fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e

Analysis

max time kernel
2628s
max time network
2665s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-03-2024 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winamp_latest_full.exe
Size

12.4MB
MD5

39b72e2cbf2fb8da961538de3e892eba
SHA1

237ce8611cb8e2ede8a5d6b982597f7e93b2cd81
SHA256

fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e
SHA512

36e8b9d759d960390e8f1b4ac420d591204cb95a776be668db365c453cb702cadee9b34c03779044fdc04c2d2929ac542e01bba50094f8352e2724a082611b59
SSDEEP

393216:udNH1gz1+ZUUG9NWpHYV6ohIBfqHts7UU2wP3:udZk1vUG964V6ysUs7U/u3

Score

8^/10

discovery evasion

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 5 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exenetsh.exenetsh.exenetsh.exe

pid process

1844 netsh.exe
2672 netsh.exe
2452 netsh.exe
2832 netsh.exe
2544 netsh.exe
Executes dropped EXE 3 IoCs

Processes:

elevator.exewinamp.exewinamp.exe

pid process

704 elevator.exe
2544 winamp.exe
1988 winamp.exe

pid	process
1844	netsh.exe
2672	netsh.exe
2452	netsh.exe
2832	netsh.exe
2544	netsh.exe

pid	process
704	elevator.exe
2544	winamp.exe
1988	winamp.exe

Loads dropped DLL 64 IoCs

Processes:

winamp_latest_full.exerundll32.exewinamp.exe

pid	process
2236	winamp_latest_full.exe
2236	winamp_latest_full.exe
2236	winamp_latest_full.exe
2236	winamp_latest_full.exe
2236	winamp_latest_full.exe
2236	winamp_latest_full.exe
2236	winamp_latest_full.exe
2236	winamp_latest_full.exe
2236	winamp_latest_full.exe
2236	winamp_latest_full.exe
2236	winamp_latest_full.exe
2652	rundll32.exe
2652	rundll32.exe
2652	rundll32.exe
2652	rundll32.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe
2544	winamp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

winamp.exe

description ioc process

File opened (read-only) \??\D: winamp.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened (read-only)	\??\D:	winamp.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{428F8681-EAC4-11EE-8D50-4A4F109F65B0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{428F8683-EAC4-11EE-8D50-4A4F109F65B0}.dat = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe

Modifies registry class 64 IoCs

Processes:

winamp.exewinamp_latest_full.exechrome.exeelevator.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MPEG\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe,1"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MAT\ = "Matlab Audio Format"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MDL\shell\open	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\Winamp.Play\ = "&Play in Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UVOX\shell\open\command\ = "C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe %1"	winamp_latest_full.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cda\ = "Winamp.File.CDA"	winamp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NSV\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MAT\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.669	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.ITZ\shell\Play	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mkv	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.STX	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.IMF\shell\Enqueue\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MKV\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.IFF\shell\Enqueue\command	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MTM\shell\Enqueue\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WEBM\shell\ListBookmark\ = "Add to Winamp's &Bookmark list"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M15\shell\ListBookmark\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.VOC\shell\Play\ = "&Play in Winamp"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.KAR\shell\open\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DSM\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe,1"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.XPK\shell\Enqueue\ = "&Enqueue in Winamp"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP4\shell\open\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.CAF\shell\Enqueue\DropTarget\Clsid = "{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SDS\shell\open\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SF\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ams	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3B29AB5C-52CB-4a36-9314-E3FEE0BA7468}\ = "C:\\Users\\Admin\\Desktop\\Winamp\\elevator.exe"	elevator.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OGG\DefaultIcon	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.IMF\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MTM\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe,1"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NST\shell\Play\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.asx\ = "Winamp.PlayList"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M4A\shell\Play\command\ = "\"C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AMS\shell\Play\command\ = "\"C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DMF\shell\Enqueue\ = "&Enqueue in Winamp"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DSM	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M4A\shell\open	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.au	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PSM\shell\open\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.VLB\ = "Dolby Very Low Bitrate AAC File"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DSM\shell\Play\ = "&Play in Winamp"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.CDA	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NSA\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.J2B\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PAF\shell\Play\DropTarget	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MID\shell\open\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DBM\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.FAR\shell\Enqueue\command\ = "\"C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MO3\shell\Play\command\ = "\"C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MKV\shell\open	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DBM\shell\ListBookmark	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NST\shell\open\command	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PLM\shell\Play\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M4A\shell\Enqueue\command\ = "\"C:\\Users\\Admin\\Desktop\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.FLAC\shell\open\	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.STM\shell\ListBookmark	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pcast\shell\open	winamp_latest_full.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AVI\shell\Enqueue\ = "&Enqueue in Winamp"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MKV\shell\Play\DropTarget	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MO3\shell\open\DropTarget	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP3\shell\Play\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MOD\shell\Enqueue\ = "&Enqueue in Winamp"	winamp.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

ping.exe

pid process

928 ping.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

1804 chrome.exe
1804 chrome.exe
1804 chrome.exe
1804 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

winamp_latest_full.exechrome.exe

pid process

2236 winamp_latest_full.exe
2532 chrome.exe

pid	process
928	ping.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe

Suspicious use of FindShellTrayWindow 57 IoCs

Processes:

chrome.exewinamp.exeiexplore.exe7zG.exe

pid	process
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1988	winamp.exe
1988	winamp.exe
1988	winamp.exe
2596	iexplore.exe
1988	winamp.exe
1988	winamp.exe
2176	7zG.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious use of SendNotifyMessage 52 IoCs

Processes:

chrome.exewinamp.exe

pid	process
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1988	winamp.exe
1988	winamp.exe
1988	winamp.exe
1988	winamp.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

winamp.exeiexplore.exeIEXPLORE.EXEchrome.exe

pid	process
1988	winamp.exe
2596	iexplore.exe
2596	iexplore.exe
1540	IEXPLORE.EXE
1540	IEXPLORE.EXE
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

winamp_latest_full.exechrome.exe

description	pid	process	target process
PID 2236 wrote to memory of 704	2236	winamp_latest_full.exe	elevator.exe
PID 2236 wrote to memory of 704	2236	winamp_latest_full.exe	elevator.exe
PID 2236 wrote to memory of 704	2236	winamp_latest_full.exe	elevator.exe
PID 2236 wrote to memory of 704	2236	winamp_latest_full.exe	elevator.exe
PID 2236 wrote to memory of 1844	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 1844	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 1844	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 1844	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2672	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2672	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2672	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2672	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2452	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2452	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2452	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2452	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2832	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2832	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2832	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2832	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2544	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2544	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2544	2236	winamp_latest_full.exe	netsh.exe
PID 2236 wrote to memory of 2544	2236	winamp_latest_full.exe	netsh.exe
PID 1804 wrote to memory of 1872	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 1872	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 1872	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe
PID 1804 wrote to memory of 2080	1804	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\winamp_latest_full.exe
"C:\Users\Admin\AppData\Local\Temp\winamp_latest_full.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2236

C:\Users\Admin\Desktop\Winamp\elevator.exe
"C:\Users\Admin\Desktop\Winamp\elevator.exe" /RegServer
2⤵
- Executes dropped EXE
- Modifies registry class
PID:704

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Users\Admin\Desktop\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes
2⤵
- Modifies Windows Firewall
PID:1844

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Users\Admin\Desktop\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCP
2⤵
- Modifies Windows Firewall
PID:2672

C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram program="C:\Users\Admin\Desktop\Winamp\winamp.exe" name="Winamp" mode=ENABLE scope=ALL profile=ALL
2⤵
- Modifies Windows Firewall
PID:2452

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Users\Admin\Desktop\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yes
2⤵
- Modifies Windows Firewall
PID:2832

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Users\Admin\Desktop\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDP
2⤵
- Modifies Windows Firewall
PID:2544

C:\Windows\SysWOW64\ping.exe
ping -n 1 -w 400 www.google.com
2⤵
- Runs ping.exe
PID:928

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\nsy511E.tmp\SHELLD~1.DLL,RunDll_ShellExecute "open" "C:\Users\Admin\Desktop\Winamp\winamp.exe" "/NEW /REG=S" "C:\Users\Admin\Desktop\Winamp" 1
2⤵
- Loads dropped DLL
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7519758,0x7fef7519768,0x7fef7519778
2⤵
PID:1872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:2
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:8
2⤵
PID:988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:8
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:1
2⤵
PID:276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:1
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:2
2⤵
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1376 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:1
2⤵
PID:948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:8
2⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1112 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:1
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2328 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:1
2⤵
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2332 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:1
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2432 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:1
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2444 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:1
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:8
2⤵
PID:2640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 --field-trial-handle=1364,i,1374028960464111315,9745467406781945792,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1656

C:\Users\Admin\Desktop\Winamp\winamp.exe
"C:\Users\Admin\Desktop\Winamp\winamp.exe" /NEW /REG=S
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2544

C:\Users\Admin\Desktop\Winamp\winamp.exe
"C:\Users\Admin\Desktop\Winamp\winamp.exe" /NEW C:\Users\Admin\AppData\Roaming\Winamp\winamp.m3u8
2⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://player.winamp.com/fanzone/music?mtm_campaign=legendary_player
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1b0
1⤵
PID:1648

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap29331:62:7zEvent5491 -tzip -sae -- "C:\Users\Admin\Desktop\Winamp.zip"
1⤵
- Suspicious use of FindShellTrayWindow
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\689ffa6e-9f85-444b-8acc-00cc1c2e672f.tmp

Filesize
4KB

MD5
f30e8cc5fc0f6728b84fe175d33ad8f0

SHA1
00c4f7e32fcbf8557474cc120f721f3d7c1db4a0

SHA256
02bb08fc8344ec8efbd7e78f746e3d9399a9fe2a465454861de1d771392950b2

SHA512
ad9b5681e2e35a173f91ba3c97ef6fa323750cab3eac1adce6d4eb30ff86fa31209225d3f3c0b22e6f97629803625a73d91695cda24c166cf052d6b5db769b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\90d98aeb-34a6-4f97-9ae1-1f0e3572469b.tmp

Filesize
5KB

MD5
9b1e7122e3dad6a1f6b377dccaaefe36

SHA1
03d2deb350cdd7ee1a90e74404ad818a72a90f11

SHA256
20cc5bc4caa07fb92fd2d4087fd61bd6fcffb3798c418d6425af7adf978bf8ed

SHA512
c2d5ce6fc05692c270f47b3854006d18c54c6ec06ef5d2b0550c2b6b768ca7db6f9a34f8871d3f58176aabb4ccebaa00c7fd6be4159b7da02755212120cb8988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
a24386b7d8cccc1a26165cfa31daa9b3

SHA1
6c8ed71a896ad1666f68cc0689e95275ccb92bef

SHA256
0bbedf6a9f1bd041136de337c673af24a6d9720ade9ec06c142211949ee8a53d

SHA512
9e1c3c589f31dac779a839041e0a7b028e95e3240a438149e1db8869701160c13e661995f4e1273623a7bf334916027250515342afd7e036f6eedea43afe3092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f03a31fb413d5727a8f7d49a14a3a11d

SHA1
9eaf53e85dfb1f9c34175f5f032b5d6de87f9665

SHA256
a6b52d10eed38a4b21343b1960f6bbf6e983c84138e91a7a5fb109c21358b0b7

SHA512
bf017eb53c83e07adb1d543aa4f61bdcb3b8ebb9fd0f418d28e96a0c83942ae49b8692feaf93b129f561c3e0498fba079ac1c1ab3d492a5b0d86feeac4e2823a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4e53062b78c72e4bccb5f46f1eb1012c

SHA1
60a01d10acaf9833d319015145004eb0e38b097b

SHA256
63b726f333f0bee2fe2d885c409ebf66f845ddcc30db0986e01d460ff7a18c75

SHA512
a3ffa1cfd857d2482b6f81c15f775c9fa4be4fb68e6dbe65e091176a496d91fc9b011b5bdfb41b330b53ff3674b0791fa059b81188f1494d162f9f5926a3a2b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e0b9125f-8c7c-41d0-aeef-f9211fe57ff6.tmp

Filesize
5KB

MD5
c337c2cf0c5c1c14e989f2ddda161a50

SHA1
7c8de8c8e99e036f26e09d709e3f3c225330c16a

SHA256
93736bac5095a973b2f027e8f462259e8bc9ce732625312290839ade14ad4f35

SHA512
f26065062ad699eb29a019523d17d3f4b003d807763a6f42577d29ad64194442920b82cc3acb198929b5beab3649d1a8d0ca713e5baa2491dad60c3ec7d17d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
6a0f1e52050cb247333df022cbe712a9

SHA1
90f8bf8b70691bfc60b2a0e84410da95916a87c3

SHA256
33b045ad34ccbfa85a01786d9cd5f711034dc3eeb2c2758b95b639647c2f5477

SHA512
f8ee207e52067f7520a142f7ec685f7b4604e85b9b96c93ceb23463a7c8e76ef62835259ede108f989996d4be0c5309124ada1c5301dc90a24ec2d3655ccbd25

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy511E.tmp\SHELLD~1.DLL

Filesize
4KB

MD5
9c266c2dc7eca5bcab2d8df4990e0c1f

SHA1
662da3d9ca18aacdbaef884065fbfffdfacfabfa

SHA256
ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd

SHA512
e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy511E.tmp\install.ini

Filesize
53B

MD5
d10b62b8495caa121fecd5dc8cf4ed44

SHA1
774f5ca46f9adf1180f44c5e566ccc3add223588

SHA256
d574783c8be1fef7c86650f90d91fb0ebf68e34c4925aad29c9a355009f0a60c

SHA512
ae3ec74a08ad891fd7536befd124ef0c25970ef6d0acfc4621ed126bf14aa96e8220c7d84c74055176d48533595570aea4e3127fbd6e8c0e7b31e3c16f778b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy511E.tmp\install.ini

Filesize
1KB

MD5
e0e14ba7ab242590e3fd2d63c941ee7e

SHA1
4c65c38a2ff44af7a782073f9670b8e8b01093dc

SHA256
dbd0caee28c65c39e9605f48c9557ecd068902df7cd31d72fc049c7c20e66ea0

SHA512
40b0d116de03e7404c9f0bbb6bdb819acbd6a74b51a1b97415739fecb6a2144dcd52dd362bf3dc4bcb5699800bea96f8bbd8d7af6355e77838ef7a3058c39608

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy511E.tmp\install.ini

Filesize
26B

MD5
385081d5feee87a4ed1a6e5dcee85f36

SHA1
8517162855b477e5498e95ff2e82584ef06d5c6d

SHA256
bdc6fb93206c1e7a590f2d4e97d0dab7d3badaf8b4e1a7b8487e9cf59f05eddc

SHA512
52bcb1cdae8abbe4b14ff85b57e03426d61e5cb25b1535a827af526ec66c00ae0a327b187cd10279cf18c379c912d3e478ef9966bb497a8b626824fe32d1093f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy511E.tmp\modern-wizard.bmp

Filesize
150KB

MD5
2d63e33fa1cf672338a22c88fa45e6a0

SHA1
86c510009d6c71d05eb2707fe6a10039df525192

SHA256
7ae875cfcb6e3b1f4a06460fbda99d8014dc4674ee256b0b79ec656777c7e292

SHA512
d42a7401c1d0d77d517d2f8086286bd6cf487cf5400cd8b8d720bcaf15149727751677f444fd9a8e340072deabad51347956894c1c034dd81df793b3b8087252

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\feedback.ini

Filesize
884B

MD5
34596887db65b4d559bd92adbbd58eb3

SHA1
a610a496b41bc38bdb43e04b64c1e8ee2703fb8d

SHA256
b481b979a63b97651e2231b684e8d98f7c8a8e77163beeea49710a90da03c566

SHA512
115cee2deece2c0a5e83a68e14252272c9bdc2b8102fa33d21d56dd3db0bdf764b093fd4faca1afafcc3c92f8df065bd782c4d7b97c43a92b43b3761be3aa6dd

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
39ed565873fea970575092c050d67341

SHA1
08ca22b202d268ebfbb23e13c95c1339605c6cba

SHA256
149811902b0844333d20dcaff1928cb1754c4f9fcc515326b2d94aeba7eecdd2

SHA512
6061164d5d5c363366213ee2e954d742a8569b09bb6fd51046c463f658f45b3088b7177f46cb001e38b745cd0f8865028f59720a5d54063eb28e9ca6d76be333

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
0976860229db627d846d8e0d8f5e3f9e

SHA1
5ca23708df31957a34a4ae74c684c762ee71f6e0

SHA256
dbd09440028a426b6674948071d09fc13d17c41d4ec7c432fb9c5b4b10cb3ceb

SHA512
71539a90478aa77411fb4a93a905784ae6f65a5ccda6304503c96f6795bdd6c649b117842e384eaaf616ba29eeb5e0097f1062f39eaee0ff0132323152ce878c

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
093bd723a495a033d4fa7af5bafee1ed

SHA1
e873ae6486b9d94d3fddb474ddf0409241defe4f

SHA256
6e3010baf4477e135f8ee2f5435ee381ca5fcafc384ba40e2ddceb2e8381af64

SHA512
ba5e649842eec0ddf0486db99f478adaa1d8ef76b2ca1596388dd58d25785c514cf69026b7f7cd794ff2ef3b067f1d50fb7af63701296186d0b838d60d5fdc77

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\ml_online.ini

Filesize
55B

MD5
bbcf35393be345b9cdeab142e9060a71

SHA1
05daaa9680f1d988ca2d51ce5f0cb02919eb8306

SHA256
c20012fd3f83b08f5bcedf2530e803edf15fbdc1e3ec2d3c537fb4774ef21e8c

SHA512
e97b20dee3a0b2ade77c2205fc6199ece2ccf9bd754352a7d3fb11e9a585fb98e6e5c98a78ec158a3fdd7edc49696bab185523d3a3e9f9665394cb6051e80259

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat.o1d000007C4

Filesize
8B

MD5
76a66845f666c52790c3442f7e1a491a

SHA1
e392a609d9dc81fab060d8aece449fe616a40053

SHA256
101f682d9c519400a4d36b6a09cf0dd39a9faab6353b3ce0eb2f071860b6d05a

SHA512
71a6ab36ebfb6ff89ec6fbedfd1982fe0fb7e8c76981d24467eb73a924dc96cc4a0483381beead6517f829fa8babead0176a8df229072040564e708d99b4c783

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx

Filesize
68B

MD5
d39305c16a773b222871032c4148600e

SHA1
196b2a21dabfd3d001e2c79f3fdc7c411c4ca261

SHA256
01786514a6a5bb357099b7c11c23615c0e8e6e07aced1f3764f034b6a6be8d29

SHA512
bc16b755eb56da66ff8290d1498c9ebbe7a29e27c50a4326cf3cd9018d20c13bccb4d23e63429e07ac33e323ec19e11a69ad2e25c1b5a4a67341ea2019862093

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx

Filesize
52B

MD5
5dc97ea81161b0668f0e990df136a2ef

SHA1
eeaa4074b0aa62296a702a827ca9eb97d1e2826b

SHA256
612dee1659afbf7d277a6e3283bcc75107610cc9c2b934288ea04b0bccd92405

SHA512
659ec5e24c1950a1aaa8708f15ed0102e0afa87174b95e92201749ecf114b91b853c9c819c6501fcc319caa4c430eabeefe69e72950881dc94456bdaa629c5d1

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx.o1d000007C4

Filesize
32B

MD5
137faa0c3baa69f733eaadb966b64ade

SHA1
a55982685efc19bb0afffa2eb1f3750241480eb8

SHA256
9cc291dcb5847e7f0e6d4bf322164461c6607da934ce9d376c0e15f7ddd33181

SHA512
b6286a581aa3d1add62836804a1fc79a2399fd6fa7144945b47f2ff8c0ebe88af3f289bee95db0cae1aa7c532b487a4bb6a9e65710c581afa2b7f13989885d78

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met664.vmd

Filesize
116B

MD5
c386b2dab1e50ba2766d84fbff261563

SHA1
04689715512886016010a77f4cb1e6659e0df0b5

SHA256
ae6359b0c31c69599ebb789f3016908d680c7079d452c4648a3af0226b78a84b

SHA512
f67d207fad5f0a78d1c7e507257aa903704020f8339720c7e6e23e7d4699d084a57628703a0cd4f33b0460e5454a6d33b99c51f37e346a95504949ce30929723

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met674.vmd

Filesize
125B

MD5
d39c2a872b313f71c47f6bef8a44b425

SHA1
fb0b1e55ba114f0ec0856cec44934c692690e487

SHA256
84f5b0b1ecb3612db2d369b18c758cd0de8ad31b371943343fc5b776092fceae

SHA512
b21b234843480ade18abbfc1dcae5edd536def427bfbd39d0c384e439c2b0692d1654703e32b4648ffb6f719fc1236edbc588bffd242ea7792fbb41b82d65b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metD6FE.vmd

Filesize
116B

MD5
c83239613245411ebd5416fe69629720

SHA1
e0b7924b12a88958fb9e18d5d8bdf1ed9ab84337

SHA256
a1defd5d6eed464399dc2a0f2c07d1f3a10e45963899ff4b824f748b690362d1

SHA512
f3d264e25bbceb2c58d741bfa16c35213df9a629ac59ef9a275c2ec60320b6580c6f1468627e966e14bc27695d9e157ce264a6259a4f78995e7fbe304d5e4528

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metE6C0.vmd

Filesize
174B

MD5
9936bebab9c4e0e2aac7dceffc42dbac

SHA1
c1d2b8ceed49c904db7f174e06cc4e8ef851a87b

SHA256
ee730918e759544d7d087fe0b2e0aee12145ec36ecd4f4aced4336d85503a124

SHA512
16a5da57970c1d9b0e00bd8ac21ad53260b48db7b7b8bdb1953c625e8b6a9a132afa53fcb835163b73fe6a5dae40aa5ddffda9a11f42e8942c07b180363f2ff0

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metE6D0.vmd

Filesize
127B

MD5
252e14c85c8b8288fda93614891308eb

SHA1
636d352077cab476c805fac2bc4ff58d83a14b99

SHA256
cd160e25ecd10aeada7cbe1b0913b8dc8098d009e43b9a549765e0250531c81b

SHA512
7c5654607006bd1300874257f9c452b7e5aeaf90e4815ccfa0f195988f7d51dfb8dce68c71d15649242f8d05f970d67101917c4ddeef12ea05d39fa8aa1f293b

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metF692.vmd

Filesize
126B

MD5
2cdaffaec77db6248825896e5c424893

SHA1
fc8df8ddc7811bfcf8f426dce0316c7eb6366b69

SHA256
6217223a02d019b85e566e2804ae6ae4dd3643c95578279a27909c9eedbdb961

SHA512
387e12cab715c8d9530b21725808c91bface84949f03d17312890464ec53ffbd79ce3a83685e0897e208a2e26e85c8296b848d91b0677df1bac446c229cfe05e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metF6A2.vmd

Filesize
103B

MD5
eebb8da8e062bd685542bffe0bb94e74

SHA1
75faddb50b83eae36988c1e3eab075fe8d5a3415

SHA256
ec58f79fffd619862667c1a7644ad34f76c4623f2b7857a5341640c893d4de18

SHA512
8a23a32b28a558e9a5d3a615d4412b768af8948f132b09e97ca121471db46693a4d05ce4df64f1ad951749d65c4d19000e08f7870d99eef9b90b62d2864f1bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Winamp.ini

Filesize
237B

MD5
d82bebf2fe2519b17520980e5c1afeaa

SHA1
a641366b7825b943ae8fb6f8b6c61f94c56c1c23

SHA256
ab3985dd5094e8a443d56db57578f52b4b5211b7c5ca72881971cdce0c52bbd5

SHA512
77ef3c498241992e269f5c6228b8d0d8bbf46291e4b2f23a723a6cf5f35b000e8387ad2d22dc30947aad707b14ea00930fe1965374a3789b362711d7f908abbe

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Winamp.q1

Filesize
4KB

MD5
d24f1b829d1bd197e157b12d19c220e9

SHA1
555274f63e5b6ddbbd548179754fd0b2cbddf888

SHA256
58065811d8e881a5087af0c9a44d2baaa9628dc3cd1b1847533dad2c35a02cf8

SHA512
55c5c6bc1c466eebde84b98e024d774711bc1f1e32b28842d77eaea93dc030878e74012ea48179925313490b7c77d07383213ebb63d691228d2333e4217b33fc

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
195B

MD5
de5f79f38637150cfa7d61964e21f288

SHA1
7bbd8fabd882328620fb2700f9490bfd6f8e35c1

SHA256
a051a44d3ab71a69409d72f11fa2ce3984ce844c629c5bc68c1b2b65e3da4184

SHA512
eee91054f43a3865fb1123aa27b33794dbca257d97a568727758f4097953949beade88b71fc41bc5d5153272bf84d77d530cadce3f0ae3a142bb362cd470a02e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
277B

MD5
41476d6d78de11bed8a863e8ab15a558

SHA1
2582d2d6d0888a3edf185215831a81f1be15aade

SHA256
11eabb7e859334a8ba04c65d8805d19dc2723b15241bc3afcc056a87d0f786d0

SHA512
76c9b96fb33242284451fc5c4131b3262413dabeb471d052f61b9a19936b1d3c450f66584e8ab1dc3392d32b5cdcd280ea4152cb53bba9c1bf48e02121381459

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
292B

MD5
6b9995704351986c76a5f0145b6c7f8a

SHA1
24bb2ddfc2120712af4e8b768c662793a17479bc

SHA256
25436e0faa5cca5ed1ff461be8c060b1070eecaa14c52186bb82932779376ea1

SHA512
c315ae20c059569c7f72183937cc98241d2f4df4a1a0810a5c744868b88b927b05dfba3cf767215136f60e637e113f8fc5492f1d7a64f66fc688355e4219e4bd

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
300B

MD5
943ad4a52d6b3aa9dbf4202a3b0eb275

SHA1
99d64c90afe965045c9657478039e98a7f47fcd7

SHA256
f9add5f360da571ed4aeb1c8e8aab60e04be939ef40dfa85b72b6fb24fc79dab

SHA512
c7e159df8fca7c80aa843e7d8284660a1e8defa5bad4f34bf3e2b4bedaa7c93018885fde2651b6057e2f277e7c4a0b48e1599cc57a6ca743c8fa560b0e0480c2

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
e4e391ec7c38333f815d2f97f96e2128

SHA1
cc0f8ebc11f7cdf1950129591ddaf6dd81c75bf8

SHA256
ebbac3f9fd3c2797c878bcd2c8c49d1c0997e1a226cd17a0ae0a5376b0fe1dc2

SHA512
bbdff6e4af10dec07c7aa8623c097c54358815778ed73ded2367eb0189e0653c5f8734511ae6a5546ec7692608d74abbfca5d2bdc588e4846d89fda478193213

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
b81b46d89c6c48e140348d78d89aa146

SHA1
5d528d61f917f4cc6c8c8a4f47319e1324b95f50

SHA256
20934a38181694d6fd6db63dd311ab460af3affa5367f260a755bcbb2b485996

SHA512
472bf8a91f1a68737dca314c8bebdc4554b66d6c7ac51b3f09b140f5001b27df9ef4ddb9cd53c8855e280d9e0827eef7f46d09b7f7be08fcb27388a92a02ef20

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
6ad98347231df344a718c81a9fde99c2

SHA1
4af974a361ede57e495400b3e28643c33c9d45e2

SHA256
6de5c41114d869bb79e048219418fd707e158187abdb5bdbf4cab4def9098816

SHA512
5b4424b60eec6d3d312eb2611e00d405be380790ea8edd1db55ba1822fdd66c9b42f65d05441b00b1d863f82ba4258cefecc5f0ae035934185044da302bf4b84

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
3KB

MD5
a8b6709d30c718c7d2d7e1a3121f9384

SHA1
381e9ac0a22ee37a7ec72591cb8729213d87a2e1

SHA256
e2be6f84468d1b12b3a6a93835b662dcd523966c9fc5272e619ca747db12ac15

SHA512
50499449812a00970c4ddb98f8b892943ea0328e091c5b9826cda421156d1efea071ac78605deca3463f433c1af7433e1b56afe1b1eb8c89da77401f9d3c3803

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
3KB

MD5
7a8ddd3dbe5784e3760b371edf58c56c

SHA1
0a99215cf697e9a91906032e78ef2f28521a7c05

SHA256
15ec67af68aabc4498878a7249c247bb7120dd00ad88c30a19c56993202cc9e1

SHA512
4704db7598e79b217c589526a4637eea66a2f6ad0a9aef082f9983b494d64f46d27983d52caad1dd6f5f2c323e5431f9a46207baf8c80fe29ba39e4d60c2537c

Download Submit
C:\Users\Admin\Desktop\Winamp\Shared\jnetlib.dll

Filesize
2.4MB

MD5
0e1d9c1b1d067ca068a120258d56f10b

SHA1
3f2f1354261a9de037bd83021a6fe2be024f371c

SHA256
df0e962303ee3a276e342d2a8c022fa756db6b6c93f680171b165c22feb70521

SHA512
66be377de7eeeb09dd4197882aced2486d411082b428f91a074322bcaff61d10223e4d842367f9c42679c74e3601657e3d95b73d610d868c22b9272067e66c2b

Download Submit
C:\Users\Admin\Desktop\Winamp\Shared\jnetlib.dll

Filesize
425KB

MD5
7cd79757a2432507073a7e72468d1ffe

SHA1
41eea479361db1ed972126f6764dc73378408060

SHA256
c22fad0e9298172c9ca329e0a7a5f3967c8ebca6b2259902c3d8781ef74ed299

SHA512
6910e86b827e956c021feb6098ebe5625579d5863989d2a55229fbb0484623fbcb1bed05dc554942c4864b205e190661af1ceaedcf2250c0b3cce4350c9c5664

Download Submit
C:\Users\Admin\Desktop\Winamp\Shared\nde.dll

Filesize
85KB

MD5
7ef49a648488189e84785031e5233980

SHA1
fcdb8d02a04a664afbc901aef516d4bde9cc48f3

SHA256
1f856e87de95f73f6e7848473c62cb9868ec70a0d01686f56a9bbedceb89170f

SHA512
98c379ec0e538e7d92c93d374b4b3f7da8c282a4b4865c82b1626abccadfb5d13b458d15af6260ec8d644e9d2a8ab596f270f274bfe61e289bd5a9e37e424b02

Download Submit
C:\Users\Admin\Desktop\Winamp\Shared\nxlite.dll

Filesize
78KB

MD5
0eb8f691e53a5ecf93b14d8d6c72e6ce

SHA1
2b40b27c1668791a146978e861005bc9095a66a1

SHA256
7cd7679b154f7d40f22d37b02e8aed2a694a2c23c997ba1cd1e4ead21164939e

SHA512
9efc89c2512e4bac51142ad3e34e10755ded7b055d93eb44a44abb7f4ef0822e4eab039237d7238cce007f56a447e1986de13febb0623839b7c065a4b1377367

Download Submit
C:\Users\Admin\Desktop\Winamp\System\h264.w5s

Filesize
45KB

MD5
66f906268252787285b860f8dc0cd68b

SHA1
adbb65e3e28438896cb97fa1aa7a48e41eba44b4

SHA256
2141213600d7d2c9a12d98a324c8381ab7be8792ba57b7b6e68770adb1f40813

SHA512
0be66230cdb767d9c0b2e91503160a3be43b036e653da68ca748d103346cd121ca29890dd9fa986cdb61ffd7815633ec85a6dd4a322c31f9783ef0ab34f64f0f

Download Submit
C:\Users\Admin\Desktop\Winamp\System\jpeg.w5s

Filesize
233KB

MD5
02f7d9f885db7ddc89a20931386f29f3

SHA1
1638a7280e0c1938e2c15ce542a94b0bb4387b0a

SHA256
66b105f43748498bcd0492a2a14b4ab4b889a9818510080927793541abe1da91

SHA512
b0f79927fcd9d944b46f33c71c168dfd8cc88cee1af6f42030784bd4b93b2f3d699a60da49cbd807dd2e5ec2ee18e8db4318fdc0af4a522c7550036e15ff9620

Download Submit
C:\Users\Admin\Desktop\Winamp\System\vp6.w5s

Filesize
170KB

MD5
b1c9cf23f13bcbd52de0690322d43872

SHA1
c4ea62cc877499327520001df8526d5dc35cb35d

SHA256
aaba95e7649ca5ec5a4f3d2235e3da8c16c9aed7bc41bf93ac31552a959cecb7

SHA512
4f6a22da8bcaa5bba359552d0c99a7b0c600feff1375a7f683f0238440fca4be88d026510a453d75e22d9b31caca20bc90cc7774ddc932eddc2e03e035594e05

Download Submit
C:\Users\Admin\Desktop\Winamp\System\wac_downloadManager.w5s

Filesize
41KB

MD5
a2414e10e84c083a41ace5451a7b73f0

SHA1
45f80fd9473c7e62d8ba7a8f406f53fb581d3f54

SHA256
9b61e67b4ec0a23b47cd6dcbac977b14a0ceddf707356aa6600e8da7d05f1c1e

SHA512
cb63eb0127df511c6a5344b43fb5fd58701eb59463fff1d0cf0ed3d0174a7469707386d2998f166245501d6c3ad38db808c7eba2febc5cb798da07269982845f

Download Submit
C:\Users\Admin\Desktop\Winamp\paths.ini

Filesize
30B

MD5
8ad85a252352aa655f18d1b9300667b1

SHA1
5d2939f3b6c29739303f2caa4560d1f5376309c6

SHA256
fb7293e289aa918d2cbc3c362cea48dd061b0e12616924460466f26df28ff05c

SHA512
aa3c14551846a2a89b7c4ecbb9ac63e3c83501de5e088634c77e92ffd068a0aa547ad5c0d06890b553469013ff0de0dfe2058de86677966ace9c4d0b8c7b5525

Download Submit
\??\pipe\crashpad_1804_EWDGCUBZUVZEJNVF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\nsy511E.tmp\Dialer.dll

Filesize
3KB

MD5
adea8024c99d7802fa3c9e5d34877aad

SHA1
4e015a5be3e668aa3e9758370413f2bb8ec5ad1a

SHA256
242b6aeb759e31b64e014e3df6b5c478fb309d56b4df8cdb59b2cd03bfa77db2

SHA512
717a9f08842e96e9395fe8fff19138d7e599e3dd4f44b7b55d9be86211f20cd89a1d315df1f241afc52456da738623401ee721b17e9fd5949fe1decfc1b2819d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy511E.tmp\LangDLL.dll

Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
\Users\Admin\AppData\Local\Temp\nsy511E.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsy511E.tmp\execDos.dll

Filesize
5KB

MD5
0deb397ca1e716bb7b15e1754e52b2ac

SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

Download Submit
\Users\Admin\AppData\Local\Temp\nsy511E.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nsy511E.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
\Users\Admin\AppData\Local\Temp\nsy511E.tmp\nsis_winamp.dll

Filesize
4KB

MD5
1e1ded1cf1c69852f2074693459fb3b5

SHA1
81b165cae4d38a98760131989fdd8aed2c918679

SHA256
5946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec

SHA512
a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96

Download Submit
\Users\Admin\AppData\Local\Temp\nsy511E.tmp\nsisdl.dll

Filesize
15KB

MD5
ee68463fed225c5c98d800bdbd205598

SHA1
306364af624de3028e2078c4d8c234fa497bd723

SHA256
419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04

SHA512
b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107

Download Submit
\Users\Admin\Desktop\Winamp\Components\ssdp.w6c

Filesize
31KB

MD5
80e53207d1f5f684b098bf70b66c34b1

SHA1
848367ff79a68319c9211abfae289a3802a809f6

SHA256
dd55372e906699c3e35f02313736f74a13d1e526d0b9620cadb70d57e530af63

SHA512
cd7e0b59a2eb0ccf164e958e758d53646dd6a229a67cb37e2d524fb36d19116117b7390a368bc47043faf407d788e839aee20f501b7c90d367515acdf65690ac

Download Submit
\Users\Admin\Desktop\Winamp\Elevator.exe

Filesize
97KB

MD5
59803a5bb88b88a6d83342eeb3816ad9

SHA1
cafa43cacd584deb0d54ac31ae9030f90455c6b7

SHA256
a8e9655510906994fdef3993bebabf0a5e0b6604f02c0ccc28fd31be3aa684bf

SHA512
85038570bb2fb39e7ee8994ccb3f8f9203c0d8360fea889d238c13b3b49a7ab85488edd01d3ec7e37288ffbd0db7e84cfe0353e199289a854311d27990cb9eea

Download Submit
\Users\Admin\Desktop\Winamp\Plugins\gen_crasher.dll

Filesize
57KB

MD5
e52a7ef27aa85d2d763a47a0e3d0ec49

SHA1
918c0487e0798e9f16a2c8cab659b113eca57f65

SHA256
7c2d2c9db724b7ac4fa17b871c741182be0dab51f89b75a8d114d9d6d95b09fc

SHA512
7fd1bb7e2edb029b2853d64e5443213d0d8abb1aa97bf5c92ebde1ee3a42248867b998a89da657cd140fa68e98a1b961647362b049bac494f0a4032fe9024cc8

Download Submit
\Users\Admin\Desktop\Winamp\Shared\ElevatorPS.dll

Filesize
23KB

MD5
7606a37c850c2ce121e74f09a131b9dc

SHA1
0c30b33ec6af5f9a0c32bb09d21d9739614ca863

SHA256
f3726029b19b5eb9e4a6ff2128bcdb945bfcc81c783cbfb6a087a973d9e002bb

SHA512
ed984e39cffac82d9f919ebd5d0dc05fcd3c487244d6a54964892d1be9670e5d5531ab6c0cab74ccf8bb0a9b59e8775f0aaedacc877d24cb70e51e33def30ae7

Download Submit
\Users\Admin\Desktop\Winamp\Shared\jnetlib.dll

Filesize
229KB

MD5
569a317b9e463509ff4be4b9707d8c23

SHA1
f0fb54cbdec4917c49f760fa4dbe2d544e610c60

SHA256
cd4663451c4b4d2d337a375ed39ea934dd3f5295167c16bb40514fa473fc2939

SHA512
87cb0bb9eba6743bde046a9db26efbfd2d78fb92f6342afeb3b9dcd2bb77cf56845ba7dc12ed1d0e9c0021b42e550f0e54fd5143260e829de24d410d585fa145

Download Submit
\Users\Admin\Desktop\Winamp\Shared\libmp4v2.dll

Filesize
196KB

MD5
94ac898b7a10067e78d714849b5742a5

SHA1
9f6a171c27f1bf34f6d005879891ebf67e6cb283

SHA256
0dd4c133afdfe6f2e6d5e00ef7fd5494da1eb7cf7e2c5d9832803e90af9d75e8

SHA512
87cc90a0144e534a601467c02865573fd537ecc05c9154a38eaf00d2b2e5ae605a420c08b41df8c8638041e2c364aeb7d566f3074717388d51d361e95911fb77

Download Submit
\Users\Admin\Desktop\Winamp\Shared\nsutil.dll

Filesize
420KB

MD5
0e87445c382776b590b6898ec3e4e0f4

SHA1
5770be505b48c73bd5fabd108c21c6728efb570e

SHA256
cd614597bd78bcfdb3d9d5dd1f7462a85d5a1f4b01ac479666d9b1516bccf137

SHA512
c9da42f43c922406f06b90763ad6302053e9a4d8eb00fb1c74f652aacc5a43eb9b1c713c8130b6c009222db4fce3ba662408749928316f1fe65dea847cff092f

Download Submit
\Users\Admin\Desktop\Winamp\System\aacdec.w5s

Filesize
37KB

MD5
3f22364b04bdd95b5bb6193c993049ca

SHA1
fdf195aeb9c9b624f766cb9a11bc0d8e1f20d5d9

SHA256
772373cbb9e6da051368248bb8a73e11ae7aa232860861933b92e97d15c305ec

SHA512
04aceef8ad8fc0823183e9e187ab65f69c7a435bb6d69542cbb7e1208ec11ff8f1fff09ddd6e3f0d0a9246c8b42faba4b2f009bc4368742ef0b8b042bd6c1382

Download Submit
\Users\Admin\Desktop\Winamp\System\adpcm.w5s

Filesize
30KB

MD5
63fbcc000aa4d0d75c569e4279eb29bf

SHA1
4e5909b204e7b383981104bd2b2b4a68f392374c

SHA256
d454db3897b4b7e85110875999a6c4594e875b3b86644e71661884296cdc5217

SHA512
286a6c2a1566734ac9438656053b85bbfd1c4a842ff3fc70e58e2fe2a661de96c3ecdfc09908756125a24016c255ec97e821cfb77c029bb9379fc217d21c02c7

Download Submit
\Users\Admin\Desktop\Winamp\System\alac.w5s

Filesize
36KB

MD5
9cd27176dfd77f682b074bf9dac1736a

SHA1
e82e2910c2b3451637a03d21ecb61f6f1de49559

SHA256
8df472ca07447a30326107dc21f5fd5448a62a71d5c53a6fc87cecf77fcc4e44

SHA512
c142e23739cc8797634072cd0912080a22c83ca0feddf7514ab2e031008c411de118ca8e1127601031b5ab8c5eb215f5a8fb5523a92498c727ed122601519372

Download Submit
\Users\Admin\Desktop\Winamp\System\albumart.w5s

Filesize
38KB

MD5
d7af4c04092842e5b4994ebed8bd05ca

SHA1
391add7a9bb2fe52da52e436b8f9c3c4546ab9d3

SHA256
c68698231754f25e069ca761d497b3c683f8166a81da076d33fc6d7489ac3769

SHA512
d02ca853abf9006c5760fc9e447633201c1d3e00b997aa75eaece259b42ff2dfa3cd4e63a87e4ecce97ccf45e2d2c0dff90d3f310d4e53de9d4d1cf32fa8b4ff

Download Submit
\Users\Admin\Desktop\Winamp\System\bmp.w5s

Filesize
56KB

MD5
076b8084cb144b8e395dea3d3191a414

SHA1
72015b308c80a5955e68d256748af263c5edeecd

SHA256
91a1c75cd2a4cdc4a19f15e8061084ddbd9cf0fb2b03cad6d85b568254f58585

SHA512
7b960d176780e558e152c33a0897dd4f3aa5e3fe8fbfcc64eaf73785f53edcb96ff2143b2ca58499c98ac20f6c4484e6110b1880f2cf84cc5902a4607d505eea

Download Submit
\Users\Admin\Desktop\Winamp\System\devices.w5s

Filesize
51KB

MD5
86f1ec62db6e736f27d9a2732115f81e

SHA1
79a3e2f46db95b55e2c7afa5411dbdb9ba92285a

SHA256
a3df6c40e8cf6f2765cd1bc446bb16aae858407656c7239b920d0dedd135d049

SHA512
5f00a464e77da7dc731e41ab29215251355a71552de99c88e8e4b294890f2837f9008ee14be3fb1c2eade3ff3917172a8ced997852813c4c834ffb8fa758daf1

Download Submit
\Users\Admin\Desktop\Winamp\System\f263.w5s

Filesize
45KB

MD5
56f562aa73a4c3bfc542c43f27e62275

SHA1
d5f4f448d58789b7140e06d7d401073931db9612

SHA256
1b18b6a3c03eb26eb89a2c5f0e552090a7073fe6db553622005081cc12b20bdc

SHA512
13da391b91d52197fd68c8a9f86db4a0ba0a60d3da7a95f7de0366d7e9309492c0a676482075aa561cde1baebfba1d8e32f390cfdbc9a456d55983207f10739d

Download Submit
\Users\Admin\Desktop\Winamp\System\filereader.w5s

Filesize
30KB

MD5
05fe16de167a516089ef3e96ad03f77d

SHA1
c64357d9bfc7398110024cb13860d23d136b3a03

SHA256
47ae2faa3fd9a92df816e43fe36dee412a1a95adc9c547f2bf4b54a3d1fb024c

SHA512
ad038ec5006bd3b8abf6a81ec851096fcc6a480fdbbff6c1f5271b8dc734c047b746521ee2ddf66ae4f914c943ab1db225b05b84481917f5f5b5f8808614f491

Download Submit
\Users\Admin\Desktop\Winamp\System\gif.w5s

Filesize
35KB

MD5
7f85166b45e3835e9fe933408795b1dd

SHA1
65c400fb3528c64f2e85d651f7dcad3acda0e95a

SHA256
43f9cb8257a7f482f9039e8c4b86b15b5d5d03061e647ce75e2a95cd7386aede

SHA512
d5009021d2a208eb51754a1ca77cb591b9618a7cd577bde5551d2a3133ad3a4271cf46cb8362109652c9ae10d3f2abcbc2029d9e9c35c0caff151095778dbcd3

Download Submit
\Users\Admin\Desktop\Winamp\System\jpeg.w5s

Filesize
151KB

MD5
8d7bd551235028dc8a5ca5e0be0dd3d8

SHA1
82510669adbe1fc7f7783d58697801ab54fc1da9

SHA256
057619ab2456cf22d5c93eab37400d988b743159b27ca00d8e4474539d0b8bc3

SHA512
fb879df8a86bd26404626b3447693141c0d5bbb7b8a33b00ea7c777c30d37fd2f0be046b2344e5dbde12b7785d524aa1e4cee3c5ea0fa278fabb9a6614951ce4

Download Submit
\Users\Admin\Desktop\Winamp\System\wasabi2.w5s

Filesize
51KB

MD5
e64e27195d6c298276d518c3bdbfdc9e

SHA1
ecb372039808d0d4aad7a5594e71ccc36291f124

SHA256
2fcefbca651857ec1eddbc3e582bc5aec40277dd4c00118290ac934a4a6eb09c

SHA512
9139052d756c1553196c3d00fb534fd33fcdddde3e4e6292af9a6acc9eb2dc6fb48b47db2e3f25a59852ce68d1dbda05ffcabed777471ba9c2de8964156e8346

Download Submit
\Users\Admin\Desktop\Winamp\winamp.exe

Filesize
2.3MB

MD5
ebebc6e8f41e6c04dd661a14761d75d9

SHA1
9762e726a682f54bd9606bf08867a6206a1a39f7

SHA256
addf561fcdc496c1318ddc3586352aa7f6c1feb684a9e8ffa285409beac5b446

SHA512
9493e6576fe94e4ee8aacbf10389acc21a0298eea07217c53fbfe6b87ba2dd010c9f0081c5574ac3e896720e7e9b4683adb2dcaba4231c6a9fbb738181081c3e

Download Submit
memory/2544-2398-0x0000000004960000-0x0000000004982000-memory.dmp

Filesize
136KB

Download
memory/2544-2523-0x0000000004E40000-0x0000000004E55000-memory.dmp

Filesize
84KB

Download
memory/2544-2772-0x0000000004ED0000-0x0000000004EFB000-memory.dmp

Filesize
172KB

Download
memory/2544-2779-0x0000000004F90000-0x0000000004FBF000-memory.dmp

Filesize
188KB

Download
memory/2544-2780-0x0000000004F90000-0x0000000004FA3000-memory.dmp

Filesize
76KB

Download
memory/2544-2778-0x0000000004F90000-0x0000000004FD1000-memory.dmp

Filesize
260KB

Download
memory/2544-2781-0x0000000004F90000-0x0000000004FA4000-memory.dmp

Filesize
80KB

Download
memory/2544-2777-0x0000000004F90000-0x0000000004F9D000-memory.dmp

Filesize
52KB

Download
memory/2544-2784-0x0000000004F90000-0x0000000004FBA000-memory.dmp

Filesize
168KB

Download
memory/2544-2788-0x0000000004F90000-0x0000000004FE2000-memory.dmp

Filesize
328KB

Download
memory/2544-2791-0x0000000004F90000-0x0000000004F9D000-memory.dmp

Filesize
52KB

Download
memory/2544-2790-0x0000000004F90000-0x0000000004F9C000-memory.dmp

Filesize
48KB

Download
memory/2544-2786-0x0000000004F90000-0x0000000004FDE000-memory.dmp

Filesize
312KB

Download
memory/2544-2465-0x0000000004DF0000-0x0000000004E1F000-memory.dmp

Filesize
188KB

Download
memory/2544-2792-0x0000000004F90000-0x0000000004FB8000-memory.dmp

Filesize
160KB

Download
memory/2544-2782-0x0000000004F90000-0x000000000501A000-memory.dmp

Filesize
552KB

Download
memory/2544-2775-0x0000000004F10000-0x0000000004F8F000-memory.dmp

Filesize
508KB

Download
memory/2544-2774-0x0000000004EC0000-0x0000000004ECD000-memory.dmp

Filesize
52KB

Download
memory/2544-2461-0x0000000004BB0000-0x0000000004DD1000-memory.dmp

Filesize
2.1MB

Download
memory/2544-2432-0x0000000004B60000-0x0000000004B80000-memory.dmp

Filesize
128KB

Download
memory/2544-2434-0x0000000004B90000-0x0000000004BB0000-memory.dmp

Filesize
128KB

Download
memory/2544-2336-0x0000000004540000-0x000000000454D000-memory.dmp

Filesize
52KB

Download
memory/2544-2427-0x0000000004B20000-0x0000000004B44000-memory.dmp

Filesize
144KB

Download
memory/2544-2396-0x0000000004920000-0x0000000004946000-memory.dmp

Filesize
152KB

Download
memory/2544-2402-0x00000000049B0000-0x00000000049BF000-memory.dmp

Filesize
60KB

Download
memory/2544-2417-0x0000000004A70000-0x0000000004AB8000-memory.dmp

Filesize
288KB

Download
memory/2544-2423-0x0000000004AF0000-0x0000000004B0F000-memory.dmp

Filesize
124KB

Download
memory/2544-2421-0x0000000004AC0000-0x0000000004AD2000-memory.dmp

Filesize
72KB

Download
memory/2544-2404-0x00000000049D0000-0x00000000049EA000-memory.dmp

Filesize
104KB

Download
memory/2544-2362-0x00000000048B0000-0x00000000048D5000-memory.dmp

Filesize
148KB

Download
memory/2544-2348-0x00000000045C0000-0x00000000045FF000-memory.dmp

Filesize
252KB

Download
memory/2544-2354-0x0000000004700000-0x000000000472A000-memory.dmp

Filesize
168KB

Download
memory/2544-2357-0x00000000047A0000-0x00000000047B2000-memory.dmp

Filesize
72KB

Download
memory/2544-2358-0x00000000047D0000-0x00000000047DF000-memory.dmp

Filesize
60KB

Download
memory/2544-2361-0x0000000004830000-0x000000000485C000-memory.dmp

Filesize
176KB

Download
memory/2544-2359-0x00000000047F0000-0x000000000481F000-memory.dmp

Filesize
188KB

Download
memory/2544-2351-0x00000000046C0000-0x00000000046E1000-memory.dmp

Filesize
132KB

Download
memory/2544-2349-0x0000000004630000-0x0000000004686000-memory.dmp

Filesize
344KB

Download
memory/2544-2339-0x0000000004560000-0x000000000456E000-memory.dmp

Filesize
56KB

Download
memory/2544-2332-0x0000000004420000-0x000000000442F000-memory.dmp

Filesize
60KB

Download
memory/2544-2329-0x0000000004400000-0x000000000440B000-memory.dmp

Filesize
44KB

Download
memory/2544-2236-0x0000000004380000-0x00000000043B2000-memory.dmp

Filesize
200KB

Download
memory/2544-2221-0x0000000002DD0000-0x0000000002E3A000-memory.dmp

Filesize
424KB

Download
memory/2544-2193-0x0000000000C20000-0x0000000000C37000-memory.dmp

Filesize
92KB

Download
memory/2652-2182-0x0000000000140000-0x0000000000142000-memory.dmp

Filesize
8KB

Download