fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
02-06-2024 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winamp_latest_full.exe
Size

12.4MB
MD5

39b72e2cbf2fb8da961538de3e892eba
SHA1

237ce8611cb8e2ede8a5d6b982597f7e93b2cd81
SHA256

fa09d24d7481dbdfc1cff6aaa92d2aec908e037a22a02346f6feeee5d6ba688e
SHA512

36e8b9d759d960390e8f1b4ac420d591204cb95a776be668db365c453cb702cadee9b34c03779044fdc04c2d2929ac542e01bba50094f8352e2724a082611b59
SSDEEP

393216:udNH1gz1+ZUUG9NWpHYV6ohIBfqHts7UU2wP3:udZk1vUG964V6ysUs7U/u3

Score

8^/10

discovery evasion

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 4 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exenetsh.exenetsh.exe

pid process

3240 netsh.exe
1908 netsh.exe
4508 netsh.exe
2120 netsh.exe
Executes dropped EXE 3 IoCs

Processes:

elevator.exewinamp.exewinamp.exe

pid process

4948 elevator.exe
2592 winamp.exe
6056 winamp.exe

pid	process
3240	netsh.exe
1908	netsh.exe
4508	netsh.exe
2120	netsh.exe

pid	process
4948	elevator.exe
2592	winamp.exe
6056	winamp.exe

Loads dropped DLL 64 IoCs

Processes:

winamp_latest_full.exerundll32.exewinamp.exe

pid	process
4964	winamp_latest_full.exe
4964	winamp_latest_full.exe
4964	winamp_latest_full.exe
4964	winamp_latest_full.exe
4964	winamp_latest_full.exe
4964	winamp_latest_full.exe
4964	winamp_latest_full.exe
4964	winamp_latest_full.exe
4964	winamp_latest_full.exe
4964	winamp_latest_full.exe
3876	rundll32.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe
2592	winamp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

winamp.exe

description ioc process

File opened (read-only) \??\D: winamp.exe

description	ioc	process
File opened (read-only)	\??\D:	winamp.exe

Drops file in Program Files directory 64 IoCs

Processes:

winamp_latest_full.exe

description	ioc	process
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rozzor & Aderrasi - Canon.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\Eo.S. - glowsticks v2 05 and proton lights (+Krash's beat code) _Phat_remix03 madhatter_v2.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\scripts\syncbutton.maki	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Aderrasi - Brakefreak-bitcore tweak.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Idiot - Star Of Annon.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\beat_l2.png	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Phat_Zylot_Eo.S. Trippy_rotation_v2_sector_mix_alt_colours.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - golden mirror.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\mig - Slyde - Tri.avs	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Hexcollie, Flexi, ORB, Eo.S. n DaNOnE - Pineal Massage [5 minute composite quickshot].milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Fireworks Sparkle.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\shifter - digi.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\S_KuPeRS - Arctic Rainbow.avs	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\UnConeD - Zero-G Maze II.avs	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Stahlregen & bdrv + fiSHbRAiN + flexi + Geiss + shifter - Starcraft (Hyperion RMX V3).milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S. + Phat - vacuum deity watching you.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\Esotic & Rozzor - Pixie Party Light ((No Wave Invasion) Mandala Chill Red Yellow Mix).milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - low res delay.sps	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\button_config_drawer.png	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar - Tripmaker.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rozzor - Learning Curve (Invert Tweak).milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\affected\martin - mucus cervix.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\lone - Gold shower 3D (justinmod).avs	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S. - dark side of the moon (plus a few more hits and a pill).milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Goody - Lights in the Sky.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Phat_Zylot_Eo.S. spiral_Movements_Beatle.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Stahlregen & Boz + Eo.S + Geiss + Phat + Rovastar + Zylot - Machine Code [Jelly].milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\historyeditbox\historyeditbox.maki	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\window\aol_radio_alb_art.jpg	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Goody - LSD Zoomtunnel.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\textures\cells.jpg	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\xml\player.xml	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Dark Omen.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Unchained - ReAwoke.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Fvese - The Tunnel (Final Stage Mix).milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin + suksma + fed + goody and others - blarfff [Zebra puke mash-up by Stahlregen].milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\data\include.fx	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - musicogenic epilepsy.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\window\scrollbars.png	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\window\menu_help.png	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\Tuggummi - Magma Flow II.avs	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar & Unchained - Unified Drag 2 (Ghostly Vision Mix).milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\el-vis - soundscape III (skupers remix).avs	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\justin - newpoop (for wa5).avs	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Acid Cycle Gas Giant.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Aderrasi - Contortion (Escher's Tunnel Mix).milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar - Harlequin's & Jester's Dual Delight (Chaotic Nightmare Mix).milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\DSP_SPS\justin - huge massive speederupper.sps	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\shufflerepeat_led.png	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\AVS\Winamp 5 Picks\Duo - Alien Heart.avs	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\browser\browser.maki	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\scripts\simplemaximize.maki	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Phat_Eo.S. Eyes_spiral_mix.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - the distant point between.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\cope - the drain to heaven.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\System\h264.w5s	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\scripts\mainmenuoverlay.maki	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S.+Phat - Flare_dig_mix.milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - smashing fractals [acid etching mix].milk	winamp_latest_full.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Temporal Rift.milk	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\components.xml	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Skins\Bento\xml\notifier-elements.xml	winamp_latest_full.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - deep blue.milk	winamp_latest_full.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies registry class 64 IoCs

Processes:

winamp.execontrol.exewinamp_latest_full.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WAV\DefaultIcon	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WAV\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.W64	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RF64\shell\ListBookmark\ = "Add to Winamp's &Bookmark list"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WOW\shell\Play\DropTarget	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.m3u8	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WEBM\ = "WebM Video"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMA\shell\open\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.paf\ = "Winamp.File.PAF"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M4V\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.HTK\shell\open	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MID\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SWF\shell\open\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\.m3u\Content Type = "audio/x-mpegurl"	winamp.exe
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OGG\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.VOC\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MID\shell\Enqueue\DropTarget\Clsid = "{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.FAR\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.J2B\shell\Enqueue\ = "&Enqueue in Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.GDM\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\.aac\ = "Winamp.File.AAC"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DMF\shell\Enqueue\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.UMX\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.C67\shell\Enqueue\command	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NST\shell\open	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PSM\ = "Epic Megagames MASI"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MO3\ = "Un4seen MO3"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PVF\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AU\shell\ListBookmark\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NST\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MDZ\shell	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MO3\shell\Play\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMV\shell\Enqueue\ = "&Enqueue in Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.STK\shell\Enqueue\ = "&Enqueue in Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MDZ\ = "Compressed ProTracker"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MDZ\DefaultIcon\ = "C:\\Program Files (x86)\\Winamp\\winamp.exe,1"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cda\ = "Winamp.File.CDA"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.FMT\ = "FM Tracker"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UNSV\ = "URL: Ultravox Protocol"	winamp_latest_full.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AAC\shell\open\command	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OGG\shell\Play	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMA\shell\open\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.STM\shell\Enqueue\ = "&Enqueue in Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.ULT\shell\Enqueue\DropTarget\Clsid = "{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PTM\shell\Play\ = "&Play in Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP1\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.DBM\shell\Play\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WOW\shell\Play\ = "&Play in Winamp"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M4A\DefaultIcon	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MAT\shell\ListBookmark\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AIFF\shell\open\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RF64\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MPEG\DefaultIcon\ = "C:\\Program Files (x86)\\Winamp\\winamp.exe,1"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MPEG\shell\open\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AIFF\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WAV\ = "Microsoft Wave Sound Format"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WAV\shell\open\	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File\shell\ListBookmark\ = "Add to Winamp's &Bookmark list"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RAW\shell\ = "Play"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MID\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MDR\DefaultIcon	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MPG\shell\Play\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMA\shell\Play	winamp.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

winamp.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	winamp.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	winamp.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	winamp.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	winamp.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

ping.exe

pid process

3024 ping.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

6000 msedge.exe
6000 msedge.exe
1208 msedge.exe
1208 msedge.exe
1492 msedge.exe
1492 msedge.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

winamp.exe

pid process

6056 winamp.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

msedge.exe

pid process

1208 msedge.exe
1208 msedge.exe
1208 msedge.exe
1208 msedge.exe
1208 msedge.exe

pid	process
3024	ping.exe

pid	process
6000	msedge.exe
6000	msedge.exe
1208	msedge.exe
1208	msedge.exe
1492	msedge.exe
1492	msedge.exe

pid	process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXEcontrol.exe

description	pid	process
Token: 33	4392	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4392	AUDIODG.EXE
Token: SeShutdownPrivilege	1436	control.exe
Token: SeCreatePagefilePrivilege	1436	control.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

winamp.exehelppane.exemsedge.exe

pid	process
6056	winamp.exe
6056	winamp.exe
6056	winamp.exe
6056	winamp.exe
6056	winamp.exe
3916	helppane.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

winamp.exemsedge.exe

pid	process
6056	winamp.exe
6056	winamp.exe
6056	winamp.exe
6056	winamp.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

winamp.exehelppane.exe

pid process

6056 winamp.exe
3916 helppane.exe
3916 helppane.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

winamp_latest_full.exewinamp.exehelppane.exemsedge.exe

description	pid	process	target process
PID 4964 wrote to memory of 4948	4964	winamp_latest_full.exe	elevator.exe
PID 4964 wrote to memory of 4948	4964	winamp_latest_full.exe	elevator.exe
PID 4964 wrote to memory of 4948	4964	winamp_latest_full.exe	elevator.exe
PID 4964 wrote to memory of 3240	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 3240	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 3240	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 1908	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 1908	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 1908	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 4508	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 4508	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 4508	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 2120	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 2120	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 2120	4964	winamp_latest_full.exe	netsh.exe
PID 4964 wrote to memory of 3024	4964	winamp_latest_full.exe	ping.exe
PID 4964 wrote to memory of 3024	4964	winamp_latest_full.exe	ping.exe
PID 4964 wrote to memory of 3024	4964	winamp_latest_full.exe	ping.exe
PID 4964 wrote to memory of 3876	4964	winamp_latest_full.exe	rundll32.exe
PID 4964 wrote to memory of 3876	4964	winamp_latest_full.exe	rundll32.exe
PID 4964 wrote to memory of 3876	4964	winamp_latest_full.exe	rundll32.exe
PID 2592 wrote to memory of 6056	2592	winamp.exe	winamp.exe
PID 2592 wrote to memory of 6056	2592	winamp.exe	winamp.exe
PID 2592 wrote to memory of 6056	2592	winamp.exe	winamp.exe
PID 3916 wrote to memory of 1208	3916	helppane.exe	msedge.exe
PID 3916 wrote to memory of 1208	3916	helppane.exe	msedge.exe
PID 1208 wrote to memory of 3076	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 3076	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe
PID 1208 wrote to memory of 5980	1208	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\winamp_latest_full.exe
"C:\Users\Admin\AppData\Local\Temp\winamp_latest_full.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4964

C:\Program Files (x86)\Winamp\elevator.exe
"C:\Program Files (x86)\Winamp\elevator.exe" /RegServer
2⤵
- Executes dropped EXE
PID:4948

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes
2⤵
- Modifies Windows Firewall
PID:3240

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCP
2⤵
- Modifies Windows Firewall
PID:1908

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yes
2⤵
- Modifies Windows Firewall
PID:4508

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDP
2⤵
- Modifies Windows Firewall
PID:2120

C:\Windows\SysWOW64\ping.exe
ping -n 1 -w 400 www.google.com
2⤵
- Runs ping.exe
PID:3024

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\SHELLD~1.DLL,RunDll_ShellExecute "open" "C:\Program Files (x86)\Winamp\winamp.exe" "/NEW /REG=S" "C:\Program Files (x86)\Winamp" 1
2⤵
- Loads dropped DLL
PID:3876

C:\Program Files (x86)\Winamp\winamp.exe
"C:\Program Files (x86)\Winamp\winamp.exe" /NEW /REG=S
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2592

C:\Program Files (x86)\Winamp\winamp.exe
"C:\Program Files (x86)\Winamp\winamp.exe" /NEW C:\Users\Admin\AppData\Roaming\Winamp\winamp.m3u8
2⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4392

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1436

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3500

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1536

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528882
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8767c3cb8,0x7ff8767c3cc8,0x7ff8767c3cd8
3⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
3⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
3⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
3⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
3⤵
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
3⤵
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
3⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3420 /prefetch:8
3⤵
PID:1412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5284 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3054529775780716989,8566047604310829049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
3⤵
PID:3264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Winamp\Components\ssdp.w6c

Filesize
31KB

MD5
80e53207d1f5f684b098bf70b66c34b1

SHA1
848367ff79a68319c9211abfae289a3802a809f6

SHA256
dd55372e906699c3e35f02313736f74a13d1e526d0b9620cadb70d57e530af63

SHA512
cd7e0b59a2eb0ccf164e958e758d53646dd6a229a67cb37e2d524fb36d19116117b7390a368bc47043faf407d788e839aee20f501b7c90d367515acdf65690ac

Download Submit
C:\Program Files (x86)\Winamp\Elevator.exe

Filesize
97KB

MD5
59803a5bb88b88a6d83342eeb3816ad9

SHA1
cafa43cacd584deb0d54ac31ae9030f90455c6b7

SHA256
a8e9655510906994fdef3993bebabf0a5e0b6604f02c0ccc28fd31be3aa684bf

SHA512
85038570bb2fb39e7ee8994ccb3f8f9203c0d8360fea889d238c13b3b49a7ab85488edd01d3ec7e37288ffbd0db7e84cfe0353e199289a854311d27990cb9eea

Download Submit
C:\Program Files (x86)\Winamp\Plugins\gen_crasher.dll

Filesize
57KB

MD5
e52a7ef27aa85d2d763a47a0e3d0ec49

SHA1
918c0487e0798e9f16a2c8cab659b113eca57f65

SHA256
7c2d2c9db724b7ac4fa17b871c741182be0dab51f89b75a8d114d9d6d95b09fc

SHA512
7fd1bb7e2edb029b2853d64e5443213d0d8abb1aa97bf5c92ebde1ee3a42248867b998a89da657cd140fa68e98a1b961647362b049bac494f0a4032fe9024cc8

Download Submit
C:\Program Files (x86)\Winamp\Shared\ElevatorPS.dll

Filesize
23KB

MD5
7606a37c850c2ce121e74f09a131b9dc

SHA1
0c30b33ec6af5f9a0c32bb09d21d9739614ca863

SHA256
f3726029b19b5eb9e4a6ff2128bcdb945bfcc81c783cbfb6a087a973d9e002bb

SHA512
ed984e39cffac82d9f919ebd5d0dc05fcd3c487244d6a54964892d1be9670e5d5531ab6c0cab74ccf8bb0a9b59e8775f0aaedacc877d24cb70e51e33def30ae7

Download Submit
C:\Program Files (x86)\Winamp\Shared\jnetlib.dll

Filesize
2.4MB

MD5
0e1d9c1b1d067ca068a120258d56f10b

SHA1
3f2f1354261a9de037bd83021a6fe2be024f371c

SHA256
df0e962303ee3a276e342d2a8c022fa756db6b6c93f680171b165c22feb70521

SHA512
66be377de7eeeb09dd4197882aced2486d411082b428f91a074322bcaff61d10223e4d842367f9c42679c74e3601657e3d95b73d610d868c22b9272067e66c2b

Download Submit
C:\Program Files (x86)\Winamp\Shared\libmp4v2.dll

Filesize
196KB

MD5
94ac898b7a10067e78d714849b5742a5

SHA1
9f6a171c27f1bf34f6d005879891ebf67e6cb283

SHA256
0dd4c133afdfe6f2e6d5e00ef7fd5494da1eb7cf7e2c5d9832803e90af9d75e8

SHA512
87cc90a0144e534a601467c02865573fd537ecc05c9154a38eaf00d2b2e5ae605a420c08b41df8c8638041e2c364aeb7d566f3074717388d51d361e95911fb77

Download Submit
C:\Program Files (x86)\Winamp\Shared\nde.dll

Filesize
85KB

MD5
7ef49a648488189e84785031e5233980

SHA1
fcdb8d02a04a664afbc901aef516d4bde9cc48f3

SHA256
1f856e87de95f73f6e7848473c62cb9868ec70a0d01686f56a9bbedceb89170f

SHA512
98c379ec0e538e7d92c93d374b4b3f7da8c282a4b4865c82b1626abccadfb5d13b458d15af6260ec8d644e9d2a8ab596f270f274bfe61e289bd5a9e37e424b02

Download Submit
C:\Program Files (x86)\Winamp\Shared\nsutil.dll

Filesize
420KB

MD5
0e87445c382776b590b6898ec3e4e0f4

SHA1
5770be505b48c73bd5fabd108c21c6728efb570e

SHA256
cd614597bd78bcfdb3d9d5dd1f7462a85d5a1f4b01ac479666d9b1516bccf137

SHA512
c9da42f43c922406f06b90763ad6302053e9a4d8eb00fb1c74f652aacc5a43eb9b1c713c8130b6c009222db4fce3ba662408749928316f1fe65dea847cff092f

Download Submit
C:\Program Files (x86)\Winamp\Shared\nxlite.dll

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files (x86)\Winamp\Shared\nxlite.dll

Filesize
78KB

MD5
0eb8f691e53a5ecf93b14d8d6c72e6ce

SHA1
2b40b27c1668791a146978e861005bc9095a66a1

SHA256
7cd7679b154f7d40f22d37b02e8aed2a694a2c23c997ba1cd1e4ead21164939e

SHA512
9efc89c2512e4bac51142ad3e34e10755ded7b055d93eb44a44abb7f4ef0822e4eab039237d7238cce007f56a447e1986de13febb0623839b7c065a4b1377367

Download Submit
C:\Program Files (x86)\Winamp\System\aacdec.w5s

Filesize
37KB

MD5
3f22364b04bdd95b5bb6193c993049ca

SHA1
fdf195aeb9c9b624f766cb9a11bc0d8e1f20d5d9

SHA256
772373cbb9e6da051368248bb8a73e11ae7aa232860861933b92e97d15c305ec

SHA512
04aceef8ad8fc0823183e9e187ab65f69c7a435bb6d69542cbb7e1208ec11ff8f1fff09ddd6e3f0d0a9246c8b42faba4b2f009bc4368742ef0b8b042bd6c1382

Download Submit
C:\Program Files (x86)\Winamp\System\adpcm.w5s

Filesize
30KB

MD5
63fbcc000aa4d0d75c569e4279eb29bf

SHA1
4e5909b204e7b383981104bd2b2b4a68f392374c

SHA256
d454db3897b4b7e85110875999a6c4594e875b3b86644e71661884296cdc5217

SHA512
286a6c2a1566734ac9438656053b85bbfd1c4a842ff3fc70e58e2fe2a661de96c3ecdfc09908756125a24016c255ec97e821cfb77c029bb9379fc217d21c02c7

Download Submit
C:\Program Files (x86)\Winamp\System\alac.w5s

Filesize
36KB

MD5
9cd27176dfd77f682b074bf9dac1736a

SHA1
e82e2910c2b3451637a03d21ecb61f6f1de49559

SHA256
8df472ca07447a30326107dc21f5fd5448a62a71d5c53a6fc87cecf77fcc4e44

SHA512
c142e23739cc8797634072cd0912080a22c83ca0feddf7514ab2e031008c411de118ca8e1127601031b5ab8c5eb215f5a8fb5523a92498c727ed122601519372

Download Submit
C:\Program Files (x86)\Winamp\System\albumart.w5s

Filesize
38KB

MD5
d7af4c04092842e5b4994ebed8bd05ca

SHA1
391add7a9bb2fe52da52e436b8f9c3c4546ab9d3

SHA256
c68698231754f25e069ca761d497b3c683f8166a81da076d33fc6d7489ac3769

SHA512
d02ca853abf9006c5760fc9e447633201c1d3e00b997aa75eaece259b42ff2dfa3cd4e63a87e4ecce97ccf45e2d2c0dff90d3f310d4e53de9d4d1cf32fa8b4ff

Download Submit
C:\Program Files (x86)\Winamp\System\bmp.w5s

Filesize
56KB

MD5
076b8084cb144b8e395dea3d3191a414

SHA1
72015b308c80a5955e68d256748af263c5edeecd

SHA256
91a1c75cd2a4cdc4a19f15e8061084ddbd9cf0fb2b03cad6d85b568254f58585

SHA512
7b960d176780e558e152c33a0897dd4f3aa5e3fe8fbfcc64eaf73785f53edcb96ff2143b2ca58499c98ac20f6c4484e6110b1880f2cf84cc5902a4607d505eea

Download Submit
C:\Program Files (x86)\Winamp\System\devices.w5s

Filesize
51KB

MD5
86f1ec62db6e736f27d9a2732115f81e

SHA1
79a3e2f46db95b55e2c7afa5411dbdb9ba92285a

SHA256
a3df6c40e8cf6f2765cd1bc446bb16aae858407656c7239b920d0dedd135d049

SHA512
5f00a464e77da7dc731e41ab29215251355a71552de99c88e8e4b294890f2837f9008ee14be3fb1c2eade3ff3917172a8ced997852813c4c834ffb8fa758daf1

Download Submit
C:\Program Files (x86)\Winamp\System\f263.w5s

Filesize
45KB

MD5
56f562aa73a4c3bfc542c43f27e62275

SHA1
d5f4f448d58789b7140e06d7d401073931db9612

SHA256
1b18b6a3c03eb26eb89a2c5f0e552090a7073fe6db553622005081cc12b20bdc

SHA512
13da391b91d52197fd68c8a9f86db4a0ba0a60d3da7a95f7de0366d7e9309492c0a676482075aa561cde1baebfba1d8e32f390cfdbc9a456d55983207f10739d

Download Submit
C:\Program Files (x86)\Winamp\System\filereader.w5s

Filesize
30KB

MD5
05fe16de167a516089ef3e96ad03f77d

SHA1
c64357d9bfc7398110024cb13860d23d136b3a03

SHA256
47ae2faa3fd9a92df816e43fe36dee412a1a95adc9c547f2bf4b54a3d1fb024c

SHA512
ad038ec5006bd3b8abf6a81ec851096fcc6a480fdbbff6c1f5271b8dc734c047b746521ee2ddf66ae4f914c943ab1db225b05b84481917f5f5b5f8808614f491

Download Submit
C:\Program Files (x86)\Winamp\System\gif.w5s

Filesize
35KB

MD5
7f85166b45e3835e9fe933408795b1dd

SHA1
65c400fb3528c64f2e85d651f7dcad3acda0e95a

SHA256
43f9cb8257a7f482f9039e8c4b86b15b5d5d03061e647ce75e2a95cd7386aede

SHA512
d5009021d2a208eb51754a1ca77cb591b9618a7cd577bde5551d2a3133ad3a4271cf46cb8362109652c9ae10d3f2abcbc2029d9e9c35c0caff151095778dbcd3

Download Submit
C:\Program Files (x86)\Winamp\System\h264.w5s

Filesize
45KB

MD5
66f906268252787285b860f8dc0cd68b

SHA1
adbb65e3e28438896cb97fa1aa7a48e41eba44b4

SHA256
2141213600d7d2c9a12d98a324c8381ab7be8792ba57b7b6e68770adb1f40813

SHA512
0be66230cdb767d9c0b2e91503160a3be43b036e653da68ca748d103346cd121ca29890dd9fa986cdb61ffd7815633ec85a6dd4a322c31f9783ef0ab34f64f0f

Download Submit
C:\Program Files (x86)\Winamp\System\wasabi2.w5s

Filesize
51KB

MD5
e64e27195d6c298276d518c3bdbfdc9e

SHA1
ecb372039808d0d4aad7a5594e71ccc36291f124

SHA256
2fcefbca651857ec1eddbc3e582bc5aec40277dd4c00118290ac934a4a6eb09c

SHA512
9139052d756c1553196c3d00fb534fd33fcdddde3e4e6292af9a6acc9eb2dc6fb48b47db2e3f25a59852ce68d1dbda05ffcabed777471ba9c2de8964156e8346

Download Submit
C:\Program Files (x86)\Winamp\paths.ini

Filesize
30B

MD5
8ad85a252352aa655f18d1b9300667b1

SHA1
5d2939f3b6c29739303f2caa4560d1f5376309c6

SHA256
fb7293e289aa918d2cbc3c362cea48dd061b0e12616924460466f26df28ff05c

SHA512
aa3c14551846a2a89b7c4ecbb9ac63e3c83501de5e088634c77e92ffd068a0aa547ad5c0d06890b553469013ff0de0dfe2058de86677966ace9c4d0b8c7b5525

Download Submit
C:\Program Files (x86)\Winamp\winamp.exe

Filesize
2.3MB

MD5
ebebc6e8f41e6c04dd661a14761d75d9

SHA1
9762e726a682f54bd9606bf08867a6206a1a39f7

SHA256
addf561fcdc496c1318ddc3586352aa7f6c1feb684a9e8ffa285409beac5b446

SHA512
9493e6576fe94e4ee8aacbf10389acc21a0298eea07217c53fbfe6b87ba2dd010c9f0081c5574ac3e896720e7e9b4683adb2dcaba4231c6a9fbb738181081c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf78db836c96a415420fd4fb869296b2

SHA1
ac874a1ae2d6db5744cd049f6679f58d8db89904

SHA256
813cd1d3be88ead7ad2ed6a829d49f6904c96675afe32fbe582eb82a0084f956

SHA512
3f032d29cc35745ca89e7546820c12fa16c42f9b4447b9b72594fd331467a2e14e3f726ace2c1987447f95acf589e2856db9b1970155cfb1b8358c7b1bcc64f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\Dialer.dll

Filesize
3KB

MD5
adea8024c99d7802fa3c9e5d34877aad

SHA1
4e015a5be3e668aa3e9758370413f2bb8ec5ad1a

SHA256
242b6aeb759e31b64e014e3df6b5c478fb309d56b4df8cdb59b2cd03bfa77db2

SHA512
717a9f08842e96e9395fe8fff19138d7e599e3dd4f44b7b55d9be86211f20cd89a1d315df1f241afc52456da738623401ee721b17e9fd5949fe1decfc1b2819d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\LangDLL.dll

Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\SHELLD~1.DLL

Filesize
4KB

MD5
9c266c2dc7eca5bcab2d8df4990e0c1f

SHA1
662da3d9ca18aacdbaef884065fbfffdfacfabfa

SHA256
ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd

SHA512
e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\execDos.dll

Filesize
5KB

MD5
0deb397ca1e716bb7b15e1754e52b2ac

SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\install.ini

Filesize
1KB

MD5
61a5ccb617f6584ca056e4448794dd68

SHA1
202986111bbb3c7e5e610e826f3e109bd28bec38

SHA256
4604ba98f35edbe82697103abc7ef76e91be57fa57c396337c073f710e51adde

SHA512
7b061b530da1c34a9ce334883308451f97871da3dca3ff27cdb4797749b41103dbcbec44ba91381b268c74ee644de99705fe2cbc750e958f4d675172312783c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\install.ini

Filesize
26B

MD5
385081d5feee87a4ed1a6e5dcee85f36

SHA1
8517162855b477e5498e95ff2e82584ef06d5c6d

SHA256
bdc6fb93206c1e7a590f2d4e97d0dab7d3badaf8b4e1a7b8487e9cf59f05eddc

SHA512
52bcb1cdae8abbe4b14ff85b57e03426d61e5cb25b1535a827af526ec66c00ae0a327b187cd10279cf18c379c912d3e478ef9966bb497a8b626824fe32d1093f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\modern-wizard.bmp

Filesize
150KB

MD5
2d63e33fa1cf672338a22c88fa45e6a0

SHA1
86c510009d6c71d05eb2707fe6a10039df525192

SHA256
7ae875cfcb6e3b1f4a06460fbda99d8014dc4674ee256b0b79ec656777c7e292

SHA512
d42a7401c1d0d77d517d2f8086286bd6cf487cf5400cd8b8d720bcaf15149727751677f444fd9a8e340072deabad51347956894c1c034dd81df793b3b8087252

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\nsis_winamp.dll

Filesize
4KB

MD5
1e1ded1cf1c69852f2074693459fb3b5

SHA1
81b165cae4d38a98760131989fdd8aed2c918679

SHA256
5946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec

SHA512
a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss6728.tmp\nsisdl.dll

Filesize
15KB

MD5
ee68463fed225c5c98d800bdbd205598

SHA1
306364af624de3028e2078c4d8c234fa497bd723

SHA256
419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04

SHA512
b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\feedback.ini

Filesize
884B

MD5
34596887db65b4d559bd92adbbd58eb3

SHA1
a610a496b41bc38bdb43e04b64c1e8ee2703fb8d

SHA256
b481b979a63b97651e2231b684e8d98f7c8a8e77163beeea49710a90da03c566

SHA512
115cee2deece2c0a5e83a68e14252272c9bdc2b8102fa33d21d56dd3db0bdf764b093fd4faca1afafcc3c92f8df065bd782c4d7b97c43a92b43b3761be3aa6dd

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
85B

MD5
661f2206ac253963428371f575ce29e2

SHA1
a3ae20abb92b0a39f5be0e48387ff36c878d8999

SHA256
5eddd08dbbbb3f45bdbd18c5cb621e1d8b4f88961a51b25fb61c972887a20bae

SHA512
49a4ab478e326a5b820399c64169cf1a28bc1c7f00cc3a3c5b34b3e5f0553527087c4bd43eb2b4244202186f47e5ea969bf962290ce338f0e28b974d2af6d767

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
d846f709a205bdb235e144f961ae5299

SHA1
05b169eeb4318d06e91b31fc0f3b0d8f505fa782

SHA256
f1bc01512ae6a9200c0e860448ade89d2bd0e2e589a60c29dd20af699cce16cb

SHA512
4eddb8461d9b666c32de592bbb07c9ea23670740e7744f1817f26f705bdb2a237d172fdfc63a2caa9e81bdee664b246213e57d95b64edf4f515001d5202bce8a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
e66b2995ad3850395763bed538f1c28d

SHA1
fc525c8062cab17ad4ef9bd0995f779c15aae432

SHA256
7bf44fb6be61cc6879fb790b980a9a5fc9ec9cb6d5055f2501f91e6af4b8d8c2

SHA512
9ee5c08f64ee815b43ae8d26d7eceea4e5d6ef59ff9ae3a05944443b8d0a410bdb30dc6fa0a74045222870c71e3312bced3487c3cd6e023fb57830a640ac633d

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
9b9782842ac80affd39fc1bc48d3a6b8

SHA1
1b6f44ca49376827f905b7f4b9664862c6479a0e

SHA256
c3990bc1aa3314b93cd9ebebd2332c7dca486a87b35e0fd1d2089ffe38643db7

SHA512
fc768dbef466ad6654c8475f1fc1580390d7c7dccbe841abfdb32727ddc34f920fb314e270207430ac661fef05e47c13dfe9b706b64ec7458e1e5808ff485385

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\ml_online.ini

Filesize
55B

MD5
bbcf35393be345b9cdeab142e9060a71

SHA1
05daaa9680f1d988ca2d51ce5f0cb02919eb8306

SHA256
c20012fd3f83b08f5bcedf2530e803edf15fbdc1e3ec2d3c537fb4774ef21e8c

SHA512
e97b20dee3a0b2ade77c2205fc6199ece2ccf9bd754352a7d3fb11e9a585fb98e6e5c98a78ec158a3fdd7edc49696bab185523d3a3e9f9665394cb6051e80259

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat.n3w000017A8

Filesize
466B

MD5
2c4cb9b8528ee610caf77b7ce5c2fdd4

SHA1
b02da5d8937840dfa75fe9b674ef11b7b82a56a9

SHA256
25ca943240faa76cee893385b5c763a965e437c73d3f441ab942df220a9e39eb

SHA512
8049d924143be7e3fb5f80003a77903c453a1b864ac21a4f9173bf4f0327d8d50a87ca5d90cf53254586ba4a4602ec22e9e0fa7bba092bdb250d8796bb66867e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat.o1d000017A8

Filesize
8B

MD5
76a66845f666c52790c3442f7e1a491a

SHA1
e392a609d9dc81fab060d8aece449fe616a40053

SHA256
101f682d9c519400a4d36b6a09cf0dd39a9faab6353b3ce0eb2f071860b6d05a

SHA512
71a6ab36ebfb6ff89ec6fbedfd1982fe0fb7e8c76981d24467eb73a924dc96cc4a0483381beead6517f829fa8babead0176a8df229072040564e708d99b4c783

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx

Filesize
68B

MD5
d39305c16a773b222871032c4148600e

SHA1
196b2a21dabfd3d001e2c79f3fdc7c411c4ca261

SHA256
01786514a6a5bb357099b7c11c23615c0e8e6e07aced1f3764f034b6a6be8d29

SHA512
bc16b755eb56da66ff8290d1498c9ebbe7a29e27c50a4326cf3cd9018d20c13bccb4d23e63429e07ac33e323ec19e11a69ad2e25c1b5a4a67341ea2019862093

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx.o1d000017A8

Filesize
32B

MD5
137faa0c3baa69f733eaadb966b64ade

SHA1
a55982685efc19bb0afffa2eb1f3750241480eb8

SHA256
9cc291dcb5847e7f0e6d4bf322164461c6607da934ce9d376c0e15f7ddd33181

SHA512
b6286a581aa3d1add62836804a1fc79a2399fd6fa7144945b47f2ff8c0ebe88af3f289bee95db0cae1aa7c532b487a4bb6a9e65710c581afa2b7f13989885d78

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met8373.vmd

Filesize
910B

MD5
fa6b6eaa81a2662b8c45b126727ea832

SHA1
6087f9505d21819ed2f656517a0a13664aeead2b

SHA256
370be262ff415bed2a40f450f69dfce660e3e635af0924dca0c1f118e489c046

SHA512
f26688d6236021172c0f2d001e5636f018fef9ba7c7fadf688bd78fb1f9633c766cdf9ff2581997bc7af8a5ffd92da19cba699a46a64a555ccc0e7e57bd7b3c1

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met8383.vmd

Filesize
116B

MD5
c83239613245411ebd5416fe69629720

SHA1
e0b7924b12a88958fb9e18d5d8bdf1ed9ab84337

SHA256
a1defd5d6eed464399dc2a0f2c07d1f3a10e45963899ff4b824f748b690362d1

SHA512
f3d264e25bbceb2c58d741bfa16c35213df9a629ac59ef9a275c2ec60320b6580c6f1468627e966e14bc27695d9e157ce264a6259a4f78995e7fbe304d5e4528

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met9345.vmd

Filesize
174B

MD5
9936bebab9c4e0e2aac7dceffc42dbac

SHA1
c1d2b8ceed49c904db7f174e06cc4e8ef851a87b

SHA256
ee730918e759544d7d087fe0b2e0aee12145ec36ecd4f4aced4336d85503a124

SHA512
16a5da57970c1d9b0e00bd8ac21ad53260b48db7b7b8bdb1953c625e8b6a9a132afa53fcb835163b73fe6a5dae40aa5ddffda9a11f42e8942c07b180363f2ff0

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met9355.vmd

Filesize
127B

MD5
252e14c85c8b8288fda93614891308eb

SHA1
636d352077cab476c805fac2bc4ff58d83a14b99

SHA256
cd160e25ecd10aeada7cbe1b0913b8dc8098d009e43b9a549765e0250531c81b

SHA512
7c5654607006bd1300874257f9c452b7e5aeaf90e4815ccfa0f195988f7d51dfb8dce68c71d15649242f8d05f970d67101917c4ddeef12ea05d39fa8aa1f293b

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metA317.vmd

Filesize
126B

MD5
2cdaffaec77db6248825896e5c424893

SHA1
fc8df8ddc7811bfcf8f426dce0316c7eb6366b69

SHA256
6217223a02d019b85e566e2804ae6ae4dd3643c95578279a27909c9eedbdb961

SHA512
387e12cab715c8d9530b21725808c91bface84949f03d17312890464ec53ffbd79ce3a83685e0897e208a2e26e85c8296b848d91b0677df1bac446c229cfe05e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metA327.vmd

Filesize
103B

MD5
eebb8da8e062bd685542bffe0bb94e74

SHA1
75faddb50b83eae36988c1e3eab075fe8d5a3415

SHA256
ec58f79fffd619862667c1a7644ad34f76c4623f2b7857a5341640c893d4de18

SHA512
8a23a32b28a558e9a5d3a615d4412b768af8948f132b09e97ca121471db46693a4d05ce4df64f1ad951749d65c4d19000e08f7870d99eef9b90b62d2864f1bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metB2F9.vmd

Filesize
125B

MD5
d39c2a872b313f71c47f6bef8a44b425

SHA1
fb0b1e55ba114f0ec0856cec44934c692690e487

SHA256
84f5b0b1ecb3612db2d369b18c758cd0de8ad31b371943343fc5b776092fceae

SHA512
b21b234843480ade18abbfc1dcae5edd536def427bfbd39d0c384e439c2b0692d1654703e32b4648ffb6f719fc1236edbc588bffd242ea7792fbb41b82d65b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Winamp.ini

Filesize
237B

MD5
5820be439cefffd5c43ef88e5010bff1

SHA1
a11485b468e5bd93fdf0a92dca333c445f6a6622

SHA256
b3ea591369dcce118c113e1a7ceecd35939635ca34a39cbdd6339fc115917da6

SHA512
73d0671121fab956b0d4d1038cbcb4b5a252735602b56c9776586820d5c075fb1ab0c34c52bd234a54bac24f36c4764ce99e6c1108b5076455dcb7f7933e5da0

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Winamp.q1

Filesize
4KB

MD5
d24f1b829d1bd197e157b12d19c220e9

SHA1
555274f63e5b6ddbbd548179754fd0b2cbddf888

SHA256
58065811d8e881a5087af0c9a44d2baaa9628dc3cd1b1847533dad2c35a02cf8

SHA512
55c5c6bc1c466eebde84b98e024d774711bc1f1e32b28842d77eaea93dc030878e74012ea48179925313490b7c77d07383213ebb63d691228d2333e4217b33fc

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
277B

MD5
ffa71ddf24610259d8aa3bfb7d8e63f7

SHA1
920790a5a05331e0e0b706939a5e89c49add74ad

SHA256
381eb3b431372d6d5751bf4b31c106debac7c9708f7e13718892f66fa44b5fee

SHA512
9f6802f82c13109f87aeccfe59a97bcf50905e6edecef217f79cf9d7b5910dcfed83134b86d3ff4634be987994383de7bf1a14e3b74897fd15a633c5fe98934f

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
300B

MD5
15d87e7d3a076809b8661affd0937d2c

SHA1
7f00a7e9098f1659a4f397ed5491a974ebf83682

SHA256
6f67c1a824120141ae4c78c75af15dfa3e912b4a8695dd3ba2892a5cabd9202e

SHA512
6f76d5323d0b9da8ae7c5c8dfe6cad91a27bd1c16ca09635497a636119835224d16b1d51b1c8397929d335266574fe1da3896330d44acf9e284befe7acba42f9

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
312B

MD5
021dc543fee532ac327dfb5fe61e54d1

SHA1
90933f500bb7a31def67d130a172c2cff54e149d

SHA256
70c3d27415a012d0911e3a25266372d914f014999410f31f64fc0af5646e66f1

SHA512
570ca9609f4aeda9c489d05d9410b1426e53fd1d6528db803810b4f85f1d5c1ed2b230cbb24cfc015e7656f9c1b88dfb8c5a66c5712a87bd03ad7f482806c8d3

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
0a2b0f241ed94f1ed51c524a9c06534f

SHA1
c174f717a3ee3542f40c4969d6ac9bbb85741598

SHA256
ec11218d0551d178f4a7a32ef4ada28d0d7b9b985636721046a14f61800d8065

SHA512
37b3e34ffc87ce2ac7862f4d65ebc2703fa61d0bc272725e3aff088904c528fd1bc14f7438bed03275b3cb9f02ae06ef71ef9ec6cc2ddce04b148e69d6ae7c60

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
5f5beb31d0f91841b7ed61db9a80c5be

SHA1
69dc977e5c3ecaa0eabeea5560159ac53b9771a3

SHA256
6311d74b4b8e1beebb916bf0aa57394d5d9f1c0f7e53fbe1135bfb5381098b6a

SHA512
d5de9b6916c52e6b40c6329e63d086b15be6f2f564d035cbc02763ee4c5ae8de2031e00f96a540b86971dd76c372111290a8ef66df6d232b0525650c46c66683

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
57ae85ae2e8fb837cc47e7855f232e63

SHA1
ffef8753c5fb108f20c439b4358871863d859d50

SHA256
e07060ee9a7158084d23223280a70b7a7394b0d84ddeec21412b78f562335b66

SHA512
dd33f02ac59ee004947348346b24c5ee1f43999a9f7c6651291d1934d3103506b4894e7e1c414067afcb1fda94534c7ed39444df20a017efce824b617d98e52e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
3KB

MD5
19317e53db3ba1d069f2ad7d7230372a

SHA1
86bd5e0504a1d147654eaaef56af96b373e5309c

SHA256
b13ba8e09bfbd4c621301ee368a3033e7d3ca6dc3199cd50128065c032e0bfc2

SHA512
5602ab29c220aef9072ca948227c612a5435539522f0bc229dc38aa82b092085960c57d37b53a077ae2fe1efca59f00f40affdf41e733ad0dfafb0ca301aa5d7

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
3KB

MD5
f0b5fc47d0783adc32c685f60751f4b8

SHA1
284755b6fa14265f52032b0ef111f20a1e4c20ae

SHA256
c6b4b9facafdd5c2540f1504286c0a84ab83368c592b98e02e981d3edcfefc2e

SHA512
b2eb51d7ea89483e1c37069a58a88151731ec04b23ad09905a88ac4653ea64f104aea0fce7ca8201e2f2631d189b3e5fdb8d6050bef6f61d801c3a2898812d4a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
3KB

MD5
da0af5b40e40aaf311613519dd56433f

SHA1
e5cbe67d65c0a08808932efef518fce886d8226d

SHA256
60c6e8d135f0c01daae4c171b82b3d17422088095407edc5b02e8970e6059001

SHA512
4a5089179d4c27e4a44f46fd8cb3a0cbe1e1eeb882eb96363986301faacecc6c51fa663d054349f573c6c9a650eeffb9619a811ee07fd8acb240df30656c52c1

Download Submit
memory/2592-2329-0x0000000005220000-0x0000000005240000-memory.dmp

Filesize
128KB

Download
memory/2592-2714-0x0000000005680000-0x00000000056CE000-memory.dmp

Filesize
312KB

Download
memory/2592-2712-0x0000000005680000-0x00000000056AA000-memory.dmp

Filesize
168KB

Download
memory/2592-2710-0x0000000005680000-0x000000000570A000-memory.dmp

Filesize
552KB

Download
memory/2592-2709-0x0000000005680000-0x0000000005694000-memory.dmp

Filesize
80KB

Download
memory/2592-2708-0x0000000005680000-0x0000000005693000-memory.dmp

Filesize
76KB

Download
memory/2592-2694-0x0000000005680000-0x00000000056C1000-memory.dmp

Filesize
260KB

Download
memory/2592-2677-0x00000000055B0000-0x00000000055BD000-memory.dmp

Filesize
52KB

Download
memory/2592-2675-0x00000000055C0000-0x00000000055EB000-memory.dmp

Filesize
172KB

Download
memory/2592-2716-0x0000000005680000-0x00000000056D2000-memory.dmp

Filesize
328KB

Download
memory/2592-2362-0x00000000054C0000-0x00000000054EF000-memory.dmp

Filesize
188KB

Download
memory/2592-2359-0x0000000005280000-0x00000000054A1000-memory.dmp

Filesize
2.1MB

Download
memory/2592-2707-0x0000000005680000-0x00000000056AF000-memory.dmp

Filesize
188KB

Download
memory/2592-2681-0x0000000005680000-0x000000000568D000-memory.dmp

Filesize
52KB

Download
memory/2592-2332-0x0000000005250000-0x0000000005270000-memory.dmp

Filesize
128KB

Download
memory/2592-2420-0x0000000005530000-0x0000000005545000-memory.dmp

Filesize
84KB

Download
memory/2592-2299-0x00000000050B0000-0x00000000050BF000-memory.dmp

Filesize
60KB

Download
memory/2592-2295-0x0000000005060000-0x0000000005082000-memory.dmp

Filesize
136KB

Download
memory/2592-2718-0x0000000005680000-0x000000000568C000-memory.dmp

Filesize
48KB

Download
memory/2592-2719-0x0000000005680000-0x000000000568D000-memory.dmp

Filesize
52KB

Download
memory/2592-2720-0x0000000005680000-0x00000000056A8000-memory.dmp

Filesize
160KB

Download
memory/2592-2678-0x0000000005600000-0x000000000567F000-memory.dmp

Filesize
508KB

Download
memory/2592-2325-0x00000000051E0000-0x0000000005204000-memory.dmp

Filesize
144KB

Download
memory/2592-2293-0x0000000005020000-0x0000000005046000-memory.dmp

Filesize
152KB

Download
memory/2592-2301-0x00000000050D0000-0x00000000050EA000-memory.dmp

Filesize
104KB

Download
memory/2592-2314-0x0000000005120000-0x0000000005168000-memory.dmp

Filesize
288KB

Download
memory/2592-2318-0x0000000005180000-0x0000000005192000-memory.dmp

Filesize
72KB

Download
memory/2592-2320-0x00000000051B0000-0x00000000051CF000-memory.dmp

Filesize
124KB

Download
memory/2592-2259-0x0000000004E90000-0x0000000004EB5000-memory.dmp

Filesize
148KB

Download
memory/2592-2199-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/2592-2201-0x0000000004DD0000-0x0000000004DFF000-memory.dmp

Filesize
188KB

Download
memory/2592-2203-0x0000000004E10000-0x0000000004E3C000-memory.dmp

Filesize
176KB

Download
memory/2592-2200-0x0000000004DB0000-0x0000000004DBF000-memory.dmp

Filesize
60KB

Download
memory/2592-2169-0x0000000004B20000-0x0000000004B2B000-memory.dmp

Filesize
44KB

Download
memory/2592-2173-0x0000000004B40000-0x0000000004B4F000-memory.dmp

Filesize
60KB

Download
memory/2592-2178-0x0000000004B60000-0x0000000004B6D000-memory.dmp

Filesize
52KB

Download
memory/2592-2182-0x0000000004B80000-0x0000000004B8E000-memory.dmp

Filesize
56KB

Download
memory/2592-2190-0x0000000004BE0000-0x0000000004C1F000-memory.dmp

Filesize
252KB

Download
memory/2592-2191-0x0000000004C50000-0x0000000004CA6000-memory.dmp

Filesize
344KB

Download
memory/2592-2193-0x0000000004CE0000-0x0000000004D01000-memory.dmp

Filesize
132KB

Download
memory/2592-2196-0x0000000004D20000-0x0000000004D4A000-memory.dmp

Filesize
168KB

Download
memory/2592-2159-0x0000000004AA0000-0x0000000004AD2000-memory.dmp

Filesize
200KB

Download
memory/2592-2144-0x0000000003560000-0x00000000035CA000-memory.dmp

Filesize
424KB

Download
memory/2592-2115-0x0000000000C60000-0x0000000000C77000-memory.dmp

Filesize
92KB

Download