a443d56db57578f52b4b5211b7c5ca72881971cdce0c52bbd5

SHA512
77ef3c498241992e269f5c6228b8d0d8bbf46291e4b2f23a723a6cf5f35b000e8387ad2d22dc30947aad707b14ea00930fe1965374a3789b362711d7f908abbe

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Winamp.q1

Filesize
4KB

MD5
d24f1b829d1bd197e157b12d19c220e9

SHA1
555274f63e5b6ddbbd548179754fd0b2cbddf888

SHA256
58065811d8e881a5087af0c9a44d2baaa9628dc3cd1b1847533dad2c35a02cf8

SHA512
55c5c6bc1c466eebde84b98e024d774711bc1f1e32b28842d77eaea93dc030878e74012ea48179925313490b7c77d07383213ebb63d691228d2333e4217b33fc

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
195B

MD5
de5f79f38637150cfa7d61964e21f288

SHA1
7bbd8fabd882328620fb2700f9490bfd6f8e35c1

SHA256
a051a44d3ab71a69409d72f11fa2ce3984ce844c629c5bc68c1b2b65e3da4184

SHA512
eee91054f43a3865fb1123aa27b33794dbca257d97a568727758f4097953949beade88b71fc41bc5d5153272bf84d77d530cadce3f0ae3a142bb362cd470a02e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
277B

MD5
ab16c853dd4f15e1084d0f7f82421901

SHA1
f34cd820c514ccace1bc2f03465d545f0175bd14

SHA256
2c80155e35a1ee3ecc022839344e0bd7d761ac452c5dfe36dba275e862eac949

SHA512
b706d7b081278c50cfdd24151b9225db467bc573b6ec5a146204c94fc8a6f6659fa7d7774180f38cbcc6cb730b3e648f97bed4bf06b444a745c514a26362f808

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
300B

MD5
7ef9f16391cd6d7286b69a7034ac5982

SHA1
63760ac36913212f8fe785f1bc6c32c298aaf9c4

SHA256
1d8520b7a9c9ce04be3c64279a9956b97b6f31cc8849480b6ba9c3c98b9b0d0f

SHA512
bd2d65b4591419623dfa7838529d2c83b23bdee79183aa8b9ed9f645a32ba22b3f4f753bf57c90453d5784c159ad0b3c6128a12101c630d3034f67107ee610ad

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
312B

MD5
40174be885e0deec3b1adb831079125c

SHA1
408a31f028ca311310ef2e8451683d1007fa942c

SHA256
b120dc57bd76881d82b24ea92d25545554425c368d72bb27c224ecc4afad9095

SHA512
cdac907888670c807924d8bd361a1e37252da25ea0c09d2dc0033d852211a6eecc0c4525f55c8a1e5c11d0bce5c32e31938fd247a043a12de4de263d34e07e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
0c39f78d6c82ed04a8c5b4e2e0f0323f

SHA1
1eeb7a431aa1c2382bc0d7070ab8135bcc1e287d

SHA256
48dd054e3c4d1e7584268fa227f5a65655d1568264d4d53ca76aecb1baf892fe

SHA512
6d38740e3b3244345a8016b9b6fe9d6e92e81868f39c7bf634eb79f5f990f92fa6bab82d1a29f8821f14400d7bddba4ae54e4c13be71f871143af509ec2992f6

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
37f86a8c69b5ae631e480d2cd332b2e1

SHA1
254c38ae19ac0ae556836591b1175c3fa606f2c8

SHA256
2579f1d70bb9d776d9b7e6a174d2889f4792444ca93d143746988b0a68170fe3

SHA512
d0eb428d9b34d5b78f4e3323548a0c005b76946761286ae2d3c74ee2449674206c4d9c8a7b8f7bf701cd2a626c1916dc15e337845f44da9fafdebb05e486ace4

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
375e544cd11f8ec9a6d983c3eb633bc3

SHA1
b829523a4565d5bfb3c03a69d628ecb2d0f9f600

SHA256
ab1f36839106b256b757d1c69f390905708c1b1106779566502142055e54c139

SHA512
8620fc849eb9bb2b699b9ad1ebcd71086ac9b6d2275f63870ecd5ecd04027ca46b3d4a143eea35b7903984beb1107f7e5dd471d4ece7924d0f8eeb5cfd49b604

Download Submit
\Program Files (x86)\Winamp\Components\ssdp.w6c

Filesize
31KB

MD5
80e53207d1f5f684b098bf70b66c34b1

SHA1
848367ff79a68319c9211abfae289a3802a809f6

SHA256
dd55372e906699c3e35f02313736f74a13d1e526d0b9620cadb70d57e530af63

SHA512
cd7e0b59a2eb0ccf164e958e758d53646dd6a229a67cb37e2d524fb36d19116117b7390a368bc47043faf407d788e839aee20f501b7c90d367515acdf65690ac

Download Submit
\Program Files (x86)\Winamp\Elevator.exe

Filesize
97KB

MD5
59803a5bb88b88a6d83342eeb3816ad9

SHA1
cafa43cacd584deb0d54ac31ae9030f90455c6b7

SHA256
a8e9655510906994fdef3993bebabf0a5e0b6604f02c0ccc28fd31be3aa684bf

SHA512
85038570bb2fb39e7ee8994ccb3f8f9203c0d8360fea889d238c13b3b49a7ab85488edd01d3ec7e37288ffbd0db7e84cfe0353e199289a854311d27990cb9eea

Download Submit
\Program Files (x86)\Winamp\Plugins\gen_crasher.dll

Filesize
57KB

MD5
e52a7ef27aa85d2d763a47a0e3d0ec49

SHA1
918c0487e0798e9f16a2c8cab659b113eca57f65

SHA256
7c2d2c9db724b7ac4fa17b871c741182be0dab51f89b75a8d114d9d6d95b09fc

SHA512
7fd1bb7e2edb029b2853d64e5443213d0d8abb1aa97bf5c92ebde1ee3a42248867b998a89da657cd140fa68e98a1b961647362b049bac494f0a4032fe9024cc8

Download Submit
\Program Files (x86)\Winamp\Shared\ElevatorPS.dll

Filesize
23KB

MD5
7606a37c850c2ce121e74f09a131b9dc

SHA1
0c30b33ec6af5f9a0c32bb09d21d9739614ca863

SHA256
f3726029b19b5eb9e4a6ff2128bcdb945bfcc81c783cbfb6a087a973d9e002bb

SHA512
ed984e39cffac82d9f919ebd5d0dc05fcd3c487244d6a54964892d1be9670e5d5531ab6c0cab74ccf8bb0a9b59e8775f0aaedacc877d24cb70e51e33def30ae7

Download Submit
\Program Files (x86)\Winamp\Shared\jnetlib.dll

Filesize
2.4MB

MD5
0e1d9c1b1d067ca068a120258d56f10b

SHA1
3f2f1354261a9de037bd83021a6fe2be024f371c

SHA256
df0e962303ee3a276e342d2a8c022fa756db6b6c93f680171b165c22feb70521

SHA512
66be377de7eeeb09dd4197882aced2486d411082b428f91a074322bcaff61d10223e4d842367f9c42679c74e3601657e3d95b73d610d868c22b9272067e66c2b

Download Submit
\Program Files (x86)\Winamp\Shared\libmp4v2.dll

Filesize
196KB

MD5
94ac898b7a10067e78d714849b5742a5

SHA1
9f6a171c27f1bf34f6d005879891ebf67e6cb283

SHA256
0dd4c133afdfe6f2e6d5e00ef7fd5494da1eb7cf7e2c5d9832803e90af9d75e8

SHA512
87cc90a0144e534a601467c02865573fd537ecc05c9154a38eaf00d2b2e5ae605a420c08b41df8c8638041e2c364aeb7d566f3074717388d51d361e95911fb77

Download Submit
\Program Files (x86)\Winamp\Shared\nde.dll

Filesize
85KB

MD5
7ef49a648488189e84785031e5233980

SHA1
fcdb8d02a04a664afbc901aef516d4bde9cc48f3

SHA256
1f856e87de95f73f6e7848473c62cb9868ec70a0d01686f56a9bbedceb89170f

SHA512
98c379ec0e538e7d92c93d374b4b3f7da8c282a4b4865c82b1626abccadfb5d13b458d15af6260ec8d644e9d2a8ab596f270f274bfe61e289bd5a9e37e424b02

Download Submit
\Program Files (x86)\Winamp\Shared\nsutil.dll

Filesize
420KB

MD5
0e87445c382776b590b6898ec3e4e0f4

SHA1
5770be505b48c73bd5fabd108c21c6728efb570e

SHA256
cd614597bd78bcfdb3d9d5dd1f7462a85d5a1f4b01ac479666d9b1516bccf137

SHA512
c9da42f43c922406f06b90763ad6302053e9a4d8eb00fb1c74f652aacc5a43eb9b1c713c8130b6c009222db4fce3ba662408749928316f1fe65dea847cff092f

Download Submit
\Program Files (x86)\Winamp\Shared\nxlite.dll

Filesize
78KB

MD5
0eb8f691e53a5ecf93b14d8d6c72e6ce

SHA1
2b40b27c1668791a146978e861005bc9095a66a1

SHA256
7cd7679b154f7d40f22d37b02e8aed2a694a2c23c997ba1cd1e4ead21164939e

SHA512
9efc89c2512e4bac51142ad3e34e10755ded7b055d93eb44a44abb7f4ef0822e4eab039237d7238cce007f56a447e1986de13febb0623839b7c065a4b1377367

Download Submit
\Program Files (x86)\Winamp\System\aacdec.w5s

Filesize
37KB

MD5
3f22364b04bdd95b5bb6193c993049ca

SHA1
fdf195aeb9c9b624f766cb9a11bc0d8e1f20d5d9

SHA256
772373cbb9e6da051368248bb8a73e11ae7aa232860861933b92e97d15c305ec

SHA512
04aceef8ad8fc0823183e9e187ab65f69c7a435bb6d69542cbb7e1208ec11ff8f1fff09ddd6e3f0d0a9246c8b42faba4b2f009bc4368742ef0b8b042bd6c1382

Download Submit
\Program Files (x86)\Winamp\System\adpcm.w5s

Filesize
30KB

MD5
63fbcc000aa4d0d75c569e4279eb29bf

SHA1
4e5909b204e7b383981104bd2b2b4a68f392374c

SHA256
d454db3897b4b7e85110875999a6c4594e875b3b86644e71661884296cdc5217

SHA512
286a6c2a1566734ac9438656053b85bbfd1c4a842ff3fc70e58e2fe2a661de96c3ecdfc09908756125a24016c255ec97e821cfb77c029bb9379fc217d21c02c7

Download Submit
\Program Files (x86)\Winamp\System\alac.w5s

Filesize
36KB

MD5
9cd27176dfd77f682b074bf9dac1736a

SHA1
e82e2910c2b3451637a03d21ecb61f6f1de49559

SHA256
8df472ca07447a30326107dc21f5fd5448a62a71d5c53a6fc87cecf77fcc4e44

SHA512
c142e23739cc8797634072cd0912080a22c83ca0feddf7514ab2e031008c411de118ca8e1127601031b5ab8c5eb215f5a8fb5523a92498c727ed122601519372

Download Submit
\Program Files (x86)\Winamp\System\albumart.w5s

Filesize
38KB

MD5
d7af4c04092842e5b4994ebed8bd05ca

SHA1
391add7a9bb2fe52da52e436b8f9c3c4546ab9d3

SHA256
c68698231754f25e069ca761d497b3c683f8166a81da076d33fc6d7489ac3769

SHA512
d02ca853abf9006c5760fc9e447633201c1d3e00b997aa75eaece259b42ff2dfa3cd4e63a87e4ecce97ccf45e2d2c0dff90d3f310d4e53de9d4d1cf32fa8b4ff

Download Submit
\Program Files (x86)\Winamp\System\bmp.w5s

Filesize
56KB

MD5
076b8084cb144b8e395dea3d3191a414

SHA1
72015b308c80a5955e68d256748af263c5edeecd

SHA256
91a1c75cd2a4cdc4a19f15e8061084ddbd9cf0fb2b03cad6d85b568254f58585

SHA512
7b960d176780e558e152c33a0897dd4f3aa5e3fe8fbfcc64eaf73785f53edcb96ff2143b2ca58499c98ac20f6c4484e6110b1880f2cf84cc5902a4607d505eea

Download Submit
\Program Files (x86)\Winamp\System\devices.w5s

Filesize
51KB

MD5
86f1ec62db6e736f27d9a2732115f81e

SHA1
79a3e2f46db95b55e2c7afa5411dbdb9ba92285a

SHA256
a3df6c40e8cf6f2765cd1bc446bb16aae858407656c7239b920d0dedd135d049

SHA512
5f00a464e77da7dc731e41ab29215251355a71552de99c88e8e4b294890f2837f9008ee14be3fb1c2eade3ff3917172a8ced997852813c4c834ffb8fa758daf1

Download Submit
\Program Files (x86)\Winamp\System\f263.w5s

Filesize
45KB

MD5
56f562aa73a4c3bfc542c43f27e62275

SHA1
d5f4f448d58789b7140e06d7d401073931db9612

SHA256
1b18b6a3c03eb26eb89a2c5f0e552090a7073fe6db553622005081cc12b20bdc

SHA512
13da391b91d52197fd68c8a9f86db4a0ba0a60d3da7a95f7de0366d7e9309492c0a676482075aa561cde1baebfba1d8e32f390cfdbc9a456d55983207f10739d

Download Submit
\Program Files (x86)\Winamp\System\filereader.w5s

Filesize
30KB

MD5
05fe16de167a516089ef3e96ad03f77d

SHA1
c64357d9bfc7398110024cb13860d23d136b3a03

SHA256
47ae2faa3fd9a92df816e43fe36dee412a1a95adc9c547f2bf4b54a3d1fb024c

SHA512
ad038ec5006bd3b8abf6a81ec851096fcc6a480fdbbff6c1f5271b8dc734c047b746521ee2ddf66ae4f914c943ab1db225b05b84481917f5f5b5f8808614f491

Download Submit
\Program Files (x86)\Winamp\System\gif.w5s

Filesize
35KB

MD5
7f85166b45e3835e9fe933408795b1dd

SHA1
65c400fb3528c64f2e85d651f7dcad3acda0e95a

SHA256
43f9cb8257a7f482f9039e8c4b86b15b5d5d03061e647ce75e2a95cd7386aede

SHA512
d5009021d2a208eb51754a1ca77cb591b9618a7cd577bde5551d2a3133ad3a4271cf46cb8362109652c9ae10d3f2abcbc2029d9e9c35c0caff151095778dbcd3

Download Submit
\Program Files (x86)\Winamp\System\h264.w5s

Filesize
45KB

MD5
66f906268252787285b860f8dc0cd68b

SHA1
adbb65e3e28438896cb97fa1aa7a48e41eba44b4

SHA256
2141213600d7d2c9a12d98a324c8381ab7be8792ba57b7b6e68770adb1f40813

SHA512
0be66230cdb767d9c0b2e91503160a3be43b036e653da68ca748d103346cd121ca29890dd9fa986cdb61ffd7815633ec85a6dd4a322c31f9783ef0ab34f64f0f

Download Submit
\Program Files (x86)\Winamp\System\jpeg.w5s

Filesize
251KB

MD5
27b80a94170e65b0c9dcfb197c17476e

SHA1
15c01f7833bd5383e6ef7bb2a5d46df67c338593

SHA256
df87f5df936c9da4ad87a50754bf42dd63dd58ebaf7cfa230ec3b6f5e111e0b7

SHA512
0ca7080b4f23ba1e120e9eb641931f50c71528e3a083f67f0252a6fb2ccc4a660dfbe8db99125fc271a81fd449d526d5e0c015b91d304f92049e714c3bbffe54

Download Submit
\Program Files (x86)\Winamp\System\mp3.w5s

Filesize
254KB

MD5
dc512563b8bb0545b7420500d4d11af3

SHA1
74f4eae887e33590cf24760e16e05a1ff4b73562

SHA256
59f8c48f9130bd4fc475d2f3cac9700a550fbcb1cf346955777535e9ee61a9be

SHA512
5940b675685103bec5eb7d752da6a6c65f52ed50b4c93f69e4a58a33d33736cbf40e3fac7aef443797143439165463d5a0c26c944bf278381616f73cdba28d4b

Download Submit
\Program Files (x86)\Winamp\System\wasabi2.w5s

Filesize
51KB

MD5
e64e27195d6c298276d518c3bdbfdc9e

SHA1
ecb372039808d0d4aad7a5594e71ccc36291f124

SHA256
2fcefbca651857ec1eddbc3e582bc5aec40277dd4c00118290ac934a4a6eb09c

SHA512
9139052d756c1553196c3d00fb534fd33fcdddde3e4e6292af9a6acc9eb2dc6fb48b47db2e3f25a59852ce68d1dbda05ffcabed777471ba9c2de8964156e8346

Download Submit
\Program Files (x86)\Winamp\winamp.exe

Filesize
2.3MB

MD5
ebebc6e8f41e6c04dd661a14761d75d9

SHA1
9762e726a682f54bd9606bf08867a6206a1a39f7

SHA256
addf561fcdc496c1318ddc3586352aa7f6c1feb684a9e8ffa285409beac5b446

SHA512
9493e6576fe94e4ee8aacbf10389acc21a0298eea07217c53fbfe6b87ba2dd010c9f0081c5574ac3e896720e7e9b4683adb2dcaba4231c6a9fbb738181081c3e

Download Submit
\Program Files (x86)\Winamp\winamp.exe

Filesize
2.3MB

MD5
ebebc6e8f41e6c04dd661a14761d75d9

SHA1
9762e726a682f54bd9606bf08867a6206a1a39f7

SHA256
addf561fcdc496c1318ddc3586352aa7f6c1feb684a9e8ffa285409beac5b446

SHA512
9493e6576fe94e4ee8aacbf10389acc21a0298eea07217c53fbfe6b87ba2dd010c9f0081c5574ac3e896720e7e9b4683adb2dcaba4231c6a9fbb738181081c3e

Download Submit
\Program Files (x86)\Winamp\winamp.exe

Filesize
2.3MB

MD5
ebebc6e8f41e6c04dd661a14761d75d9

SHA1
9762e726a682f54bd9606bf08867a6206a1a39f7

SHA256
addf561fcdc496c1318ddc3586352aa7f6c1feb684a9e8ffa285409beac5b446

SHA512
9493e6576fe94e4ee8aacbf10389acc21a0298eea07217c53fbfe6b87ba2dd010c9f0081c5574ac3e896720e7e9b4683adb2dcaba4231c6a9fbb738181081c3e

Download Submit
\Program Files (x86)\Winamp\winamp.exe

Filesize
2.3MB

MD5
ebebc6e8f41e6c04dd661a14761d75d9

SHA1
9762e726a682f54bd9606bf08867a6206a1a39f7

SHA256
addf561fcdc496c1318ddc3586352aa7f6c1feb684a9e8ffa285409beac5b446

SHA512
9493e6576fe94e4ee8aacbf10389acc21a0298eea07217c53fbfe6b87ba2dd010c9f0081c5574ac3e896720e7e9b4683adb2dcaba4231c6a9fbb738181081c3e

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\Dialer.dll

Filesize
3KB

MD5
adea8024c99d7802fa3c9e5d34877aad

SHA1
4e015a5be3e668aa3e9758370413f2bb8ec5ad1a

SHA256
242b6aeb759e31b64e014e3df6b5c478fb309d56b4df8cdb59b2cd03bfa77db2

SHA512
717a9f08842e96e9395fe8fff19138d7e599e3dd4f44b7b55d9be86211f20cd89a1d315df1f241afc52456da738623401ee721b17e9fd5949fe1decfc1b2819d

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\LangDLL.dll

Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\SHELLD~1.DLL

Filesize
4KB

MD5
9c266c2dc7eca5bcab2d8df4990e0c1f

SHA1
662da3d9ca18aacdbaef884065fbfffdfacfabfa

SHA256
ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd

SHA512
e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\SHELLD~1.DLL

Filesize
4KB

MD5
9c266c2dc7eca5bcab2d8df4990e0c1f

SHA1
662da3d9ca18aacdbaef884065fbfffdfacfabfa

SHA256
ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd

SHA512
e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\SHELLD~1.DLL

Filesize
4KB

MD5
9c266c2dc7eca5bcab2d8df4990e0c1f

SHA1
662da3d9ca18aacdbaef884065fbfffdfacfabfa

SHA256
ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd

SHA512
e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\SHELLD~1.DLL

Filesize
4KB

MD5
9c266c2dc7eca5bcab2d8df4990e0c1f

SHA1
662da3d9ca18aacdbaef884065fbfffdfacfabfa

SHA256
ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd

SHA512
e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\execDos.dll

Filesize
5KB

MD5
0deb397ca1e716bb7b15e1754e52b2ac

SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\nsis_winamp.dll

Filesize
4KB

MD5
1e1ded1cf1c69852f2074693459fb3b5

SHA1
81b165cae4d38a98760131989fdd8aed2c918679

SHA256
5946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec

SHA512
a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82F7.tmp\nsisdl.dll

Filesize
15KB

MD5
ee68463fed225c5c98d800bdbd205598

SHA1
306364af624de3028e2078c4d8c234fa497bd723

SHA256
419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04

SHA512
b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107

Download Submit
memory/1088-2532-0x0000000004E40000-0x0000000004E55000-memory.dmp

Filesize
84KB

Download
memory/1088-2797-0x0000000004FD0000-0x0000000005022000-memory.dmp

Filesize
328KB

Download
memory/1088-2430-0x0000000004AC0000-0x0000000004AD2000-memory.dmp

Filesize
72KB

Download
memory/1088-2432-0x0000000004AF0000-0x0000000004B0F000-memory.dmp

Filesize
124KB

Download
memory/1088-2436-0x0000000004B20000-0x0000000004B44000-memory.dmp

Filesize
144KB

Download
memory/1088-2441-0x0000000004B60000-0x0000000004B80000-memory.dmp

Filesize
128KB

Download
memory/1088-2443-0x0000000004B90000-0x0000000004BB0000-memory.dmp

Filesize
128KB

Download
memory/1088-2474-0x0000000004DF0000-0x0000000004E1F000-memory.dmp

Filesize
188KB

Download
memory/1088-2470-0x0000000004BB0000-0x0000000004DD1000-memory.dmp

Filesize
2.1MB

Download
memory/1088-2413-0x0000000004A10000-0x0000000004A2A000-memory.dmp

Filesize
104KB

Download
memory/1088-2411-0x00000000049F0000-0x00000000049FF000-memory.dmp

Filesize
60KB

Download
memory/1088-2230-0x0000000003A10000-0x0000000003A7A000-memory.dmp

Filesize
424KB

Download
memory/1088-2781-0x0000000004ED0000-0x0000000004EFB000-memory.dmp

Filesize
172KB

Download
memory/1088-2783-0x0000000004EC0000-0x0000000004ECD000-memory.dmp

Filesize
52KB

Download
memory/1088-2784-0x0000000004F10000-0x0000000004F8F000-memory.dmp

Filesize
508KB

Download
memory/1088-2786-0x0000000004FD0000-0x0000000004FDD000-memory.dmp

Filesize
52KB

Download
memory/1088-2787-0x0000000004FD0000-0x0000000005011000-memory.dmp

Filesize
260KB

Download
memory/1088-2788-0x0000000004FD0000-0x0000000004FFF000-memory.dmp

Filesize
188KB

Download
memory/1088-2789-0x0000000004FD0000-0x0000000004FE3000-memory.dmp

Filesize
76KB

Download
memory/1088-2790-0x0000000004FD0000-0x0000000004FE4000-memory.dmp

Filesize
80KB

Download
memory/1088-2791-0x0000000004FD0000-0x000000000505A000-memory.dmp

Filesize
552KB

Download
memory/1088-2793-0x0000000004FD0000-0x0000000004FFA000-memory.dmp

Filesize
168KB

Download
memory/1088-2795-0x0000000004FD0000-0x000000000501E000-memory.dmp

Filesize
312KB

Download
memory/1088-2426-0x0000000004A60000-0x0000000004AA8000-memory.dmp

Filesize
288KB

Download
memory/1088-2799-0x0000000004FD0000-0x0000000004FDC000-memory.dmp

Filesize
48KB

Download
memory/1088-2800-0x0000000004FD0000-0x0000000004FDD000-memory.dmp

Filesize
52KB

Download
memory/1088-2801-0x0000000004FD0000-0x0000000004FF8000-memory.dmp

Filesize
160KB

Download
memory/1088-2202-0x0000000002D60000-0x0000000002D77000-memory.dmp

Filesize
92KB

Download
memory/1088-2346-0x0000000004560000-0x000000000456E000-memory.dmp

Filesize
56KB

Download
memory/1088-2407-0x00000000049A0000-0x00000000049C2000-memory.dmp

Filesize
136KB

Download
memory/1088-2405-0x0000000004960000-0x0000000004986000-memory.dmp

Filesize
152KB

Download
memory/1088-2328-0x0000000003F40000-0x0000000003F72000-memory.dmp

Filesize
200KB

Download
memory/1088-2371-0x00000000048F0000-0x0000000004915000-memory.dmp

Filesize
148KB

Download
memory/1088-2370-0x0000000004830000-0x000000000485C000-memory.dmp

Filesize
176KB

Download
memory/1088-2368-0x00000000047F0000-0x000000000481F000-memory.dmp

Filesize
188KB

Download
memory/1088-2367-0x00000000047D0000-0x00000000047DF000-memory.dmp

Filesize
60KB

Download
memory/1088-2366-0x00000000047A0000-0x00000000047B2000-memory.dmp

Filesize
72KB

Download
memory/1088-2363-0x0000000004740000-0x000000000476A000-memory.dmp

Filesize
168KB

Download
memory/1088-2360-0x0000000004700000-0x0000000004721000-memory.dmp

Filesize
132KB

Download
memory/1088-2358-0x0000000004670000-0x00000000046C6000-memory.dmp

Filesize
344KB

Download
memory/1088-2336-0x0000000004500000-0x000000000450B000-memory.dmp

Filesize
44KB

Download
memory/1088-2355-0x0000000004630000-0x000000000466F000-memory.dmp

Filesize
252KB

Download
memory/1088-2339-0x0000000004520000-0x000000000452F000-memory.dmp

Filesize
60KB

Download
memory/1088-2343-0x0000000004540000-0x000000000454D000-memory.dmp

Filesize
52KB

Download
memory/1720-2191-0x00000000001A0000-0x00000000001A2000-memory.dmp

Filesize
8KB

Download