Overview
overview
8Static
static
3winamp_lat...ll.exe
windows11-21h2-x64
8$PLUGINSDI...er.dll
windows11-21h2-x64
3$PLUGINSDI...LL.dll
windows11-21h2-x64
3$PLUGINSDI...LL.dll
windows11-21h2-x64
3$PLUGINSDI...ch.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...os.dll
windows11-21h2-x64
3$PLUGINSDI...ip.dll
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...mp.dll
windows11-21h2-x64
3$PLUGINSDI...dl.dll
windows11-21h2-x64
3Components/ssdp.dll
windows11-21h2-x64
1Elevator.exe
windows11-21h2-x64
1Microsoft....40.dll
windows11-21h2-x64
3Microsoft....40.dll
windows11-21h2-x64
3Microsoft...._1.dll
windows11-21h2-x64
1Microsoft...._2.dll
windows11-21h2-x64
1Microsoft....it.dll
windows11-21h2-x64
1Microsoft....ds.dll
windows11-21h2-x64
3Microsoft....40.dll
windows11-21h2-x64
3Microsoft....40.dll
windows11-21h2-x64
3Microsoft....90.dll
windows11-21h2-x64
1Microsoft....90.dll
windows11-21h2-x64
1Plugins/AV...er.dll
windows11-21h2-x64
3Plugins/AV...ap.dll
windows11-21h2-x64
3Plugins/AVS/texer.dll
windows11-21h2-x64
3Plugins/AV...r2.dll
windows11-21h2-x64
3Plugins/Fr...pe.dll
windows11-21h2-x64
1Plugins/Mi...op.dll
windows11-21h2-x64
1Plugins/Mi...p.html
windows11-21h2-x64
1Plugins/Mi...g.html
windows11-21h2-x64
1Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
02-06-2024 17:21
Static task
static1
Behavioral task
behavioral1
Sample
winamp_latest_full.exe
Resource
win11-20240508-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/Dialer.dll
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win11-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win11-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ShellDispatch.dll
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240419-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/execDos.dll
Resource
win11-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/extstrip.dll
Resource
win11-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20240426-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsis_winamp.dll
Resource
win11-20240426-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win11-20240508-en
Behavioral task
behavioral13
Sample
Components/ssdp.dll
Resource
win11-20240426-en
Behavioral task
behavioral14
Sample
Elevator.exe
Resource
win11-20240426-en
Behavioral task
behavioral15
Sample
Microsoft.VC142.CRT/concrt140.dll
Resource
win11-20240508-en
Behavioral task
behavioral16
Sample
Microsoft.VC142.CRT/msvcp140.dll
Resource
win11-20240426-en
Behavioral task
behavioral17
Sample
Microsoft.VC142.CRT/msvcp140_1.dll
Resource
win11-20240508-en
Behavioral task
behavioral18
Sample
Microsoft.VC142.CRT/msvcp140_2.dll
Resource
win11-20240426-en
Behavioral task
behavioral19
Sample
Microsoft.VC142.CRT/msvcp140_atomic_wait.dll
Resource
win11-20240508-en
Behavioral task
behavioral20
Sample
Microsoft.VC142.CRT/msvcp140_codecvt_ids.dll
Resource
win11-20240426-en
Behavioral task
behavioral21
Sample
Microsoft.VC142.CRT/vccorlib140.dll
Resource
win11-20240426-en
Behavioral task
behavioral22
Sample
Microsoft.VC142.CRT/vcruntime140.dll
Resource
win11-20240426-en
Behavioral task
behavioral23
Sample
Microsoft.VC90.CRT/msvcp90.dll
Resource
win11-20240426-en
Behavioral task
behavioral24
Sample
Microsoft.VC90.CRT/msvcr90.dll
Resource
win11-20240419-en
Behavioral task
behavioral25
Sample
Plugins/AVS/AddBorder.dll
Resource
win11-20240508-en
Behavioral task
behavioral26
Sample
Plugins/AVS/colormap.dll
Resource
win11-20240426-en
Behavioral task
behavioral27
Sample
Plugins/AVS/texer.dll
Resource
win11-20240508-en
Behavioral task
behavioral28
Sample
Plugins/AVS/texer2.dll
Resource
win11-20240508-en
Behavioral task
behavioral29
Sample
Plugins/Freeform/wacs/freetype/freetype.dll
Resource
win11-20240426-en
Behavioral task
behavioral30
Sample
Plugins/Milkdrop2/data/vms_desktop.dll
Resource
win11-20240426-en
Behavioral task
behavioral31
Sample
Plugins/Milkdrop2/docs/milkdrop.html
Resource
win11-20240508-en
Behavioral task
behavioral32
Sample
Plugins/Milkdrop2/docs/milkdrop_preset_authoring.html
Resource
win11-20240508-en
General
-
Target
winamp_latest_full.exe
-
Size
12.4MB
-
MD5
39b72e2cbf2fb8da961538de3e892eba
-
SHA1
237ce8611cb8e2ede8a5d6b982597f7e93b2cd81
-
SHA256
fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e
-
SHA512
36e8b9d759d960390e8f1b4ac420d591204cb95a776be668db365c453cb702cadee9b34c03779044fdc04c2d2929ac542e01bba50094f8352e2724a082611b59
-
SSDEEP
393216:udNH1gz1+ZUUG9NWpHYV6ohIBfqHts7UU2wP3:udZk1vUG964V6ysUs7U/u3
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 4 IoCs
Processes:
netsh.exenetsh.exenetsh.exenetsh.exepid process 3240 netsh.exe 1908 netsh.exe 4508 netsh.exe 2120 netsh.exe -
Executes dropped EXE 3 IoCs
Processes:
elevator.exewinamp.exewinamp.exepid process 4948 elevator.exe 2592 winamp.exe 6056 winamp.exe -
Loads dropped DLL 64 IoCs
Processes:
winamp_latest_full.exerundll32.exewinamp.exepid process 4964 winamp_latest_full.exe 4964 winamp_latest_full.exe 4964 winamp_latest_full.exe 4964 winamp_latest_full.exe 4964 winamp_latest_full.exe 4964 winamp_latest_full.exe 4964 winamp_latest_full.exe 4964 winamp_latest_full.exe 4964 winamp_latest_full.exe 4964 winamp_latest_full.exe 3876 rundll32.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe 2592 winamp.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
winamp.exedescription ioc process File opened (read-only) \??\D: winamp.exe -
Drops file in Program Files directory 64 IoCs
Processes:
winamp_latest_full.exedescription ioc process File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rozzor & Aderrasi - Canon.milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\Eo.S. - glowsticks v2 05 and proton lights (+Krash's beat code) _Phat_remix03 madhatter_v2.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Big Bento\scripts\syncbutton.maki winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Aderrasi - Brakefreak-bitcore tweak.milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Idiot - Star Of Annon.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\beat_l2.png winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Phat_Zylot_Eo.S. Trippy_rotation_v2_sector_mix_alt_colours.milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - golden mirror.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\mig - Slyde - Tri.avs winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Hexcollie, Flexi, ORB, Eo.S. n DaNOnE - Pineal Massage [5 minute composite quickshot].milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Fireworks Sparkle.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\shifter - digi.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\S_KuPeRS - Arctic Rainbow.avs winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\UnConeD - Zero-G Maze II.avs winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Stahlregen & bdrv + fiSHbRAiN + flexi + Geiss + shifter - Starcraft (Hyperion RMX V3).milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S. + Phat - vacuum deity watching you.milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\Esotic & Rozzor - Pixie Party Light ((No Wave Invasion) Mandala Chill Red Yellow Mix).milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - low res delay.sps winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\button_config_drawer.png winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar - Tripmaker.milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rozzor - Learning Curve (Invert Tweak).milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\martin - mucus cervix.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\lone - Gold shower 3D (justinmod).avs winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S. - dark side of the moon (plus a few more hits and a pill).milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Goody - Lights in the Sky.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Phat_Zylot_Eo.S. spiral_Movements_Beatle.milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Stahlregen & Boz + Eo.S + Geiss + Phat + Rovastar + Zylot - Machine Code [Jelly].milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\freeform\xml\historyeditbox\historyeditbox.maki winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Big Bento\window\aol_radio_alb_art.jpg winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Goody - LSD Zoomtunnel.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\textures\cells.jpg winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Winamp Modern\xml\player.xml winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Dark Omen.milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Unchained - ReAwoke.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Fvese - The Tunnel (Final Stage Mix).milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin + suksma + fed + goody and others - blarfff [Zebra puke mash-up by Stahlregen].milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\data\include.fx winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - musicogenic epilepsy.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Winamp Modern\window\scrollbars.png winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Big Bento\window\menu_help.png winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\Tuggummi - Magma Flow II.avs winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar & Unchained - Unified Drag 2 (Ghostly Vision Mix).milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\el-vis - soundscape III (skupers remix).avs winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\justin - newpoop (for wa5).avs winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Acid Cycle Gas Giant.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Aderrasi - Contortion (Escher's Tunnel Mix).milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar - Harlequin's & Jester's Dual Delight (Chaotic Nightmare Mix).milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - huge massive speederupper.sps winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\shufflerepeat_led.png winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\Duo - Alien Heart.avs winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\browser\browser.maki winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Big Bento\scripts\simplemaximize.maki winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Phat_Eo.S. Eyes_spiral_mix.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - the distant point between.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\cope - the drain to heaven.milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\System\h264.w5s winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Winamp Modern\scripts\mainmenuoverlay.maki winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S.+Phat - Flare_dig_mix.milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - smashing fractals [acid etching mix].milk winamp_latest_full.exe File opened for modification C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Temporal Rift.milk winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\components.xml winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Skins\Bento\xml\notifier-elements.xml winamp_latest_full.exe File created C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - deep blue.milk winamp_latest_full.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Processes:
explorer.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe -
Modifies registry class 64 IoCs
Processes:
winamp.execontrol.exewinamp_latest_full.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WAV\DefaultIcon winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WAV\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\"" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.W64 winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RF64\shell\ListBookmark\ = "Add to Winamp's &Bookmark list" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WOW\shell\Play\DropTarget winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.m3u8 winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WEBM\ = "WebM Video" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMA\shell\open\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\"" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.paf\ = "Winamp.File.PAF" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M4V\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\"" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.HTK\shell\open winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MID\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\"" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SWF\shell\open\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\"" winamp.exe Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\.m3u\Content Type = "audio/x-mpegurl" winamp.exe Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings control.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OGG\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\"" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.VOC\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\"" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MID\shell\Enqueue\DropTarget\Clsid = "{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.FAR\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\"" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.J2B\shell\Enqueue\ = "&Enqueue in Winamp" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.GDM\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\"" winamp.exe Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\.aac\ = "Winamp.File.AAC" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DMF\shell\Enqueue\command winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.UMX\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.C67\shell\Enqueue\command winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NST\shell\open winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PSM\ = "Epic Megagames MASI" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MO3\ = "Un4seen MO3" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PVF\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AU\shell\ListBookmark\command winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NST\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\"" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MDZ\shell winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MO3\shell\Play\command winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMV\shell\Enqueue\ = "&Enqueue in Winamp" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.STK\shell\Enqueue\ = "&Enqueue in Winamp" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MDZ\ = "Compressed ProTracker" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MDZ\DefaultIcon\ = "C:\\Program Files (x86)\\Winamp\\winamp.exe,1" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cda\ = "Winamp.File.CDA" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.FMT\ = "FM Tracker" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UNSV\ = "URL: Ultravox Protocol" winamp_latest_full.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AAC\shell\open\command winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OGG\shell\Play winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMA\shell\open\DropTarget winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.STM\shell\Enqueue\ = "&Enqueue in Winamp" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.ULT\shell\Enqueue\DropTarget\Clsid = "{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PTM\shell\Play\ = "&Play in Winamp" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP1\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DBM\shell\Play\command winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WOW\shell\Play\ = "&Play in Winamp" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M4A\DefaultIcon winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MAT\shell\ListBookmark\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\"" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AIFF\shell\open\DropTarget winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RF64\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\"" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MPEG\DefaultIcon\ = "C:\\Program Files (x86)\\Winamp\\winamp.exe,1" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MPEG\shell\open\command winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AIFF\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\"" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WAV\ = "Microsoft Wave Sound Format" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WAV\shell\open\ winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File\shell\ListBookmark\ = "Add to Winamp's &Bookmark list" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RAW\shell\ = "Play" winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MID\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MDR\DefaultIcon winamp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MPG\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\"" winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMA\shell\Play winamp.exe -
Processes:
winamp.exedescription ioc process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e winamp.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e winamp.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e winamp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 winamp.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e winamp.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 6000 msedge.exe 6000 msedge.exe 1208 msedge.exe 1208 msedge.exe 1492 msedge.exe 1492 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
winamp.exepid process 6056 winamp.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
msedge.exepid process 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEcontrol.exedescription pid process Token: 33 4392 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4392 AUDIODG.EXE Token: SeShutdownPrivilege 1436 control.exe Token: SeCreatePagefilePrivilege 1436 control.exe -
Suspicious use of FindShellTrayWindow 31 IoCs
Processes:
winamp.exehelppane.exemsedge.exepid process 6056 winamp.exe 6056 winamp.exe 6056 winamp.exe 6056 winamp.exe 6056 winamp.exe 3916 helppane.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
Processes:
winamp.exemsedge.exepid process 6056 winamp.exe 6056 winamp.exe 6056 winamp.exe 6056 winamp.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe 1208 msedge.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
winamp.exehelppane.exepid process 6056 winamp.exe 3916 helppane.exe 3916 helppane.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
winamp_latest_full.exewinamp.exehelppane.exemsedge.exedescription pid process target process PID 4964 wrote to memory of 4948 4964 winamp_latest_full.exe elevator.exe PID 4964 wrote to memory of 4948 4964 winamp_latest_full.exe elevator.exe PID 4964 wrote to memory of 4948 4964 winamp_latest_full.exe elevator.exe PID 4964 wrote to memory of 3240 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 3240 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 3240 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 1908 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 1908 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 1908 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 4508 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 4508 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 4508 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 2120 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 2120 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 2120 4964 winamp_latest_full.exe netsh.exe PID 4964 wrote to memory of 3024 4964 winamp_latest_full.exe ping.exe PID 4964 wrote to memory of 3024 4964 winamp_latest_full.exe ping.exe PID 4964 wrote to memory of 3024 4964 winamp_latest_full.exe ping.exe PID 4964 wrote to memory of 3876 4964 winamp_latest_full.exe rundll32.exe PID 4964 wrote to memory of 3876 4964 winamp_latest_full.exe rundll32.exe PID 4964 wrote to memory of 3876 4964 winamp_latest_full.exe rundll32.exe PID 2592 wrote to memory of 6056 2592 winamp.exe winamp.exe PID 2592 wrote to memory of 6056 2592 winamp.exe winamp.exe PID 2592 wrote to memory of 6056 2592 winamp.exe winamp.exe PID 3916 wrote to memory of 1208 3916 helppane.exe msedge.exe PID 3916 wrote to memory of 1208 3916 helppane.exe msedge.exe PID 1208 wrote to memory of 3076 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 3076 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe PID 1208 wrote to memory of 5980 1208 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\winamp_latest_full.exe"C:\Users\Admin\AppData\Local\Temp\winamp_latest_full.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4964 -
C:\Program Files (x86)\Winamp\elevator.exe"C:\Program Files (x86)\Winamp\elevator.exe" /RegServer2⤵
- Executes dropped EXE
PID:4948 -
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes2⤵
- Modifies Windows Firewall
PID:3240 -
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCP2⤵
- Modifies Windows Firewall
PID:1908 -
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yes2⤵
- Modifies Windows Firewall
PID:4508 -
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDP2⤵
- Modifies Windows Firewall
PID:2120 -
C:\Windows\SysWOW64\ping.exeping -n 1 -w 400 www.google.com2⤵
- Runs ping.exe
PID:3024 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\SHELLD~1.DLL,RunDll_ShellExecute "open" "C:\Program Files (x86)\Winamp\winamp.exe" "/NEW /REG=S" "C:\Program Files (x86)\Winamp" 12⤵
- Loads dropped DLL
PID:3876
-
C:\Program Files (x86)\Winamp\winamp.exe"C:\Program Files (x86)\Winamp\winamp.exe" /NEW /REG=S1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2592 -
C:\Program Files (x86)\Winamp\winamp.exe"C:\Program Files (x86)\Winamp\winamp.exe" /NEW C:\Users\Admin\AppData\Roaming\Winamp\winamp.m3u82⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6056
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D81⤵
- Suspicious use of AdjustPrivilegeToken
PID:4392
-
C:\Windows\system32\control.exe"C:\Windows\system32\control.exe" SYSTEM1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1436
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:3500
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
PID:4528
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:1536
-
C:\Windows\helppane.exeC:\Windows\helppane.exe -Embedding1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=5288822⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8767c3cb8,0x7ff8767c3cc8,0x7ff8767c3cd83⤵PID:3076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:23⤵PID:5980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:6000 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:83⤵PID:6036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:13⤵PID:4460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:13⤵PID:5552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:13⤵PID:1948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:13⤵PID:1872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3420 /prefetch:83⤵PID:1412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5284 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:1492 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:13⤵PID:3264
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1436
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5408
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31KB
MD580e53207d1f5f684b098bf70b66c34b1
SHA1848367ff79a68319c9211abfae289a3802a809f6
SHA256dd55372e906699c3e35f02313736f74a13d1e526d0b9620cadb70d57e530af63
SHA512cd7e0b59a2eb0ccf164e958e758d53646dd6a229a67cb37e2d524fb36d19116117b7390a368bc47043faf407d788e839aee20f501b7c90d367515acdf65690ac
-
Filesize
97KB
MD559803a5bb88b88a6d83342eeb3816ad9
SHA1cafa43cacd584deb0d54ac31ae9030f90455c6b7
SHA256a8e9655510906994fdef3993bebabf0a5e0b6604f02c0ccc28fd31be3aa684bf
SHA51285038570bb2fb39e7ee8994ccb3f8f9203c0d8360fea889d238c13b3b49a7ab85488edd01d3ec7e37288ffbd0db7e84cfe0353e199289a854311d27990cb9eea
-
Filesize
57KB
MD5e52a7ef27aa85d2d763a47a0e3d0ec49
SHA1918c0487e0798e9f16a2c8cab659b113eca57f65
SHA2567c2d2c9db724b7ac4fa17b871c741182be0dab51f89b75a8d114d9d6d95b09fc
SHA5127fd1bb7e2edb029b2853d64e5443213d0d8abb1aa97bf5c92ebde1ee3a42248867b998a89da657cd140fa68e98a1b961647362b049bac494f0a4032fe9024cc8
-
Filesize
23KB
MD57606a37c850c2ce121e74f09a131b9dc
SHA10c30b33ec6af5f9a0c32bb09d21d9739614ca863
SHA256f3726029b19b5eb9e4a6ff2128bcdb945bfcc81c783cbfb6a087a973d9e002bb
SHA512ed984e39cffac82d9f919ebd5d0dc05fcd3c487244d6a54964892d1be9670e5d5531ab6c0cab74ccf8bb0a9b59e8775f0aaedacc877d24cb70e51e33def30ae7
-
Filesize
2.4MB
MD50e1d9c1b1d067ca068a120258d56f10b
SHA13f2f1354261a9de037bd83021a6fe2be024f371c
SHA256df0e962303ee3a276e342d2a8c022fa756db6b6c93f680171b165c22feb70521
SHA51266be377de7eeeb09dd4197882aced2486d411082b428f91a074322bcaff61d10223e4d842367f9c42679c74e3601657e3d95b73d610d868c22b9272067e66c2b
-
Filesize
196KB
MD594ac898b7a10067e78d714849b5742a5
SHA19f6a171c27f1bf34f6d005879891ebf67e6cb283
SHA2560dd4c133afdfe6f2e6d5e00ef7fd5494da1eb7cf7e2c5d9832803e90af9d75e8
SHA51287cc90a0144e534a601467c02865573fd537ecc05c9154a38eaf00d2b2e5ae605a420c08b41df8c8638041e2c364aeb7d566f3074717388d51d361e95911fb77
-
Filesize
85KB
MD57ef49a648488189e84785031e5233980
SHA1fcdb8d02a04a664afbc901aef516d4bde9cc48f3
SHA2561f856e87de95f73f6e7848473c62cb9868ec70a0d01686f56a9bbedceb89170f
SHA51298c379ec0e538e7d92c93d374b4b3f7da8c282a4b4865c82b1626abccadfb5d13b458d15af6260ec8d644e9d2a8ab596f270f274bfe61e289bd5a9e37e424b02
-
Filesize
420KB
MD50e87445c382776b590b6898ec3e4e0f4
SHA15770be505b48c73bd5fabd108c21c6728efb570e
SHA256cd614597bd78bcfdb3d9d5dd1f7462a85d5a1f4b01ac479666d9b1516bccf137
SHA512c9da42f43c922406f06b90763ad6302053e9a4d8eb00fb1c74f652aacc5a43eb9b1c713c8130b6c009222db4fce3ba662408749928316f1fe65dea847cff092f
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
78KB
MD50eb8f691e53a5ecf93b14d8d6c72e6ce
SHA12b40b27c1668791a146978e861005bc9095a66a1
SHA2567cd7679b154f7d40f22d37b02e8aed2a694a2c23c997ba1cd1e4ead21164939e
SHA5129efc89c2512e4bac51142ad3e34e10755ded7b055d93eb44a44abb7f4ef0822e4eab039237d7238cce007f56a447e1986de13febb0623839b7c065a4b1377367
-
Filesize
37KB
MD53f22364b04bdd95b5bb6193c993049ca
SHA1fdf195aeb9c9b624f766cb9a11bc0d8e1f20d5d9
SHA256772373cbb9e6da051368248bb8a73e11ae7aa232860861933b92e97d15c305ec
SHA51204aceef8ad8fc0823183e9e187ab65f69c7a435bb6d69542cbb7e1208ec11ff8f1fff09ddd6e3f0d0a9246c8b42faba4b2f009bc4368742ef0b8b042bd6c1382
-
Filesize
30KB
MD563fbcc000aa4d0d75c569e4279eb29bf
SHA14e5909b204e7b383981104bd2b2b4a68f392374c
SHA256d454db3897b4b7e85110875999a6c4594e875b3b86644e71661884296cdc5217
SHA512286a6c2a1566734ac9438656053b85bbfd1c4a842ff3fc70e58e2fe2a661de96c3ecdfc09908756125a24016c255ec97e821cfb77c029bb9379fc217d21c02c7
-
Filesize
36KB
MD59cd27176dfd77f682b074bf9dac1736a
SHA1e82e2910c2b3451637a03d21ecb61f6f1de49559
SHA2568df472ca07447a30326107dc21f5fd5448a62a71d5c53a6fc87cecf77fcc4e44
SHA512c142e23739cc8797634072cd0912080a22c83ca0feddf7514ab2e031008c411de118ca8e1127601031b5ab8c5eb215f5a8fb5523a92498c727ed122601519372
-
Filesize
38KB
MD5d7af4c04092842e5b4994ebed8bd05ca
SHA1391add7a9bb2fe52da52e436b8f9c3c4546ab9d3
SHA256c68698231754f25e069ca761d497b3c683f8166a81da076d33fc6d7489ac3769
SHA512d02ca853abf9006c5760fc9e447633201c1d3e00b997aa75eaece259b42ff2dfa3cd4e63a87e4ecce97ccf45e2d2c0dff90d3f310d4e53de9d4d1cf32fa8b4ff
-
Filesize
56KB
MD5076b8084cb144b8e395dea3d3191a414
SHA172015b308c80a5955e68d256748af263c5edeecd
SHA25691a1c75cd2a4cdc4a19f15e8061084ddbd9cf0fb2b03cad6d85b568254f58585
SHA5127b960d176780e558e152c33a0897dd4f3aa5e3fe8fbfcc64eaf73785f53edcb96ff2143b2ca58499c98ac20f6c4484e6110b1880f2cf84cc5902a4607d505eea
-
Filesize
51KB
MD586f1ec62db6e736f27d9a2732115f81e
SHA179a3e2f46db95b55e2c7afa5411dbdb9ba92285a
SHA256a3df6c40e8cf6f2765cd1bc446bb16aae858407656c7239b920d0dedd135d049
SHA5125f00a464e77da7dc731e41ab29215251355a71552de99c88e8e4b294890f2837f9008ee14be3fb1c2eade3ff3917172a8ced997852813c4c834ffb8fa758daf1
-
Filesize
45KB
MD556f562aa73a4c3bfc542c43f27e62275
SHA1d5f4f448d58789b7140e06d7d401073931db9612
SHA2561b18b6a3c03eb26eb89a2c5f0e552090a7073fe6db553622005081cc12b20bdc
SHA51213da391b91d52197fd68c8a9f86db4a0ba0a60d3da7a95f7de0366d7e9309492c0a676482075aa561cde1baebfba1d8e32f390cfdbc9a456d55983207f10739d
-
Filesize
30KB
MD505fe16de167a516089ef3e96ad03f77d
SHA1c64357d9bfc7398110024cb13860d23d136b3a03
SHA25647ae2faa3fd9a92df816e43fe36dee412a1a95adc9c547f2bf4b54a3d1fb024c
SHA512ad038ec5006bd3b8abf6a81ec851096fcc6a480fdbbff6c1f5271b8dc734c047b746521ee2ddf66ae4f914c943ab1db225b05b84481917f5f5b5f8808614f491
-
Filesize
35KB
MD57f85166b45e3835e9fe933408795b1dd
SHA165c400fb3528c64f2e85d651f7dcad3acda0e95a
SHA25643f9cb8257a7f482f9039e8c4b86b15b5d5d03061e647ce75e2a95cd7386aede
SHA512d5009021d2a208eb51754a1ca77cb591b9618a7cd577bde5551d2a3133ad3a4271cf46cb8362109652c9ae10d3f2abcbc2029d9e9c35c0caff151095778dbcd3
-
Filesize
45KB
MD566f906268252787285b860f8dc0cd68b
SHA1adbb65e3e28438896cb97fa1aa7a48e41eba44b4
SHA2562141213600d7d2c9a12d98a324c8381ab7be8792ba57b7b6e68770adb1f40813
SHA5120be66230cdb767d9c0b2e91503160a3be43b036e653da68ca748d103346cd121ca29890dd9fa986cdb61ffd7815633ec85a6dd4a322c31f9783ef0ab34f64f0f
-
Filesize
51KB
MD5e64e27195d6c298276d518c3bdbfdc9e
SHA1ecb372039808d0d4aad7a5594e71ccc36291f124
SHA2562fcefbca651857ec1eddbc3e582bc5aec40277dd4c00118290ac934a4a6eb09c
SHA5129139052d756c1553196c3d00fb534fd33fcdddde3e4e6292af9a6acc9eb2dc6fb48b47db2e3f25a59852ce68d1dbda05ffcabed777471ba9c2de8964156e8346
-
Filesize
30B
MD58ad85a252352aa655f18d1b9300667b1
SHA15d2939f3b6c29739303f2caa4560d1f5376309c6
SHA256fb7293e289aa918d2cbc3c362cea48dd061b0e12616924460466f26df28ff05c
SHA512aa3c14551846a2a89b7c4ecbb9ac63e3c83501de5e088634c77e92ffd068a0aa547ad5c0d06890b553469013ff0de0dfe2058de86677966ace9c4d0b8c7b5525
-
Filesize
2.3MB
MD5ebebc6e8f41e6c04dd661a14761d75d9
SHA19762e726a682f54bd9606bf08867a6206a1a39f7
SHA256addf561fcdc496c1318ddc3586352aa7f6c1feb684a9e8ffa285409beac5b446
SHA5129493e6576fe94e4ee8aacbf10389acc21a0298eea07217c53fbfe6b87ba2dd010c9f0081c5574ac3e896720e7e9b4683adb2dcaba4231c6a9fbb738181081c3e
-
Filesize
152B
MD523da8c216a7633c78c347cc80603cd99
SHA1a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA25603dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17
-
Filesize
152B
MD5a8e4bf11ed97b6b312e938ca216cf30e
SHA1ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76
-
Filesize
5KB
MD5bf78db836c96a415420fd4fb869296b2
SHA1ac874a1ae2d6db5744cd049f6679f58d8db89904
SHA256813cd1d3be88ead7ad2ed6a829d49f6904c96675afe32fbe582eb82a0084f956
SHA5123f032d29cc35745ca89e7546820c12fa16c42f9b4447b9b72594fd331467a2e14e3f726ace2c1987447f95acf589e2856db9b1970155cfb1b8358c7b1bcc64f2
-
Filesize
3KB
MD5adea8024c99d7802fa3c9e5d34877aad
SHA14e015a5be3e668aa3e9758370413f2bb8ec5ad1a
SHA256242b6aeb759e31b64e014e3df6b5c478fb309d56b4df8cdb59b2cd03bfa77db2
SHA512717a9f08842e96e9395fe8fff19138d7e599e3dd4f44b7b55d9be86211f20cd89a1d315df1f241afc52456da738623401ee721b17e9fd5949fe1decfc1b2819d
-
Filesize
5KB
MD568b287f4067ba013e34a1339afdb1ea8
SHA145ad585b3cc8e5a6af7b68f5d8269c97992130b3
SHA25618e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
SHA51206c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
Filesize
4KB
MD59c266c2dc7eca5bcab2d8df4990e0c1f
SHA1662da3d9ca18aacdbaef884065fbfffdfacfabfa
SHA256ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd
SHA512e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
5KB
MD50deb397ca1e716bb7b15e1754e52b2ac
SHA1fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5
SHA256720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f
SHA512507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7
-
Filesize
1KB
MD561a5ccb617f6584ca056e4448794dd68
SHA1202986111bbb3c7e5e610e826f3e109bd28bec38
SHA2564604ba98f35edbe82697103abc7ef76e91be57fa57c396337c073f710e51adde
SHA5127b061b530da1c34a9ce334883308451f97871da3dca3ff27cdb4797749b41103dbcbec44ba91381b268c74ee644de99705fe2cbc750e958f4d675172312783c5
-
Filesize
26B
MD5385081d5feee87a4ed1a6e5dcee85f36
SHA18517162855b477e5498e95ff2e82584ef06d5c6d
SHA256bdc6fb93206c1e7a590f2d4e97d0dab7d3badaf8b4e1a7b8487e9cf59f05eddc
SHA51252bcb1cdae8abbe4b14ff85b57e03426d61e5cb25b1535a827af526ec66c00ae0a327b187cd10279cf18c379c912d3e478ef9966bb497a8b626824fe32d1093f
-
Filesize
150KB
MD52d63e33fa1cf672338a22c88fa45e6a0
SHA186c510009d6c71d05eb2707fe6a10039df525192
SHA2567ae875cfcb6e3b1f4a06460fbda99d8014dc4674ee256b0b79ec656777c7e292
SHA512d42a7401c1d0d77d517d2f8086286bd6cf487cf5400cd8b8d720bcaf15149727751677f444fd9a8e340072deabad51347956894c1c034dd81df793b3b8087252
-
Filesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
Filesize
7KB
MD5675c4948e1efc929edcabfe67148eddd
SHA1f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA2561076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA51261737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
Filesize
4KB
MD51e1ded1cf1c69852f2074693459fb3b5
SHA181b165cae4d38a98760131989fdd8aed2c918679
SHA2565946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec
SHA512a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96
-
Filesize
15KB
MD5ee68463fed225c5c98d800bdbd205598
SHA1306364af624de3028e2078c4d8c234fa497bd723
SHA256419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04
SHA512b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107
-
Filesize
884B
MD534596887db65b4d559bd92adbbd58eb3
SHA1a610a496b41bc38bdb43e04b64c1e8ee2703fb8d
SHA256b481b979a63b97651e2231b684e8d98f7c8a8e77163beeea49710a90da03c566
SHA512115cee2deece2c0a5e83a68e14252272c9bdc2b8102fa33d21d56dd3db0bdf764b093fd4faca1afafcc3c92f8df065bd782c4d7b97c43a92b43b3761be3aa6dd
-
Filesize
85B
MD5661f2206ac253963428371f575ce29e2
SHA1a3ae20abb92b0a39f5be0e48387ff36c878d8999
SHA2565eddd08dbbbb3f45bdbd18c5cb621e1d8b4f88961a51b25fb61c972887a20bae
SHA51249a4ab478e326a5b820399c64169cf1a28bc1c7f00cc3a3c5b34b3e5f0553527087c4bd43eb2b4244202186f47e5ea969bf962290ce338f0e28b974d2af6d767
-
Filesize
1KB
MD5d846f709a205bdb235e144f961ae5299
SHA105b169eeb4318d06e91b31fc0f3b0d8f505fa782
SHA256f1bc01512ae6a9200c0e860448ade89d2bd0e2e589a60c29dd20af699cce16cb
SHA5124eddb8461d9b666c32de592bbb07c9ea23670740e7744f1817f26f705bdb2a237d172fdfc63a2caa9e81bdee664b246213e57d95b64edf4f515001d5202bce8a
-
Filesize
1KB
MD5e66b2995ad3850395763bed538f1c28d
SHA1fc525c8062cab17ad4ef9bd0995f779c15aae432
SHA2567bf44fb6be61cc6879fb790b980a9a5fc9ec9cb6d5055f2501f91e6af4b8d8c2
SHA5129ee5c08f64ee815b43ae8d26d7eceea4e5d6ef59ff9ae3a05944443b8d0a410bdb30dc6fa0a74045222870c71e3312bced3487c3cd6e023fb57830a640ac633d
-
Filesize
1KB
MD59b9782842ac80affd39fc1bc48d3a6b8
SHA11b6f44ca49376827f905b7f4b9664862c6479a0e
SHA256c3990bc1aa3314b93cd9ebebd2332c7dca486a87b35e0fd1d2089ffe38643db7
SHA512fc768dbef466ad6654c8475f1fc1580390d7c7dccbe841abfdb32727ddc34f920fb314e270207430ac661fef05e47c13dfe9b706b64ec7458e1e5808ff485385
-
Filesize
55B
MD5bbcf35393be345b9cdeab142e9060a71
SHA105daaa9680f1d988ca2d51ce5f0cb02919eb8306
SHA256c20012fd3f83b08f5bcedf2530e803edf15fbdc1e3ec2d3c537fb4774ef21e8c
SHA512e97b20dee3a0b2ade77c2205fc6199ece2ccf9bd754352a7d3fb11e9a585fb98e6e5c98a78ec158a3fdd7edc49696bab185523d3a3e9f9665394cb6051e80259
-
Filesize
466B
MD52c4cb9b8528ee610caf77b7ce5c2fdd4
SHA1b02da5d8937840dfa75fe9b674ef11b7b82a56a9
SHA25625ca943240faa76cee893385b5c763a965e437c73d3f441ab942df220a9e39eb
SHA5128049d924143be7e3fb5f80003a77903c453a1b864ac21a4f9173bf4f0327d8d50a87ca5d90cf53254586ba4a4602ec22e9e0fa7bba092bdb250d8796bb66867e
-
Filesize
8B
MD576a66845f666c52790c3442f7e1a491a
SHA1e392a609d9dc81fab060d8aece449fe616a40053
SHA256101f682d9c519400a4d36b6a09cf0dd39a9faab6353b3ce0eb2f071860b6d05a
SHA51271a6ab36ebfb6ff89ec6fbedfd1982fe0fb7e8c76981d24467eb73a924dc96cc4a0483381beead6517f829fa8babead0176a8df229072040564e708d99b4c783
-
Filesize
68B
MD5d39305c16a773b222871032c4148600e
SHA1196b2a21dabfd3d001e2c79f3fdc7c411c4ca261
SHA25601786514a6a5bb357099b7c11c23615c0e8e6e07aced1f3764f034b6a6be8d29
SHA512bc16b755eb56da66ff8290d1498c9ebbe7a29e27c50a4326cf3cd9018d20c13bccb4d23e63429e07ac33e323ec19e11a69ad2e25c1b5a4a67341ea2019862093
-
Filesize
32B
MD5137faa0c3baa69f733eaadb966b64ade
SHA1a55982685efc19bb0afffa2eb1f3750241480eb8
SHA2569cc291dcb5847e7f0e6d4bf322164461c6607da934ce9d376c0e15f7ddd33181
SHA512b6286a581aa3d1add62836804a1fc79a2399fd6fa7144945b47f2ff8c0ebe88af3f289bee95db0cae1aa7c532b487a4bb6a9e65710c581afa2b7f13989885d78
-
Filesize
910B
MD5fa6b6eaa81a2662b8c45b126727ea832
SHA16087f9505d21819ed2f656517a0a13664aeead2b
SHA256370be262ff415bed2a40f450f69dfce660e3e635af0924dca0c1f118e489c046
SHA512f26688d6236021172c0f2d001e5636f018fef9ba7c7fadf688bd78fb1f9633c766cdf9ff2581997bc7af8a5ffd92da19cba699a46a64a555ccc0e7e57bd7b3c1
-
Filesize
116B
MD5c83239613245411ebd5416fe69629720
SHA1e0b7924b12a88958fb9e18d5d8bdf1ed9ab84337
SHA256a1defd5d6eed464399dc2a0f2c07d1f3a10e45963899ff4b824f748b690362d1
SHA512f3d264e25bbceb2c58d741bfa16c35213df9a629ac59ef9a275c2ec60320b6580c6f1468627e966e14bc27695d9e157ce264a6259a4f78995e7fbe304d5e4528
-
Filesize
174B
MD59936bebab9c4e0e2aac7dceffc42dbac
SHA1c1d2b8ceed49c904db7f174e06cc4e8ef851a87b
SHA256ee730918e759544d7d087fe0b2e0aee12145ec36ecd4f4aced4336d85503a124
SHA51216a5da57970c1d9b0e00bd8ac21ad53260b48db7b7b8bdb1953c625e8b6a9a132afa53fcb835163b73fe6a5dae40aa5ddffda9a11f42e8942c07b180363f2ff0
-
Filesize
127B
MD5252e14c85c8b8288fda93614891308eb
SHA1636d352077cab476c805fac2bc4ff58d83a14b99
SHA256cd160e25ecd10aeada7cbe1b0913b8dc8098d009e43b9a549765e0250531c81b
SHA5127c5654607006bd1300874257f9c452b7e5aeaf90e4815ccfa0f195988f7d51dfb8dce68c71d15649242f8d05f970d67101917c4ddeef12ea05d39fa8aa1f293b
-
Filesize
126B
MD52cdaffaec77db6248825896e5c424893
SHA1fc8df8ddc7811bfcf8f426dce0316c7eb6366b69
SHA2566217223a02d019b85e566e2804ae6ae4dd3643c95578279a27909c9eedbdb961
SHA512387e12cab715c8d9530b21725808c91bface84949f03d17312890464ec53ffbd79ce3a83685e0897e208a2e26e85c8296b848d91b0677df1bac446c229cfe05e
-
Filesize
103B
MD5eebb8da8e062bd685542bffe0bb94e74
SHA175faddb50b83eae36988c1e3eab075fe8d5a3415
SHA256ec58f79fffd619862667c1a7644ad34f76c4623f2b7857a5341640c893d4de18
SHA5128a23a32b28a558e9a5d3a615d4412b768af8948f132b09e97ca121471db46693a4d05ce4df64f1ad951749d65c4d19000e08f7870d99eef9b90b62d2864f1bfa
-
Filesize
125B
MD5d39c2a872b313f71c47f6bef8a44b425
SHA1fb0b1e55ba114f0ec0856cec44934c692690e487
SHA25684f5b0b1ecb3612db2d369b18c758cd0de8ad31b371943343fc5b776092fceae
SHA512b21b234843480ade18abbfc1dcae5edd536def427bfbd39d0c384e439c2b0692d1654703e32b4648ffb6f719fc1236edbc588bffd242ea7792fbb41b82d65b7a
-
Filesize
237B
MD55820be439cefffd5c43ef88e5010bff1
SHA1a11485b468e5bd93fdf0a92dca333c445f6a6622
SHA256b3ea591369dcce118c113e1a7ceecd35939635ca34a39cbdd6339fc115917da6
SHA51273d0671121fab956b0d4d1038cbcb4b5a252735602b56c9776586820d5c075fb1ab0c34c52bd234a54bac24f36c4764ce99e6c1108b5076455dcb7f7933e5da0
-
Filesize
4KB
MD5d24f1b829d1bd197e157b12d19c220e9
SHA1555274f63e5b6ddbbd548179754fd0b2cbddf888
SHA25658065811d8e881a5087af0c9a44d2baaa9628dc3cd1b1847533dad2c35a02cf8
SHA51255c5c6bc1c466eebde84b98e024d774711bc1f1e32b28842d77eaea93dc030878e74012ea48179925313490b7c77d07383213ebb63d691228d2333e4217b33fc
-
Filesize
277B
MD5ffa71ddf24610259d8aa3bfb7d8e63f7
SHA1920790a5a05331e0e0b706939a5e89c49add74ad
SHA256381eb3b431372d6d5751bf4b31c106debac7c9708f7e13718892f66fa44b5fee
SHA5129f6802f82c13109f87aeccfe59a97bcf50905e6edecef217f79cf9d7b5910dcfed83134b86d3ff4634be987994383de7bf1a14e3b74897fd15a633c5fe98934f
-
Filesize
300B
MD515d87e7d3a076809b8661affd0937d2c
SHA17f00a7e9098f1659a4f397ed5491a974ebf83682
SHA2566f67c1a824120141ae4c78c75af15dfa3e912b4a8695dd3ba2892a5cabd9202e
SHA5126f76d5323d0b9da8ae7c5c8dfe6cad91a27bd1c16ca09635497a636119835224d16b1d51b1c8397929d335266574fe1da3896330d44acf9e284befe7acba42f9
-
Filesize
312B
MD5021dc543fee532ac327dfb5fe61e54d1
SHA190933f500bb7a31def67d130a172c2cff54e149d
SHA25670c3d27415a012d0911e3a25266372d914f014999410f31f64fc0af5646e66f1
SHA512570ca9609f4aeda9c489d05d9410b1426e53fd1d6528db803810b4f85f1d5c1ed2b230cbb24cfc015e7656f9c1b88dfb8c5a66c5712a87bd03ad7f482806c8d3
-
Filesize
1KB
MD50a2b0f241ed94f1ed51c524a9c06534f
SHA1c174f717a3ee3542f40c4969d6ac9bbb85741598
SHA256ec11218d0551d178f4a7a32ef4ada28d0d7b9b985636721046a14f61800d8065
SHA51237b3e34ffc87ce2ac7862f4d65ebc2703fa61d0bc272725e3aff088904c528fd1bc14f7438bed03275b3cb9f02ae06ef71ef9ec6cc2ddce04b148e69d6ae7c60
-
Filesize
1KB
MD55f5beb31d0f91841b7ed61db9a80c5be
SHA169dc977e5c3ecaa0eabeea5560159ac53b9771a3
SHA2566311d74b4b8e1beebb916bf0aa57394d5d9f1c0f7e53fbe1135bfb5381098b6a
SHA512d5de9b6916c52e6b40c6329e63d086b15be6f2f564d035cbc02763ee4c5ae8de2031e00f96a540b86971dd76c372111290a8ef66df6d232b0525650c46c66683
-
Filesize
1KB
MD557ae85ae2e8fb837cc47e7855f232e63
SHA1ffef8753c5fb108f20c439b4358871863d859d50
SHA256e07060ee9a7158084d23223280a70b7a7394b0d84ddeec21412b78f562335b66
SHA512dd33f02ac59ee004947348346b24c5ee1f43999a9f7c6651291d1934d3103506b4894e7e1c414067afcb1fda94534c7ed39444df20a017efce824b617d98e52e
-
Filesize
3KB
MD519317e53db3ba1d069f2ad7d7230372a
SHA186bd5e0504a1d147654eaaef56af96b373e5309c
SHA256b13ba8e09bfbd4c621301ee368a3033e7d3ca6dc3199cd50128065c032e0bfc2
SHA5125602ab29c220aef9072ca948227c612a5435539522f0bc229dc38aa82b092085960c57d37b53a077ae2fe1efca59f00f40affdf41e733ad0dfafb0ca301aa5d7
-
Filesize
3KB
MD5f0b5fc47d0783adc32c685f60751f4b8
SHA1284755b6fa14265f52032b0ef111f20a1e4c20ae
SHA256c6b4b9facafdd5c2540f1504286c0a84ab83368c592b98e02e981d3edcfefc2e
SHA512b2eb51d7ea89483e1c37069a58a88151731ec04b23ad09905a88ac4653ea64f104aea0fce7ca8201e2f2631d189b3e5fdb8d6050bef6f61d801c3a2898812d4a
-
Filesize
3KB
MD5da0af5b40e40aaf311613519dd56433f
SHA1e5cbe67d65c0a08808932efef518fce886d8226d
SHA25660c6e8d135f0c01daae4c171b82b3d17422088095407edc5b02e8970e6059001
SHA5124a5089179d4c27e4a44f46fd8cb3a0cbe1e1eeb882eb96363986301faacecc6c51fa663d054349f573c6c9a650eeffb9619a811ee07fd8acb240df30656c52c1