4899de29c229ae1d5772c8bb53c025dac760dfe0a38476adf709d98b6e40dab1

Analysis

max time kernel
74s
max time network
115s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

App_02029.exe
Size

66.5MB
MD5

82089a3de7594ca1c13fc526beaec792
SHA1

5d46d05c78ee6d1608601cde4912f3bd91a3b71c
SHA256

4899de29c229ae1d5772c8bb53c025dac760dfe0a38476adf709d98b6e40dab1
SHA512

bbdd69fbd0e4fc08b578d6d74929eb5a32d29e5f66df56ec69e4d69b053a7f39bce415d1fadd2a33c2e2317ee1b30f00ee4f8d001de44577c275aeaf4636ee4e
SSDEEP

393216:z0MnFTz4KVTrmxGfftGOpcDL3QYDez3QzCQSPIaXSz69II65rUVf:tmxGfftGOpAL3ivhdS+9Ix5rUVf

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 5 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1236	netsh.exe
2088	netsh.exe
1664	netsh.exe
2044	netsh.exe
1200	netsh.exe

Executes dropped EXE 6 IoCs

pid	Process
828	Setup.exe
2268	Elevator.exe
1836	pxsetup.exe
1972	pxcpyA64.exe
564	winamp.exe
896	winamp.exe

Loads dropped DLL 64 IoCs

pid	Process
2924	App_02029.exe
2924	App_02029.exe
2924	App_02029.exe
2924	App_02029.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
1836	pxsetup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
828	Setup.exe
2872	rundll32.exe
2872	rundll32.exe
2872	rundll32.exe
2872	rundll32.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe
564	winamp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	winamp.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\historyeditbox\historyeditbox.m	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Bento\xml\player-elements.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\vis_avs.dat	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S. + Phat - vacuum deity watching you.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - gold plated maelstrom of chaos [mirrorized].milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Geiss - Inkblot.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Idiot - 9-7-02 (Remix 2).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Krash & Rovastar - The Devil Is In The Details.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Waaa.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - the forge of Isengard.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Gracenote\CDDBControlWinamp.dll	Setup.exe
File created	C:\Program Files (x86)\Winamp\System\adpcm.w5s	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - lorenz attractor.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar & Unchained - Unified Drag 2 (Ghostly Vision Mix).milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\textures\lichen.jpg	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\xuiobjects.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\data\blur_vs.fx	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Reenen Geiss - Soft Triple Feedback.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar & Rocke - Sugar Spun Sister.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rozzor & Che - Inside The House Of Nil.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\fiShbRaiN + geiss - witchcraft (Stahl's Mirror Crossfire Mix).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\button_config_drawer.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\baked - Chinese Fingerbang (cao ni ma =]) - PieturP colors - Bitcore speed tweak.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\enc_wma.dll	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\garbage\seekbar-button-pressed.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\winamp\thinger\pledit-selected.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\avs\whacko6-06.bmp	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\avs\Winamp 5 Picks\jheriko - not quite a bendy tunnel (skupers remix).avs	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Idiot - Marphets Surreal Dream (Hypnotic Spiral Mix).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - sparky caleidoscope.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Microsoft.VC90.CRT\msvcr90.dll	Setup.exe
File created	C:\Program Files (x86)\Common Files\PX Storage Engine\pxwma.dll	pxsetup.exe
File created	C:\Program Files (x86)\Common Files\PX Storage Engine\pxinsa64.exe	pxsetup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\notifier\sc_alb_art.jpg	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\avs\Community Picks\zamuz - big bang.avs	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Goody - Clouded Reason - revisited.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - volcano.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S. - tumbler demon mix high fps Phat_edit.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - disco mix 4.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\System\vp8.wbm	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Goody - Lights in the Sky.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Quicksand.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar & Unchained - Demonology (Vampire Soul Mix).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - girlie affairs.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\raron - fourth state of Milkdrop 2.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\beat_displayoverlay.png	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - predator-prey-spirals [geiss' laplacian finish].milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Mstress - Acoustic Nerve Impulses.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\pe_time.png	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\BrainStain-Blackwidow.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S. - nematodes E daemon.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\fiShbRaiN - breakfast cruiser.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\textures\clouds2.jpg	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\avs\Winamp 5 Picks\UnConeD -Zero-G Maze III.avs	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\fiShbRaiN - one step beyond (jelly remix).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\menubutton\menubutton.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\button_ct_switch.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\xml\notifier.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\avs\Winamp 5 Picks\mig - Starslappin.avs	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - science-fraction.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Zylot - Funnels.milk	Setup.exe
File created	C:\Program Files (x86)\Common Files\PX Storage Engine\pxafs.dll	pxsetup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\ml_wire.dll	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 15 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D0F041D4-1570-4143-BB6A-4CE041B109D4}\TypeLib	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24959692-AAC0-411D-9E6B-C7611FCCACBA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{d00f2f00-f910-43af-99d6-591ac5f1b560}\InprocServer32\ThreadingModel = "both"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CddbPlaylist2NSWinamp.CddbPLGenCriteria.1	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AIF\shell\Enqueue\DropTarget\Clsid = "{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.XI\DefaultIcon\ = "C:\\Program Files (x86)\\Winamp\\winamp.exe,1"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pls\ = "Winamp.PlayList"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP3\shell\ListBookmark\ = "Add to Winamp's &Bookmark list"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NSV\shell\open	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OGA\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMV\shell\ListBookmark	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{49F3CCB6-3BA4-4B64-9451-CCF4D42581B1}\1.0\0	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F19A9D2D-2287-4C64-96C7-4BB63EDEC9C5}\TypeLib	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D0F041D4-1570-4143-BB6A-4CE041B109D4}	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26B263B3-57CD-42FD-AA48-E505B4780055}\TypeLib\Version = "1.0"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{d374ceca-3e86-4ab4-87a9-3ff7e03e3cad}\InprocServer32	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{15D93D1E-50F1-444C-9E76-E4C8ACA0A29D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.CDA\shell\Enqueue\DropTarget	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.XMZ\shell\Play	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{62d92898-9129-4a24-bc97-078ba176816b}\InprocServer32\ThreadingModel = "both"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D79FFAF8-1BC2-4BDE-B5F7-1BAA899865D2}\TypeLib\ = "{7919D0CA-3043-4C02-B778-AB2BF4931F58}"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.SkinZip\shell\ = "Install"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PAF\shell\Enqueue\ = "&Enqueue in Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.XMZ\shell\open\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MTM\ = "Multitracker Module"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MTM\shell\open\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{a68d109d-ab8e-4476-8ba8-bce0879c4f8f}\TypeLib\ = "{49f3ccb6-3ba4-4b64-9451-ccf4d42581b1}"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80a8f856-eda2-44db-a9ae-fafaaa2f5798}\VersionIndependentProgID\ = "CddbMusicIDNSWinamp.CddbFileInfo"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A2C6C4EE-32FE-4BB7-8A47-DC615034BD7C}	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M2V\shell\ListBookmark	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AMF\shell	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PTM\shell\Enqueue	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControlNSWinamp.CddbExtData\CurVer	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C412E44B-A911-4E2E-AB26-F12BDB23EE55}\TypeLib	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46AC5819-1FA8-44A1-9954-270EA2CF0DCA}\ProxyStubClsid32	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC6DA11F-CA85-4658-9216-2AD353CFC33B}\ = "ICddbFileInfo2"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MIDI\shell\Enqueue	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.IT\shell\ListBookmark\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CddbPlaylist2NSWinamp.CddbPL2FindData\CLSID\ = "{870a8c49-8935-430b-9ffe-175c47fb6b0b}"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.webm\ = "Winamp.File.WEBM"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControlNSWinamp.CddbInfoWindow.1\ = "CddbInfoWindow Class"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0AA9FDFB-80D5-41BF-B383-7AAB869E6B0E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CddbPlaylist2NSWinamp.CddbPLInfo.1	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OKT\shell\open\	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fb51cc6e-a66e-4c28-bef5-142d4927e1cf}\InprocServer32\ = "C:\\Program Files (x86)\\Winamp\\Plugins\\Gracenote\\cddbcontrolwinamp.dll"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.S3Z\shell\open	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{680F25C4-044B-4DE0-998F-DFA463626E13}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3B4A2B07-AAFE-4931-A7F9-4C37729633CA}\ProxyStubClsid32	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WEBM\shell\Enqueue	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMV\shell\Enqueue	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AU\shell\Play	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{62d92898-9129-4a24-bc97-078ba176816b}\ProgID	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{06C18BA6-86A0-464C-B838-13A74E1AD049}\ = "ICddbUIOptions"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{43B1B346-2394-46E7-B1AC-EA8D93124F68}\TypeLib\Version = "1.0"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CddbPlaylist2NSWinamp.CddbNSWinampPlaylist2Mgr.1\ = "CddbNSWinampPlaylist2Mgr Class"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{b3f484a1-e3b4-4ad5-a9a9-52592a08dbd2}\VersionIndependentProgID\ = "CddbPlaylist2NSWinamp.CddbPLMoreLikeThisCfg"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP4	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MDZ\shell\Play\ = "&Play in Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F19A9D2D-2287-4C64-96C7-4BB63EDEC9C5}\TypeLib\ = "{65EBA1D4-45E2-4EC5-A7FF-CB7E14659C77}"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A9F50E0F-859D-4397-959E-3BB7AACBB564}\TypeLib\ = "{7919D0CA-3043-4C02-B778-AB2BF4931F58}"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5A4471DA-0283-449E-8EE2-B0716E3C168B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MPEG\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMV\shell\ListBookmark\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MOD\shell\Play\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2944	ping.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2924	App_02029.exe
1836	pxsetup.exe
1836	pxsetup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
896	winamp.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2924	App_02029.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
896	winamp.exe
896	winamp.exe
896	winamp.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
896	winamp.exe
896	winamp.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
564	winamp.exe
896	winamp.exe

Suspicious use of WriteProcessMemory 57 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 828	2924	App_02029.exe	31
PID 2924 wrote to memory of 828	2924	App_02029.exe	31
PID 2924 wrote to memory of 828	2924	App_02029.exe	31
PID 2924 wrote to memory of 828	2924	App_02029.exe	31
PID 2924 wrote to memory of 828	2924	App_02029.exe	31
PID 2924 wrote to memory of 828	2924	App_02029.exe	31
PID 2924 wrote to memory of 828	2924	App_02029.exe	31
PID 828 wrote to memory of 2268	828	Setup.exe	32
PID 828 wrote to memory of 2268	828	Setup.exe	32
PID 828 wrote to memory of 2268	828	Setup.exe	32
PID 828 wrote to memory of 2268	828	Setup.exe	32
PID 828 wrote to memory of 1200	828	Setup.exe	33
PID 828 wrote to memory of 1200	828	Setup.exe	33
PID 828 wrote to memory of 1200	828	Setup.exe	33
PID 828 wrote to memory of 1200	828	Setup.exe	33
PID 828 wrote to memory of 1236	828	Setup.exe	35
PID 828 wrote to memory of 1236	828	Setup.exe	35
PID 828 wrote to memory of 1236	828	Setup.exe	35
PID 828 wrote to memory of 1236	828	Setup.exe	35
PID 828 wrote to memory of 2088	828	Setup.exe	37
PID 828 wrote to memory of 2088	828	Setup.exe	37
PID 828 wrote to memory of 2088	828	Setup.exe	37
PID 828 wrote to memory of 2088	828	Setup.exe	37
PID 828 wrote to memory of 1664	828	Setup.exe	39
PID 828 wrote to memory of 1664	828	Setup.exe	39
PID 828 wrote to memory of 1664	828	Setup.exe	39
PID 828 wrote to memory of 1664	828	Setup.exe	39
PID 828 wrote to memory of 2044	828	Setup.exe	41
PID 828 wrote to memory of 2044	828	Setup.exe	41
PID 828 wrote to memory of 2044	828	Setup.exe	41
PID 828 wrote to memory of 2044	828	Setup.exe	41
PID 828 wrote to memory of 1836	828	Setup.exe	43
PID 828 wrote to memory of 1836	828	Setup.exe	43
PID 828 wrote to memory of 1836	828	Setup.exe	43
PID 828 wrote to memory of 1836	828	Setup.exe	43
PID 828 wrote to memory of 1836	828	Setup.exe	43
PID 828 wrote to memory of 1836	828	Setup.exe	43
PID 828 wrote to memory of 1836	828	Setup.exe	43
PID 1836 wrote to memory of 1972	1836	pxsetup.exe	44
PID 1836 wrote to memory of 1972	1836	pxsetup.exe	44
PID 1836 wrote to memory of 1972	1836	pxsetup.exe	44
PID 1836 wrote to memory of 1972	1836	pxsetup.exe	44
PID 828 wrote to memory of 2944	828	Setup.exe	45
PID 828 wrote to memory of 2944	828	Setup.exe	45
PID 828 wrote to memory of 2944	828	Setup.exe	45
PID 828 wrote to memory of 2944	828	Setup.exe	45
PID 828 wrote to memory of 2872	828	Setup.exe	48
PID 828 wrote to memory of 2872	828	Setup.exe	48
PID 828 wrote to memory of 2872	828	Setup.exe	48
PID 828 wrote to memory of 2872	828	Setup.exe	48
PID 828 wrote to memory of 2872	828	Setup.exe	48
PID 828 wrote to memory of 2872	828	Setup.exe	48
PID 828 wrote to memory of 2872	828	Setup.exe	48
PID 564 wrote to memory of 896	564	winamp.exe	51
PID 564 wrote to memory of 896	564	winamp.exe	51
PID 564 wrote to memory of 896	564	winamp.exe	51
PID 564 wrote to memory of 896	564	winamp.exe	51

C:\Users\Admin\AppData\Local\Temp\App_02029.exe
"C:\Users\Admin\AppData\Local\Temp\App_02029.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:828
- - C:\Program Files (x86)\Winamp\Elevator.exe
    "C:\Program Files (x86)\Winamp\Elevator.exe" /RegServer
    3⤵
    - Executes dropped EXE
    PID:2268
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:1200
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCP
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:1236
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram program="C:\Program Files (x86)\Winamp\winamp.exe" name="Winamp" mode=ENABLE scope=ALL profile=ALL
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:2088
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yes
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:1664
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDP
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:2044
- - C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxsetup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxcpyA64.exe
      "C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxcpyA64.exe"
      4⤵
      Executes dropped EXE
      PID:1972
- - C:\Windows\SysWOW64\ping.exe
    ping -n 1 -w 400 www.google.com
    3⤵
    - Runs ping.exe
    PID:2944
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\SHELLD~1.DLL,RunDll_ShellExecute "open" "C:\Program Files (x86)\Winamp\winamp.exe" "/NEW /REG=S" "C:\Program Files (x86)\Winamp" 1
    3⤵
    - Loads dropped DLL
    PID:2872

C:\Program Files (x86)\Winamp\winamp.exe
"C:\Program Files (x86)\Winamp\winamp.exe" /NEW /REG=S
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:564
- C:\Program Files (x86)\Winamp\winamp.exe
  "C:\Program Files (x86)\Winamp\winamp.exe" /NEW C:\Users\Admin\AppData\Roaming\Winamp\winamp.m3u8
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Winamp\Plugins\gen_crasher.dll

Filesize
50KB

MD5
41b366ede1fbc0934ab725b98028dd09

SHA1
ba6790ebb79145bc35af7f1a197cc1f2048457f7

SHA256
4b561f368f71f524a1fd5b12f3b74d88e9baa89a9cf6e59128e6977fc47762c1

SHA512
1bbd61391db3e2c96c9140bf3a62a1fa0d2b1dd91e8240c62bec9be62e1f74007e42d5274100280fefc0bd7127ec993edb62ecfd3b159a8ba13b4d451dbfdeb6

Download Submit
C:\Program Files (x86)\Winamp\System\h264.w5s

Filesize
666KB

MD5
38303f39eb179ff6cab518e817e22cae

SHA1
b8d69a8513dbc8a3afdf959513022b30bf9c505a

SHA256
721d283dff6ac902ea86eae324fdc3deaaf45aa0e77e842f044c11683c31d80f

SHA512
8f3457c46dfc8aa09fab51d6411a5d7297ab9283de12967bce9626e764d7568ac1daba8b34c7a146232d09fada15b5f4c86613bd272b6763dd9d53c368e0a618

Download Submit
C:\Program Files (x86)\Winamp\System\h264.wbm

Filesize
225B

MD5
d352d4afb5f848673ab37f308f156c80

SHA1
8a900dfb1126a0b7480445853b8b2b724ff7ccb9

SHA256
5ba3da7a72134e9b65a5f1a268bab65c2065294cb430a29cb481b505ede2aa44

SHA512
a1346bb7faadcfbecf8875d4a66f7c8093b6998e32986200cde55e282fcea6614e60da18835657c215c884ce50f6d34bc0382e8617839d139e210e511f204177

Download Submit
C:\Program Files (x86)\Winamp\System\ombrowser.w5s

Filesize
302KB

MD5
0fd032a355ba3a812c56b6eeaba0e3c7

SHA1
eaa04e2157402a21eced4e3b05c3200fd5bd4d28

SHA256
511f80227a7f841030efbd9289b6d93387add1224fd34ace5edfcf9aaf9a15ed

SHA512
99132a6f75d74c270a722bc5dac73fd61564ca5a61e48e8067124934fd79e8f3313b3f3a896b8a5fcce23ca9a32d98cd88e381c0c6cabc8cf171246ab10551f9

Download Submit
C:\Program Files (x86)\Winamp\jnetlib.dll

Filesize
607KB

MD5
792104d32753ab1011a7dc41c80cb504

SHA1
48314163f4815452b61c7069531a6faa02775bc9

SHA256
8d52761d0e9f753f05bb0dfb37d9fd14eba0af4023608012710ca0c3db79e444

SHA512
bb3ddc7eedf30e4776c06a667b0ff9aee2605cd32d8e0fee1f93839ff29075fe37713a2b74e5f6ec51c0bc7a6d44dd5f022e196f068f969cd75f14482c5be587

Download Submit
C:\Program Files (x86)\Winamp\nde.dll

Filesize
84KB

MD5
d1b7c43550af02cf4e9712b1c1a63cc3

SHA1
0f0d82a6b341dfce6fa4d2b93252faf46a211e19

SHA256
202e7e7e30965d970cb37462f0bd763551d757bdf35e04cdc78721559118a469

SHA512
22d45cfa22343d5b74101e91cacdeaa73d6520588a365b0667c61e8e82451e78c0624b021e7ce5421d449e5d33f7df15355e272defb9d70c1cdbb89f611760e7

Download Submit
C:\Program Files (x86)\Winamp\nxlite.dll

Filesize
28KB

MD5
f270d9dbf305256d0979841886f288a3

SHA1
6e85e6d9e80c97e2d85b1754170b4ff9e50fe6bb

SHA256
bdc9e1a1edf9d42ca846b67256fc30befdf63c69354dcb30046e594e347a39ac

SHA512
b5b139870ac0ed729d6281a47ad002af2ac9102624846f0ca9ea198322fc20db9825261d4b3df26833df93d1dab3a2dbb8896eea100d06c7bcdbbd5ed08ea1f2

Download Submit
C:\Program Files (x86)\Winamp\paths.ini

Filesize
30B

MD5
8ad85a252352aa655f18d1b9300667b1

SHA1
5d2939f3b6c29739303f2caa4560d1f5376309c6

SHA256
fb7293e289aa918d2cbc3c362cea48dd061b0e12616924460466f26df28ff05c

SHA512
aa3c14551846a2a89b7c4ecbb9ac63e3c83501de5e088634c77e92ffd068a0aa547ad5c0d06890b553469013ff0de0dfe2058de86677966ace9c4d0b8c7b5525

Download Submit
C:\Program Files (x86)\Winamp\winamp.exe

Filesize
2.2MB

MD5
e000683011d966dd6cccf2bc3b6027c6

SHA1
7fea5c8039be8e5476c9322f14eadb9d855d1d72

SHA256
6760afda7a59a7dee557680e48a957cf1367ed04194808af61f779b7fb668850

SHA512
2dac85d626cb64b0ebc811b8d92d06503e06306df4830c562195a8116b25ae531bceedacb2b36487901454279cf4d9e328117f1133ea0fabff0a973ad7f4225f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\px.dll

Filesize
682KB

MD5
dbb66b386c194a58e29e49d7ebbebe65

SHA1
78dced6be8870938a2c8fefb1b5b884159e5fb21

SHA256
309a40e28271eee4e41cdb5cd1f83c0087702d42f9fc3a87d62f9f30dd53d68d

SHA512
6a49783c86f2bdb6cb522f0e53a6e653eccb89b1a2d0d800bfae499d304cad173f621d9dad7765a13848a1e8bc4da355d94fc1a4bbf2beb5c4d999ea79257764

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxafs.dll

Filesize
130KB

MD5
e66569100ada3821d49be51109fa111c

SHA1
da0d6e0d9073b7d384e410916ae0306e16eee23a

SHA256
b7c5e5cdb6bf6fc01d1823b6aa1b0fef62f1e594886e2797a00a03809589c0f4

SHA512
981128e378ff2c286ad0aa9ca0012fc72cace283b0bbe4bb21ec7429735ef0b4438a6c6ff8dd3ac11438e25af33162f320a085223d6fcc41f5a7b060d88efb8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxcpya64.exe

Filesize
66KB

MD5
08d51e037f487f9ca9fd0b0388f4c15a

SHA1
67188d670673a5e9185616923d1b1a8aa22ad8bc

SHA256
fbaa0fd8dae9bde80bfe497dca28c6fc9174c14b12ab93e3942fffa04e3db3cf

SHA512
a40bb551fa8a705a5ac2bdc02a17ebba1c6c70f9ffce38c668b07bc538dc4461658b0bf220e26aa1833f624009f417f05c44aa0ff81af59a5ada4f97dd99013d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxcpyi64.exe

Filesize
120KB

MD5
50a76d2d5e4be94556326c4bf748c758

SHA1
dd2188e2fde11b75fa73003bf7502515182d4c88

SHA256
1c0e698d620f3703f940baccbfecd883b5f5e46d2436f0c17cb0c6c99155a4ec

SHA512
f60decd858d2dce3d7d57f53e7a2f7f1090d2d5fffbb1abcfd37c67718ecc2c92bfd45a208a2ec93efa5e8fa9c33f29e84bc52891998195dda237d6f1ea971a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxdrv.dll

Filesize
558KB

MD5
8f6f3aa814143099b431744b16845664

SHA1
67f518591a1cbb954a031cc7421faa1aeb25651a

SHA256
7c9449c2e774087305a28117e47fa48bbf33638144e9694f20d20fb15065ac9f

SHA512
5fdd908862dcabc37a794d0f7fe134e6df9f34d0e52cc69a535c37872a4f2edb44e2448654b3832a11f41fd57be36f1ad0f863603d1f268f99c6180a3a48bcb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxhpinst.exe

Filesize
70KB

MD5
d2728a10ccd2a675638b016d47b1c254

SHA1
9311a83a94d7b5694109e0e9694eada76765caa1

SHA256
8ca37574a79fffe781375955362eca8ba4511593dce6672590be8c42a775f146

SHA512
a6a31019f560b69935f5873fabe192b5899785544b9cf3841c1a846740edc56b3ba5f396d43d104f51acfd59faa97121f104abf7e4ac4a3fef5539cbd85a9759

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxinsa64.exe

Filesize
66KB

MD5
6d3630b7f27b3643fde05d1088f84f2f

SHA1
be742991eac9c6c8b0674c4be1fbddd10f7b9d37

SHA256
573d87feddc84eba6b3450bf00ad7ddf498ca99cc8809359fa9bb60c7ac76f68

SHA512
48a218a270357d3513596d92410bc865ef51c3bda6bfe5f53251e2ca3a5ff6edb31d722ee50d6b85d4e3bc7094b956180bed88575eac226236b55d81e0528ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxinsi64.exe

Filesize
123KB

MD5
94f95be2a44c8291132d314582f141f8

SHA1
d5bb1a7519221964497560b579bb5c1f1ab30aef

SHA256
df83d7cb34c59e1406fb5bf1edd083f8bca649db97979c6debc3d3ab0e36b980

SHA512
4a726c8431d9722f1213659e3cf150cda5a0850bb874f0f7c4c280f6805a122d14882531e06b11cbcd36d8a9a741a67f12b46dd02933d00c65ad1e255e1ca1dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxmas.dll

Filesize
214KB

MD5
746833260d2123ebb46ff44afcb8103c

SHA1
54275329dbc8caafb8a4a61198cdaa0986756ee3

SHA256
6cc2fc325653f7fc8725808270792921423c7dffba4f4e5bfdf5d396f89c2d97

SHA512
a2a577a39ece8b3b1407b528b17a3088179bc5eec3e1a9b14270529f82f6175d9c950da957bf6d707c968e4395eb55464e08778bb887b2871351f5655507252b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxsfs.dll

Filesize
2.0MB

MD5
e5ae8bd7d28eb4bf87f9c56daa6d3e3a

SHA1
61b841bdc9006953d504c137d5d7d8e8602fb31b

SHA256
780e084efbe74ac28d8d91dfff1e3bef97ebda3c54c7bd5c8fbbed128f21ea7b

SHA512
4930e9e128f9e8b55657752b5a8b1aa82c252dbae6ed0fc5d3112e5be85f30e6381e514e668ce5eb5dba8177583151d89707410b102d4c6466424682bcbbf0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxwave.dll

Filesize
430KB

MD5
24fa4bccc5ac82f5471abd0e3c9cb878

SHA1
9d9caf552519395fc76c7b756532032686827586

SHA256
a90d09923443c749266f65797176d70235854b9157a023362701c0d8477b78f3

SHA512
5e05daf7eb1de0baad166758304a5450750a876d4f7a521215aad279a00dfbc34a96299389dc2f523b54a73894433ce35480f559ed04d10ccbb14b1c75111914

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxwma.dll

Filesize
58KB

MD5
cbaa54ae75a0b8430e6bb65c72c7683d

SHA1
5fdead1d32a164426c623f5b871bea3d547801f5

SHA256
4f69dbbad8775b22d328968461c0c7ae11fe902bb949e178bf1878009705d0ed

SHA512
18b51a143af0d7d279c961143c4e3b5a42d439f59d7cd495dda174e062f3b9981363c021e474fe7901ff4651a174883f748ca98766a12f08606378cca3c4f504

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\vxblock.dll

Filesize
98KB

MD5
ba8559b1de9e06e1ebc5b41138839fff

SHA1
b2eb5557c01a3731adc3e0539b9c9ba32329f35a

SHA256
ffa5a535493c11595b1edea75e67ddd6e26e587a27d36e06a499acfa0e0a002b

SHA512
3314838685b476cdde9f9eb5be4881b29494b04b3f93a544736a2cbe0716c03cdf7f38fa14cf3e68844495a5452dd00ac1ea335fdd030556dde4715826d50fd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\install.ini

Filesize
1KB

MD5
8db5d345769252a3b1051b19872fe1f7

SHA1
5a1aa9a8c8773cd3f8a6d29b289b7ceca92cd539

SHA256
24b2eb2370c333c9f99295017fbd4da1630a2eac5b077e7e5aea1b82d7838470

SHA512
f95fe42e007e334621c9657c8ced96d592b6407b3c9e2abea54144ae75001cbd5c0ee9b59652ae1614ec64886283172b065f627ae1e136e9306f9e4a27733afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\install.ini

Filesize
26B

MD5
385081d5feee87a4ed1a6e5dcee85f36

SHA1
8517162855b477e5498e95ff2e82584ef06d5c6d

SHA256
bdc6fb93206c1e7a590f2d4e97d0dab7d3badaf8b4e1a7b8487e9cf59f05eddc

SHA512
52bcb1cdae8abbe4b14ff85b57e03426d61e5cb25b1535a827af526ec66c00ae0a327b187cd10279cf18c379c912d3e478ef9966bb497a8b626824fe32d1093f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\modern-wizard.bmp

Filesize
150KB

MD5
2d63e33fa1cf672338a22c88fa45e6a0

SHA1
86c510009d6c71d05eb2707fe6a10039df525192

SHA256
7ae875cfcb6e3b1f4a06460fbda99d8014dc4674ee256b0b79ec656777c7e292

SHA512
d42a7401c1d0d77d517d2f8086286bd6cf487cf5400cd8b8d720bcaf15149727751677f444fd9a8e340072deabad51347956894c1c034dd81df793b3b8087252

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\feedback.ini

Filesize
272B

MD5
aafdceee30306c817e3f46bb665bc61a

SHA1
b7ce2bfd4ead219850e4fbef1ce976e04ff4942a

SHA256
5eb88cdf08bc967d8be8d7ad40ebaae1a267e32b32e73a7e92140641eef380aa

SHA512
fd9e60d123df8f7f8c98826998e8294d9021037c261282f775b66a19e4744afe0688f306d2a4c833e09c26ae37edd858471b92078890dd8bd13aa4577daddff4

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\feedback.ini

Filesize
884B

MD5
34596887db65b4d559bd92adbbd58eb3

SHA1
a610a496b41bc38bdb43e04b64c1e8ee2703fb8d

SHA256
b481b979a63b97651e2231b684e8d98f7c8a8e77163beeea49710a90da03c566

SHA512
115cee2deece2c0a5e83a68e14252272c9bdc2b8102fa33d21d56dd3db0bdf764b093fd4faca1afafcc3c92f8df065bd782c4d7b97c43a92b43b3761be3aa6dd

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
14ae7049e76ab554c0daa5f30fe3cd53

SHA1
ec62d8956e69c0f877d1824fe8a0fddd4e238530

SHA256
05e01497611f36811da34946402464e92cde0a240c60a88597dcfd5a4482934e

SHA512
0193925ba7b1ff3da90faf43fe79e398a29aec62c514e47a01f9f72ba1dab00eb9c40185b4b0e0e5c808b0dcac311e07e9b4ffa7957598f9a47e222a453a7cbf

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
c855c30742d0a5e2ded7d4c4c83d40cf

SHA1
b20a01401aca6922ace00a9ac38c0a2caf97fe17

SHA256
69017fa0547aaf943a6d28a6091af1800bb6f809459db6a9e0bc7a40bc0abb2c

SHA512
1e2615af69f498540f4c183715f42e139e652353036f730deb37491c45f788a2f9c68935e189ce8e9e5f0b0d7945ac016d48c70ca0474c7355293c9a3f6613a0

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
478b3f18a7439820d1448a1191af6fd0

SHA1
e4ce390b56365d035421a361fbcc21e80ce1ed80

SHA256
281d0b747db8f0e042a6afde1fe9b90ad58eed178bcdbf8a907a8fc329ee4a0e

SHA512
228bd5c6bf0035f1783a21ab3c0ef423051745a5148aee2b74b4ac57174855f9997a727626a4c12cc145128ab11b57c7fa931a5b6e9e9d548f421fe5cd73647b

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat

Filesize
466B

MD5
ffa63b4cc6d3317d9e35c4b147917bd7

SHA1
d38866a94d539a53e820481d5f9a910f3bb4d230

SHA256
2f82e10226cdf0ec052666b05fbd618bd763e88a47f4462dac3d832b4df0dce1

SHA512
2feb4a87f5a5d39efe1827302e44ee130a2f05cf1dd2a58b6b57c4b5607a22edc6cd8e13116c1fb0df4d81734d13a78cbd8fc88b44c9af4a1ec3401c93c366e8

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat.o1d00000380

Filesize
8B

MD5
76a66845f666c52790c3442f7e1a491a

SHA1
e392a609d9dc81fab060d8aece449fe616a40053

SHA256
101f682d9c519400a4d36b6a09cf0dd39a9faab6353b3ce0eb2f071860b6d05a

SHA512
71a6ab36ebfb6ff89ec6fbedfd1982fe0fb7e8c76981d24467eb73a924dc96cc4a0483381beead6517f829fa8babead0176a8df229072040564e708d99b4c783

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx

Filesize
68B

MD5
d39305c16a773b222871032c4148600e

SHA1
196b2a21dabfd3d001e2c79f3fdc7c411c4ca261

SHA256
01786514a6a5bb357099b7c11c23615c0e8e6e07aced1f3764f034b6a6be8d29

SHA512
bc16b755eb56da66ff8290d1498c9ebbe7a29e27c50a4326cf3cd9018d20c13bccb4d23e63429e07ac33e323ec19e11a69ad2e25c1b5a4a67341ea2019862093

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx.o1d00000380

Filesize
32B

MD5
137faa0c3baa69f733eaadb966b64ade

SHA1
a55982685efc19bb0afffa2eb1f3750241480eb8

SHA256
9cc291dcb5847e7f0e6d4bf322164461c6607da934ce9d376c0e15f7ddd33181

SHA512
b6286a581aa3d1add62836804a1fc79a2399fd6fa7144945b47f2ff8c0ebe88af3f289bee95db0cae1aa7c532b487a4bb6a9e65710c581afa2b7f13989885d78

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\etAB1E.vmd

Filesize
585B

MD5
4e9180a184a1198d9594c98d4e01919f

SHA1
ddcb8d3490b1fa89abca6ff28e172fc9bd6a8fc7

SHA256
6b4104b26ba3333b9baf2738993a14c4f51fbc8b1dac8560095e00aeb24ca7b6

SHA512
43cc1bb4cd1d7c2615e8a259db6bbf915a1b9534f030d368d210ad2e866f24b31cfd17fae669e86a702faa16eac181bfc570a85d495686499b5ffe3559db682b

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\etAB1E.vmd

Filesize
910B

MD5
fa6b6eaa81a2662b8c45b126727ea832

SHA1
6087f9505d21819ed2f656517a0a13664aeead2b

SHA256
370be262ff415bed2a40f450f69dfce660e3e635af0924dca0c1f118e489c046

SHA512
f26688d6236021172c0f2d001e5636f018fef9ba7c7fadf688bd78fb1f9633c766cdf9ff2581997bc7af8a5ffd92da19cba699a46a64a555ccc0e7e57bd7b3c1

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\etEA66.vmd

Filesize
342B

MD5
2ae2947bcd285e259d2f2cf15771fe70

SHA1
4a4b7a0adb8159faaa2e36a34d2e300b4ba62be8

SHA256
682e7f2143d789d847184072a61be585a6a869ccf2830b03a45af0e1ed812b23

SHA512
de34ee2e3a9feba6cb9101d06f1c9007b3b7a18f7438a683a9979e7867cbb4e3c831808603111a42c07aa9160790f74065d43c359b70216475dd5662ed332561

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met19DC.vmd

Filesize
125B

MD5
d39c2a872b313f71c47f6bef8a44b425

SHA1
fb0b1e55ba114f0ec0856cec44934c692690e487

SHA256
84f5b0b1ecb3612db2d369b18c758cd0de8ad31b371943343fc5b776092fceae

SHA512
b21b234843480ade18abbfc1dcae5edd536def427bfbd39d0c384e439c2b0692d1654703e32b4648ffb6f719fc1236edbc588bffd242ea7792fbb41b82d65b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metA0A.vmd

Filesize
103B

MD5
eebb8da8e062bd685542bffe0bb94e74

SHA1
75faddb50b83eae36988c1e3eab075fe8d5a3415

SHA256
ec58f79fffd619862667c1a7644ad34f76c4623f2b7857a5341640c893d4de18

SHA512
8a23a32b28a558e9a5d3a615d4412b768af8948f132b09e97ca121471db46693a4d05ce4df64f1ad951749d65c4d19000e08f7870d99eef9b90b62d2864f1bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metBAF0.vmd

Filesize
174B

MD5
9936bebab9c4e0e2aac7dceffc42dbac

SHA1
c1d2b8ceed49c904db7f174e06cc4e8ef851a87b

SHA256
ee730918e759544d7d087fe0b2e0aee12145ec36ecd4f4aced4336d85503a124

SHA512
16a5da57970c1d9b0e00bd8ac21ad53260b48db7b7b8bdb1953c625e8b6a9a132afa53fcb835163b73fe6a5dae40aa5ddffda9a11f42e8942c07b180363f2ff0

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metCAC2.vmd

Filesize
126B

MD5
2cdaffaec77db6248825896e5c424893

SHA1
fc8df8ddc7811bfcf8f426dce0316c7eb6366b69

SHA256
6217223a02d019b85e566e2804ae6ae4dd3643c95578279a27909c9eedbdb961

SHA512
387e12cab715c8d9530b21725808c91bface84949f03d17312890464ec53ffbd79ce3a83685e0897e208a2e26e85c8296b848d91b0677df1bac446c229cfe05e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metDA94.vmd

Filesize
116B

MD5
c386b2dab1e50ba2766d84fbff261563

SHA1
04689715512886016010a77f4cb1e6659e0df0b5

SHA256
ae6359b0c31c69599ebb789f3016908d680c7079d452c4648a3af0226b78a84b

SHA512
f67d207fad5f0a78d1c7e507257aa903704020f8339720c7e6e23e7d4699d084a57628703a0cd4f33b0460e5454a6d33b99c51f37e346a95504949ce30929723

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metEA66.vmd

Filesize
116B

MD5
c83239613245411ebd5416fe69629720

SHA1
e0b7924b12a88958fb9e18d5d8bdf1ed9ab84337

SHA256
a1defd5d6eed464399dc2a0f2c07d1f3a10e45963899ff4b824f748b690362d1

SHA512
f3d264e25bbceb2c58d741bfa16c35213df9a629ac59ef9a275c2ec60320b6580c6f1468627e966e14bc27695d9e157ce264a6259a4f78995e7fbe304d5e4528

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metFA38.vmd

Filesize
127B

MD5
252e14c85c8b8288fda93614891308eb

SHA1
636d352077cab476c805fac2bc4ff58d83a14b99

SHA256
cd160e25ecd10aeada7cbe1b0913b8dc8098d009e43b9a549765e0250531c81b

SHA512
7c5654607006bd1300874257f9c452b7e5aeaf90e4815ccfa0f195988f7d51dfb8dce68c71d15649242f8d05f970d67101917c4ddeef12ea05d39fa8aa1f293b

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Winamp.ini

Filesize
293B

MD5
bc44647d4f52e067a3d61bcea14fe74e

SHA1
42e182ca102d903d987856141d523d336a0ebecb

SHA256
ccba000bbc7f9152001d5e7217d7bd614d7322328a5a46b69e4a726295fe285f

SHA512
e223f333632b3c883420474f687ed6a78a2fa54d8d7a66ea8febbed8465201fe0905cfb6db01880a048f5cf4d41c160f0374a7914cafe22c489c10fbf3ee74ce

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Winamp.q1

Filesize
4KB

MD5
d24f1b829d1bd197e157b12d19c220e9

SHA1
555274f63e5b6ddbbd548179754fd0b2cbddf888

SHA256
58065811d8e881a5087af0c9a44d2baaa9628dc3cd1b1847533dad2c35a02cf8

SHA512
55c5c6bc1c466eebde84b98e024d774711bc1f1e32b28842d77eaea93dc030878e74012ea48179925313490b7c77d07383213ebb63d691228d2333e4217b33fc

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
333B

MD5
6631f28b52772e5b40fe80b0c8cd307e

SHA1
aad407288d1cb1262fb4a6a0193aee92761332d5

SHA256
3ec78c41a1c09079aff3a1fa7ed62e9e34f7adc7491679e3489010003bec0c23

SHA512
57ce962bcb3991fcab8698e343523d28c48460cee6220f7b82a52f6b408ba826dc9227b1f14c21e3cac79a441da075100ea86df7a582d26b69445014a44bdcc4

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
348B

MD5
ee29b6db2af386093629b818f048acd9

SHA1
cd8ec6152e426f008caeca47a7c2b9913c455379

SHA256
fbd14748090e6332ff4670b991f2d85befdd26d855ff5e90eb61b5ba0f3c3897

SHA512
b6a15f5fc3895083b9d3851cd0d243559fe432373a13efd1973c97493b7f63c1ed3ba5bde61aefa406bd2da01fa13eb60a945cd2f86c0c39bc51e641f3a79479

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
356B

MD5
a26d8b82f6ad1ddcbbe1ef045d51fd65

SHA1
2d1c2c9fa118b0c8bb4b0183256caf56c11f1e93

SHA256
1c5d2496099fcff009c92e9125d4ace5cd8cfc3c7be5e665741147163e4efa67

SHA512
aab52f3a5b0bf0b025ed2d9022fa66f695f53aaee561562557a8fed97184734fb051d9904d343f75278f0424959bacc9368e97d5d33ff9800fa354a0f6ad3aed

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
1fb00c17c0183ded580b7192c0f90e92

SHA1
96955afc62b284c2ea2b8d404fa8ab3435b63931

SHA256
b9f72f35690c89c2c2a38864b20a4e56f5fce7799b13b390d4c199c51b058de7

SHA512
2d719b31ddf79255e1ed2ed7a48ccea0333f290c76fa189431990dcd4a1802fa81f4f67ba7a358d1e2556592ce4afacae4620fe422f1db4df1f0b51beef022aa

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
2KB

MD5
2a7d7ba92bd299b0c7d71c36d3eaef23

SHA1
4aa97a21fb63a46f284829a838700400131069a6

SHA256
8bb6d4f92e1b85c6deb067cb9e20a7a72521f8eb636faa3226071f13320ad0d4

SHA512
35a5dd8c2231ec95906dcc517dfeba09ae65bafc3d672309992936190e4204f6541dcef07d551d1d39a56fee85676503f3509178635508053707761006f4cefb

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
3f5076101fa7856249b18924914c04e8

SHA1
2370bb262822ce98d0880df50f18b16b48bb0278

SHA256
73d7a739ed3a08bf95561f5106c313a951fe5236b116aad005b22d12553a2ef8

SHA512
e3bb8fba35eb579eeb6e6ee13cfe17dcd9920cb0766eaf52f0bd6b23777220de2f07a0e65a581d6ba8a3e22dc383e10422aa3c5e251638bfe0052d7fdd841e2a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
2KB

MD5
30bb13c6b5edecab696315347fb27dc9

SHA1
b4a960025d9d109ce7bcb77f0d8ce1b3c3afecc1

SHA256
f06ab3860dc7bfba978a230a84b164a5ac1f1b24bc6f4b09b37e8c6130a089cc

SHA512
dc8649f24f2d501df661b5a98420a7246888f5116543be3cbde2ad6acdc84dfdc14fa1a47f31bf8d37646831f6dd671bf52c32628a10eaff233a6af57494ba4a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
56B

MD5
69c56e3d98acc64fd35ec6b2916db596

SHA1
cc9d47c9fed45c892578c04e080696ffc2ac0eab

SHA256
85b420b1faf6d7e70567eaf2b01eac6dcb78e02e2375956c317c8e98d6cbbad1

SHA512
234f0db4c217469ec585903915758c890b0040a97735574caa1d73cde68c0fe239b58ce60720a16ee136c14ef0977af894167d12488af5993cd7514d9d79ce8f

Download Submit
\Program Files (x86)\Winamp\Elevator.exe

Filesize
90KB

MD5
5e90e4e003ff75b207d956227c8db1fc

SHA1
e05c30b4e1dd22afae5fe0a117e62ee69af878fc

SHA256
35f2265273b38d3f81d6ef07f57bc20fca07f62687445aab6651c141157cb519

SHA512
7dc765ebbdc8c707da12e4a321f80545def74cb93ee73c6545893a7366173ead0108292603856dcc6136bbc46550f73ecaf36553c12eff5ed32a391d1efe63ab

Download Submit
\Program Files (x86)\Winamp\Plugins\Gracenote\CDDBControlWinamp.dll

Filesize
1.5MB

MD5
72ab7ff3886957602a68b3d89bde44fa

SHA1
91365edba7dc4aae61edf0c5a16705552e668b6f

SHA256
025ee64129129e7e6bff4c0769cf93e00e095b752299e7d633de5d9c261e173b

SHA512
ac1b58c308bcebe6c4b4672b5a4aa14cd1d3a923c80ac495f4d42aab45db0d085ddbf51111f3045bbdc74d1456f642f62775362cf3d132c1b6aaae0c47663c35

Download Submit
\Program Files (x86)\Winamp\Plugins\Gracenote\CDDBUIWinamp.dll

Filesize
1017KB

MD5
ac5430ae266925bb85d2d5800d03c262

SHA1
b9a86664a0fac9b79c162587a203674bc6ae9191

SHA256
fb4211686c2ddba152cbc239ef8b630c5d2a8c05e9056d4c797cd0ddb200e9e4

SHA512
3992049fe87785c6827fa35b271c37696733b362bf276d5098b0e1befe6c217ee7847d1256dedc1fbbb2d608e7cc195e9229dbde7519615127b7f361edd8a15b

Download Submit
\Program Files (x86)\Winamp\Plugins\Gracenote\CddbMusicIDWinamp.dll

Filesize
905KB

MD5
37ffbcbc724d72a49248cd6df27cea84

SHA1
7ee0fa08510f549d9ad7538416e0e19bdf911ad8

SHA256
98a8b5ce8023885391bd4be08781deb141479eaae5c70e264eac2d6c2da54f7c

SHA512
b6fc63a76321e241547061a876f50f5b99e68880f6ba4af3d66656354cf827d99f07d38ffab6764c83c5ab1f35748876077af04743d747df3a3a5f86314a69e1

Download Submit
\Program Files (x86)\Winamp\Plugins\Gracenote\CddbPlaylist2Winamp.dll

Filesize
1.1MB

MD5
7c7f404f3923a9346978be902e2257de

SHA1
c1f41edfb4af754db2e2679a8ae40d3b1a9075b9

SHA256
1239b23e01467f6fdc2a0dd109c5713588fe77a4d206d60dfb3712e08d1dc3d5

SHA512
c60806b31bcb314c4d6e3e4ddd394752a665d16ee223359677e6d08dbf288aef88967a4aea46efbe28600f35f7abc5b6267a6c69820a29ce3f9f2e805fbcc477

Download Submit
\Program Files (x86)\Winamp\elevatorps.dll

Filesize
50KB

MD5
c990acb402c04bd44319183198c748f3

SHA1
d20358545f8148394a1205f63d6bfa3bcb950f28

SHA256
fde86abbc080ce9dc48975100ad908b05a53e5c1026e34d064f3245a01770fbb

SHA512
86c5c5027e9e4571888d5edef060eb71fe1a2a365c5f2933ae95f263a188f2256d9f9e7182616e53146455f81892f1a923da2c2e10937de06f888d6d2bc8dd70

Download Submit
\Program Files (x86)\Winamp\nsutil.dll

Filesize
409KB

MD5
cdc510af97cee27fe9b7f6e79321960d

SHA1
7a676c673e46a6bb33edd35bb8051dc8428a39e4

SHA256
714149e044c0b1598d50b0de75f0e6c7b6b4b879a4d8fb195243e68758cf3f84

SHA512
4bd33b051d8a0ea158ae665323383d4ad326a6f7693fcd02aa6b4a6f6dc6ea28b75c26f394710668bba50a46cf4896eb173b664183389a95ababb4aa0e68207b

Download Submit
\Program Files (x86)\Winamp\tataki.dll

Filesize
86KB

MD5
54784a40c6e296df888635fafdc199c3

SHA1
863c0ee77db87557f39762e82d305d5bdc36fc91

SHA256
081220e46b00d9d1671f15658b6a9df7504223f514b03a593e5b9c56c68f135c

SHA512
5ae6bd6fce3d6f346409624a4229ec60fba113715d4ac17fc3f72c557a0b00b51de601bc44f214e39549e29d085e9acccc8aa5bc5acbe89638f1358fdc5d69c2

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\Dialer.dll

Filesize
3KB

MD5
61b40a89c8b94ad6355262e118c8420c

SHA1
6b8fcae8baf661e115763cec2d69db7a6b767030

SHA256
4e63d7b877a7e8889b6cd7bebc1dec767bff0f5bd41d8936d4a5b29d934ea4c5

SHA512
77f7e3cdd2f2ec3a2cf619afec6438e0966a2f0d43539d62e9cd8e2acce56322e2dfa2f747937c3d62346640fb64e1176b52a329027a5a0569e0f05ceeb7a126

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\LangDLL.dll

Filesize
5KB

MD5
a1cd3f159ef78d9ace162f067b544fd9

SHA1
72671fdf4bfeeb99b392685bf01081b4a0b3ae66

SHA256
47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

SHA512
ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\NSISdl.dll

Filesize
15KB

MD5
7caaf58a526da33c24cbe122e7839693

SHA1
7687112cb6593947226f8a8319d6e2d0cdef3b11

SHA256
19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

SHA512
aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\PxHlpa64.sys

Filesize
54KB

MD5
87b04878a6d59d6c79251dc960c674c1

SHA1
cc34993ed2b375bbab87058f79097eeacf381aa5

SHA256
3eb8db0624e646f0a65d0381408d35cf9fdc5abfc30df6431f4070a8eb68447c

SHA512
5c034f27ffd5d26faa2b6db9a6e97b261a0997400901e846880fc2eadda4ffc3aaf9885b90997ebeac8902b10f2e0f3e38b41e6f476b7c45f57ac5f9e59312b8

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxhelp20.sys

Filesize
44KB

MD5
e42e3433dbb4cffe8fdd91eab29aea8e

SHA1
6f764c5e20eecd6f3d4154d9d89d2420dd783470

SHA256
20abd8372b242fd356ac143e7eb56f93cfea4988ed1b0c4434cb64c387d7f66c

SHA512
260a2104aef64fd5a276e289e1cbe37502583e94039af41a3803f1c464d78c72def4e911f14312b94c63b28b1f6792a7bd10f23db837daf5a1a9ffd478c40810

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\PrimoRedist\pxsetup.exe

Filesize
70KB

MD5
4ee24c7fd67b098431c951db7686bd19

SHA1
5b14bed150ea0bf619b938ce94b9f32b02a6aadc

SHA256
0f445c4b76bc309a940d5f4ba615bef1dcefbc0d160f3a8d06e0038160d9b4af

SHA512
7853bcd7482b85ab362935060506a1b44779946e9428838a1c95cc54fcbf94058ed9c2101b5c4e3114ed125b88692ed694b394ff94ecc8d88c39b57bb21f08f8

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\SHELLD~1.DLL

Filesize
4KB

MD5
9c266c2dc7eca5bcab2d8df4990e0c1f

SHA1
662da3d9ca18aacdbaef884065fbfffdfacfabfa

SHA256
ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd

SHA512
e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\execDos.dll

Filesize
5KB

MD5
0deb397ca1e716bb7b15e1754e52b2ac

SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\nsDialogs.dll

Filesize
9KB

MD5
4ccc4a742d4423f2f0ed744fd9c81f63

SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc

SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
\Users\Admin\AppData\Local\Temp\nsoE3CC.tmp\nsis_winamp.dll

Filesize
4KB

MD5
1e1ded1cf1c69852f2074693459fb3b5

SHA1
81b165cae4d38a98760131989fdd8aed2c918679

SHA256
5946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec

SHA512
a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96

Download Submit
\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
12.3MB

MD5
76954d7dbf005d6db5e38d64f25a8c20

SHA1
054ad10803aa95f512a2c56293be7d1a287696f7

SHA256
e9e2eb114941f9f9157b4fb139e5588665fb89b709df82d4a8346ae66ccf03e1

SHA512
49e77880255470096830059bda1baf1d955f7f33659118995495aa6a6e090e32c798a8568504f213a90c4d3c3c81db41c22c54359d0689adb7b233c96c4fff4a

Download Submit
memory/564-2774-0x0000000003620000-0x0000000003665000-memory.dmp

Filesize
276KB

Download
memory/828-2155-0x0000000004D10000-0x0000000004E9D000-memory.dmp

Filesize
1.6MB

Download
memory/828-251-0x0000000002CE0000-0x0000000002CEA000-memory.dmp

Filesize
40KB

Download
memory/828-250-0x0000000002CE0000-0x0000000002CEA000-memory.dmp

Filesize
40KB

Download
memory/828-256-0x0000000002CE0000-0x0000000002CED000-memory.dmp

Filesize
52KB

Download
memory/828-257-0x0000000002CE0000-0x0000000002CED000-memory.dmp

Filesize
52KB

Download
memory/828-2161-0x0000000004D10000-0x0000000004E0F000-memory.dmp

Filesize
1020KB

Download
memory/828-2179-0x0000000004D10000-0x0000000004E25000-memory.dmp

Filesize
1.1MB

Download
memory/828-2173-0x0000000004D10000-0x0000000004DF3000-memory.dmp

Filesize
908KB

Download
memory/896-3202-0x0000000004D80000-0x0000000004DC5000-memory.dmp

Filesize
276KB

Download
memory/2872-2247-0x00000000001F0000-0x00000000001F2000-memory.dmp

Filesize
8KB

Download