442afee6bacb813fd84a6bab4bcb4d49d6a1fae17bedf6be4e2dcd7473db4149

Analysis

max time kernel
272s
max time network
317s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23/07/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setupprogram_01234.exe
Size

66.5MB
MD5

e9b7415372034669078d1ac0a13f1bcc
SHA1

ae3bea1c8c5e8a2aa233fce5e81774db33abadab
SHA256

442afee6bacb813fd84a6bab4bcb4d49d6a1fae17bedf6be4e2dcd7473db4149
SHA512

d51387e14f0f0b965a0ec970bc183d0351821f83b0a332de2f3a517d1b43ce687d068f225bc53aa63e015e0a5e37bb39f2d0be775746d5268641da209eb867f4
SSDEEP

786432:8n+FzopERE+TPP5ksm3ivhdS+9Ix5rUVP:zTPP5kVYtIxGP

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 4 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4288	netsh.exe
4696	netsh.exe
2352	netsh.exe
1912	netsh.exe

Executes dropped EXE 7 IoCs

pid	Process
1376	Setup.exe
4588	Elevator.exe
3004	pxsetup.exe
3740	pxcpyA64.exe
2588	winamp.exe
3532	winamp.exe
1272	reporter.exe

Loads dropped DLL 64 IoCs

pid	Process
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
436	rundll32.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe
2588	winamp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	winamp.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\fiShbRaiN - lost in the bottle.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Goody - LSD Zoomtunnel.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar & Unchained - Demonology (Vampire Soul Mix).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\fonts\default-font.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\xui\browser\stringtable.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\scripts\video.maki	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Geiss - Liquid Beats (janky ripple warp reflecto).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar - Harlequin's Liquid Dragon.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Unchained - Unclaimed Wreckage 2 (Sub-Spinal Daemon).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\in_wm.dll	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\guiobjects.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\yin - 300 - Daydreamer.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\yin - 315 - Ocean of Light (yo im peakin yo Eo.S.-Phat).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Krash + Geiss + martin - War Machine (Stahl's ultimate Mash Mix).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\phat_It'sJustNumbers_remix3.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\about\nibbles\level4.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Goody - Blame Hoffman.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Zylot - Star Ornament.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\Scripts\standardframe.maki	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S. + Phat - vacuum deity watching you.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\avs\Winamp 5 Picks\Tuggummi - Solero Shots.avs	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Unchained - Quine.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\wasabi\xml\system-groups.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\about\about.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\avs\Community Picks\UnConeD - Mister Santa.avs	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar - Alpha Conflict.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\zlib.dll	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\dropdownlist\dropdownlist.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar & Idiot24-7 - Marphet's Shrine.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Eo.S.+Phat - Arm_upgrades - transformer.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Goody + martin - crystal palace - Ocular Anima.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar - Alpha Conflict.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar - Sunflower Passion.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - Geiss - Psychotic Roulette.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\ml_history.dll	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\xml\config.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\avs\Winamp 5 Picks\UnConeD - Plankton.avs	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Aderrasi - See.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Geiss - Cosmic Dust 2 - Tiny Reaction Diffusion Mix.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Geiss - Swirlie 4.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\ORB - Magma Pool.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Stahlregen & Flexi + Geiss - Liquidity (Dynamic Swirls).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\options_buttons2.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\shufflerepeat_bg.PNG	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\baked - mushroom rainbows[acid Storm].milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\textures\Image415.jpg	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\player\buttons_vis.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\avs\convolution.ape	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\phat + Eo.S. - 2ct2V6.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\fiShbRaiN - psychotic meltdown.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\freeform\xml\tooltips\tooltips.m	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\shade\corners.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\avs\Community Picks\UnConeD - Seismogrid.avs	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Aderrasi - Brakefreak-bitcore tweak.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - soma in pink.milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\xml\notifier.xml	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\about\nibbles\info.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Big Bento\about\nibbles\level10.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\shade\seek.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Skins\Winamp Modern\window\menu.png	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar - VooV's Organic Light.milk	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\martin - dont drink and drive (police mix).milk	Setup.exe
File created	C:\Program Files (x86)\Winamp\Plugins\ml_nowplaying.dll	Setup.exe
File opened for modification	C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - the distant point between.milk	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3648	2588	WerFault.exe	91

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pxsetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winamp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winamp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Elevator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setupprogram_01234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ping.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reporter.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
912	ping.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{614D9D0A-C012-4863-AFBF-9C9DD01E04D1}\TypeLib	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A050616-00E0-49C3-BC60-23C5192B25D3}\TypeLib\Version = "1.0"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WMV	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MOD\shell\Play\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ptm\ = "Winamp.File.PTM"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C30FBC5C-F56C-40DD-841D-5E4428F3BAEA}	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C412E44B-A911-4E2E-AB26-F12BDB23EE55}	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c7538f11-8d14-439b-ad2d-30c2cd8d0e68}\ProgID\ = "CddbMusicIDNSWinamp.CddbMusicIDSettings.1"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NSV\shell\Enqueue\ = "&Agregar a la lista de Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.NSA\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B29AB5C-52CB-4A36-9314-E3FEE0BA7468}\ProgID\ = "Elevator.WFileTypeRegistrar2.1"	Elevator.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{fe4c8bff-961f-42c2-bad8-808f76edde15}\TypeLib	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.m3u8\ = "Winamp.PlayList"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03396E62-5ABB-4E75-AF96-5CC6171354BA}	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{bf1caa94-1d1c-4ae7-b94c-10fdc05f493d}\ProgID\ = "CddbPlaylist2NSWinamp.CddbPLGenRank.1"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.IFF\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4997bae9-4015-4030-80aa-1477ce28e66c}\ProgID	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{57B9551A-A3EA-484D-8FC6-1B4EC7D2420D}\ProxyStubClsid32	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.FLV\shell\open\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.OGG\shell\ = "Play"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.PTM\shell\open\DropTarget\Clsid = "{46986115-84D6-459c-8F95-52DD653E532E}"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\feed\ = "URL: RSS Protocol"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3FFD3787-FE3A-4F44-BE99-4289875EB925}\TypeLib\ = "{7919D0CA-3043-4C02-B778-AB2BF4931F58}"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP1\shell\open\	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SD2\shell\Enqueue\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RMI\shell\Enqueue\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39c806ec-eb0a-4f6e-b40d-c41d92281b5e}\ProgID	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D79FFAF8-1BC2-4BDE-B5F7-1BAA899865D2}\TypeLib	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP3	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP4\DefaultIcon\ = "C:\\Program Files (x86)\\Winamp\\winamp.exe,1"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{92892C0B-8DA6-49DF-B484-D5571C7E48CD}	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RMI\shell\open\command\ = "\"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\""	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RMI\shell\Enqueue	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.RMI\shell\ListBookmark\command	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.okt	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControlNSWinamp.CddbWMATag\CLSID	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{15D93D1E-50F1-444C-9E76-E4C8ACA0A29D}\TypeLib\ = "{7919D0CA-3043-4C02-B778-AB2BF4931F58}"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.SkinZip\shell\ = "Install"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA3218D8-A65C-4A29-8690-1E5B75DBF3B8}\TypeLib\ = "{65EBA1D4-45E2-4EC5-A7FF-CB7E14659C77}"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D951C2E-56FB-4E0B-903C-FE738DA573C1}\TypeLib\ = "{7919D0CA-3043-4C02-B778-AB2BF4931F58}"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AAC\shell\Enqueue\command	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AAC\shell\ListBookmark\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20D2984F-0D6D-49F9-AA80-36030CEF0A42}\TypeLib\Version = "1.0"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4B3BE7EE-9A6E-4276-8701-3A85F5D9E3C5}\TypeLib\Version = "1.0"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CA4E0490-7ED8-44A5-9ECD-D00B90DBE808}\TypeLib\Version = "1.0"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E0D26898-F166-4F42-9A6A-5D2E346ED6ED}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.VLB\shell\ListBookmark	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.M4A\shell\open\	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49D2A10D-A5F3-4BD0-9C15-6B2B94F16593}	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP1\shell\Enqueue\DropTarget	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.WAV\shell\Play\ = "&Reproducir en Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP1\shell\ = "Play"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.VLB\shell\Play\ = "&Reproducir en Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mat\ = "Winamp.File.MAT"	winamp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SD2	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mtm\ = "Winamp.File.MTM"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.SWF\shell\Play\ = "&Reproducir en Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\pcast\shell\open\command\ = "C:\\Program Files (x86)\\Winamp\\winamp.exe /HANDLE %1"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{05D652C1-7997-40F9-982D-347B8E29F8FB}\1.0\FLAGS\ = "0"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{43B1B346-2394-46E7-B1AC-EA8D93124F68}\TypeLib\ = "{05D652C1-7997-40F9-982D-347B8E29F8FB}"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.MP2\shell\ListBookmark\command	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Winamp.File.AAC\shell\Enqueue\ = "&Agregar a la lista de Winamp"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.nsv\ = "Winamp.File.NSV"	winamp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{623CE0D4-7B45-4B69-A28D-2401E7AA16D4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Setup.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
912	ping.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3560	Setupprogram_01234.exe
3560	Setupprogram_01234.exe
3004	pxsetup.exe
3004	pxsetup.exe
2588	winamp.exe
2588	winamp.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3532	winamp.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3560	Setupprogram_01234.exe
Token: 33	3916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3916	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1376	Setup.exe
3532	winamp.exe
3532	winamp.exe
3532	winamp.exe
3532	winamp.exe
3532	winamp.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3532	winamp.exe
3532	winamp.exe
3532	winamp.exe
3532	winamp.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1376	Setup.exe
4588	Elevator.exe
2588	winamp.exe
3532	winamp.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 1376	3560	Setupprogram_01234.exe	74
PID 3560 wrote to memory of 1376	3560	Setupprogram_01234.exe	74
PID 3560 wrote to memory of 1376	3560	Setupprogram_01234.exe	74
PID 1376 wrote to memory of 4588	1376	Setup.exe	76
PID 1376 wrote to memory of 4588	1376	Setup.exe	76
PID 1376 wrote to memory of 4588	1376	Setup.exe	76
PID 1376 wrote to memory of 4288	1376	Setup.exe	77
PID 1376 wrote to memory of 4288	1376	Setup.exe	77
PID 1376 wrote to memory of 4288	1376	Setup.exe	77
PID 1376 wrote to memory of 4696	1376	Setup.exe	79
PID 1376 wrote to memory of 4696	1376	Setup.exe	79
PID 1376 wrote to memory of 4696	1376	Setup.exe	79
PID 1376 wrote to memory of 2352	1376	Setup.exe	81
PID 1376 wrote to memory of 2352	1376	Setup.exe	81
PID 1376 wrote to memory of 2352	1376	Setup.exe	81
PID 1376 wrote to memory of 1912	1376	Setup.exe	83
PID 1376 wrote to memory of 1912	1376	Setup.exe	83
PID 1376 wrote to memory of 1912	1376	Setup.exe	83
PID 1376 wrote to memory of 3004	1376	Setup.exe	85
PID 1376 wrote to memory of 3004	1376	Setup.exe	85
PID 1376 wrote to memory of 3004	1376	Setup.exe	85
PID 3004 wrote to memory of 3740	3004	pxsetup.exe	86
PID 3004 wrote to memory of 3740	3004	pxsetup.exe	86
PID 1376 wrote to memory of 912	1376	Setup.exe	87
PID 1376 wrote to memory of 912	1376	Setup.exe	87
PID 1376 wrote to memory of 912	1376	Setup.exe	87
PID 1376 wrote to memory of 436	1376	Setup.exe	90
PID 1376 wrote to memory of 436	1376	Setup.exe	90
PID 1376 wrote to memory of 436	1376	Setup.exe	90
PID 2588 wrote to memory of 3532	2588	winamp.exe	95
PID 2588 wrote to memory of 3532	2588	winamp.exe	95
PID 2588 wrote to memory of 3532	2588	winamp.exe	95
PID 2588 wrote to memory of 1272	2588	winamp.exe	99
PID 2588 wrote to memory of 1272	2588	winamp.exe	99
PID 2588 wrote to memory of 1272	2588	winamp.exe	99

C:\Users\Admin\AppData\Local\Temp\Setupprogram_01234.exe
"C:\Users\Admin\AppData\Local\Temp\Setupprogram_01234.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1376
- - C:\Program Files (x86)\Winamp\Elevator.exe
    "C:\Program Files (x86)\Winamp\Elevator.exe" /RegServer
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:4588
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4288
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCP
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4696
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yes
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:2352
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDP
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:1912
- - C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxsetup.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxcpyA64.exe
      "C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxcpyA64.exe"
      4⤵
      Executes dropped EXE
      PID:3740
- - C:\Windows\SysWOW64\ping.exe
    ping -n 1 -w 400 www.google.com
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:912
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\SHELLD~1.DLL,RunDll_ShellExecute "open" "C:\Program Files (x86)\Winamp\winamp.exe" "/NEW /REG=S" "C:\Program Files (x86)\Winamp" 1
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:436

C:\Program Files (x86)\Winamp\winamp.exe
"C:\Program Files (x86)\Winamp\winamp.exe" /NEW /REG=S
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Program Files (x86)\Winamp\winamp.exe
  "C:\Program Files (x86)\Winamp\winamp.exe" /NEW C:\Users\Admin\AppData\Roaming\Winamp\winamp.m3u8
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3532
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 1040
  2⤵
  - Program crash
  PID:3648
- C:\Program Files (x86)\Winamp\plugins\reporter.exe
  "C:\Users\Admin\AppData\Roaming\Winamp\Plugins"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1272

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x398
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Winamp\Elevator.exe

Filesize
90KB

MD5
5e90e4e003ff75b207d956227c8db1fc

SHA1
e05c30b4e1dd22afae5fe0a117e62ee69af878fc

SHA256
35f2265273b38d3f81d6ef07f57bc20fca07f62687445aab6651c141157cb519

SHA512
7dc765ebbdc8c707da12e4a321f80545def74cb93ee73c6545893a7366173ead0108292603856dcc6136bbc46550f73ecaf36553c12eff5ed32a391d1efe63ab

Download Submit
C:\Program Files (x86)\Winamp\Lang\Winamp-ES-US.wlz

Filesize
1.8MB

MD5
22a376599b2849f93c7253c100eb4331

SHA1
77b6e26057f1a693f8102d5d7a1198d6945ee12a

SHA256
443937635937f0fa82240d20a81477ccb97fb4956aa1049af3408477a4513b86

SHA512
61900ef01d4eb6e8945fdb341287c01d41e79f3dbcef57c59727eea19dc40ab37a4b1307cd483c4ba9b917b7ff4731cf879f42d3d54e027dc36ca436557549f7

Download Submit
C:\Program Files (x86)\Winamp\System\aacdec.wbm

Filesize
259B

MD5
1add8602b0fbaa04bf8d5d3dba1b5773

SHA1
c07d835ecd5066a13b56819a3e8499d5adf4064d

SHA256
53cab9e0cfafd16c6d0553f7d32cf847e2c3c2ca6c3b2026304c772f7860614d

SHA512
f57d10dc83ad2ad6e3761ff07047fb2dbb7ad9981675517dcca4f661de97e1c1a0c6d43f0320090cbebcab1b3e761acde37c047f8ebe455098f250331511cf3b

Download Submit
C:\Program Files (x86)\Winamp\System\adpcm.wbm

Filesize
90B

MD5
e429629d090e3b1ed4db75aee35efc96

SHA1
f37ad76303b6fbdfd4820a8a6386ca220932c70b

SHA256
fbd9d49c94d98f0de4d07370d94ad002a670c15937be86005c627f377174be85

SHA512
a3a97d6cb886bf7f0497548339b3f50d4e74989cc68f96deed7030d4e93c9804932ec1222aacb73e9fb372208425e73c531936aa9efc91fa6995e2e128b43ca2

Download Submit
C:\Program Files (x86)\Winamp\System\alac.wbm

Filesize
44B

MD5
6596ff2e19aa263adf10d3378ff0b78f

SHA1
b47c8381470092f730e578a8a9b847d301fe011b

SHA256
4b728d5a18f24095b5e2faa23406fdc5ed99f50a11be113422ef8a372399c4cf

SHA512
fe380383a41b50defd83041870f6b88813f6564c2bdbe01b34827cdb8f3f33dda056dfe105055ee0a12d8ab7f4233dd59538cf6af6e739367053a4b0120be383

Download Submit
C:\Program Files (x86)\Winamp\System\h264.w5s

Filesize
666KB

MD5
38303f39eb179ff6cab518e817e22cae

SHA1
b8d69a8513dbc8a3afdf959513022b30bf9c505a

SHA256
721d283dff6ac902ea86eae324fdc3deaaf45aa0e77e842f044c11683c31d80f

SHA512
8f3457c46dfc8aa09fab51d6411a5d7297ab9283de12967bce9626e764d7568ac1daba8b34c7a146232d09fada15b5f4c86613bd272b6763dd9d53c368e0a618

Download Submit
C:\Program Files (x86)\Winamp\UninstWA.exe

Filesize
349KB

MD5
2619a928c97440d70d36132b3991305b

SHA1
0df596ace9885dc136b2795bee2b4ff31ac23e9d

SHA256
49c5a6d8a624461410aa4ad0e5fa0388223d833fee151e48b28bbfa0f25fdd5a

SHA512
51e54cc00a1d330db7f9ca2df11ea864dcabd906ed424cd80de37ecc829b3afe89d468c61f65e6f6b0534d44418a5c63f5a55eb0dd9c591d0dd47756aeb16a4d

Download Submit
C:\Program Files (x86)\Winamp\jnetlib.dll

Filesize
607KB

MD5
792104d32753ab1011a7dc41c80cb504

SHA1
48314163f4815452b61c7069531a6faa02775bc9

SHA256
8d52761d0e9f753f05bb0dfb37d9fd14eba0af4023608012710ca0c3db79e444

SHA512
bb3ddc7eedf30e4776c06a667b0ff9aee2605cd32d8e0fee1f93839ff29075fe37713a2b74e5f6ec51c0bc7a6d44dd5f022e196f068f969cd75f14482c5be587

Download Submit
C:\Program Files (x86)\Winamp\libmp4v2.dll

Filesize
205KB

MD5
40bcb601ffc793df132ca679a7be3751

SHA1
612019f73365bb71ed37bc9db8ce4f74b79554aa

SHA256
9bcb761abe667618bfe3511f540d19167d649b6eed8bb4f84384f96c38791381

SHA512
87a9ffe04cab651599b9d99e009e2a849a18fab2cf448bbf19a5197f8c4aee398ea3b5fdf2c83838880eb00ac59ee9884d968f8d78e3368afba98162d6f7bbea

Download Submit
C:\Program Files (x86)\Winamp\nde.dll

Filesize
84KB

MD5
d1b7c43550af02cf4e9712b1c1a63cc3

SHA1
0f0d82a6b341dfce6fa4d2b93252faf46a211e19

SHA256
202e7e7e30965d970cb37462f0bd763551d757bdf35e04cdc78721559118a469

SHA512
22d45cfa22343d5b74101e91cacdeaa73d6520588a365b0667c61e8e82451e78c0624b021e7ce5421d449e5d33f7df15355e272defb9d70c1cdbb89f611760e7

Download Submit
C:\Program Files (x86)\Winamp\nxlite.dll

Filesize
28KB

MD5
f270d9dbf305256d0979841886f288a3

SHA1
6e85e6d9e80c97e2d85b1754170b4ff9e50fe6bb

SHA256
bdc9e1a1edf9d42ca846b67256fc30befdf63c69354dcb30046e594e347a39ac

SHA512
b5b139870ac0ed729d6281a47ad002af2ac9102624846f0ca9ea198322fc20db9825261d4b3df26833df93d1dab3a2dbb8896eea100d06c7bcdbbd5ed08ea1f2

Download Submit
C:\Program Files (x86)\Winamp\paths.ini

Filesize
30B

MD5
8ad85a252352aa655f18d1b9300667b1

SHA1
5d2939f3b6c29739303f2caa4560d1f5376309c6

SHA256
fb7293e289aa918d2cbc3c362cea48dd061b0e12616924460466f26df28ff05c

SHA512
aa3c14551846a2a89b7c4ecbb9ac63e3c83501de5e088634c77e92ffd068a0aa547ad5c0d06890b553469013ff0de0dfe2058de86677966ace9c4d0b8c7b5525

Download Submit
C:\Program Files (x86)\Winamp\winamp.exe

Filesize
2.2MB

MD5
e000683011d966dd6cccf2bc3b6027c6

SHA1
7fea5c8039be8e5476c9322f14eadb9d855d1d72

SHA256
6760afda7a59a7dee557680e48a957cf1367ed04194808af61f779b7fb668850

SHA512
2dac85d626cb64b0ebc811b8d92d06503e06306df4830c562195a8116b25ae531bceedacb2b36487901454279cf4d9e328117f1133ea0fabff0a973ad7f4225f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WES92B1.tmp\freeform\Bento\window\config.png

Filesize
11KB

MD5
f1cb9b4927d7422dc92ca75a7487c9d1

SHA1
4b4b301ac4394a9afd99a98df671727e9e12fe9a

SHA256
f4a4cf784832613510f0b6c8f5831cac69351a17930e959dc04b2968c5415390

SHA512
5734ef04809780ccfab5f3806248ae01ba95db617f76b1f88fd4862e201cbd443b0546f029af469059236510596bf28f9536f04ad7aa0c77db94782fc7a2967d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WES92B1.tmp\freeform\Bento\window\controls.png

Filesize
5KB

MD5
890ba0f2b3b82d18a837d6c04a3e3781

SHA1
829d6ce0dd579a48fc28b0a72466f8c3180e257f

SHA256
f46c5cf893eb7dc6a59ebcf50f00d8de08df597fcb90ae4dfb7aeed96e27133e

SHA512
d229a06e97e556b08371d58975527f390ece15fd310858631db59244604e4684309de7e17883e89967d8d114d26ef5a5d689ea4d2d42793e259592ad703ec716

Download Submit
C:\Users\Admin\AppData\Local\Temp\WES92B1.tmp\freeform\Bento\window\window.png

Filesize
1KB

MD5
2a41e2f14321a33f140866d4652364a5

SHA1
0ad60c4850839047468f8d0be57f24bcb176bdec

SHA256
7b3708a4648cd960008c979a2e6c3c3c06cccb9a449c4e046967c9d27b42f84b

SHA512
332a2f89bf817a402b1d0963022e67c64aa7d08ee9892e1e6a329ea77d07c725c85c6fcff7c799b3c31c74c223f94d64d18883cf9317509c3dde8b33722476ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\WES92B1.tmp\freeform\xml\xui\browser\browser.png

Filesize
20KB

MD5
8b0fd638e2f340216aaa7986dab91a68

SHA1
6284bf8edbf03fa8fefeeaf0221e98f295ba856a

SHA256
b28dd330275a8d3cca8ef0492e64f9bbd638402647ef33de539ac7876e4dd124

SHA512
1abcfb23e187e27ebd4bf0365ef5392ad1af93d232803f43a2dcfbe7499955c58f2bcda6e66194b057612cd13f915399b6113c67dac294b7a1251e34cdfc40c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\WES92B1.tmp\ml_online.lng

Filesize
16KB

MD5
1f19640340e7c9683ec69fc8bcc0f075

SHA1
0c5973aedd13c0f0604a55c8637418176522df48

SHA256
b599bba0c898655f9be95d10cf640bef5764e11501d003ca1bf19c18a67373c2

SHA512
513c6bbccc0df5f05175f6fc5ad9d674c8a80d91ec569ded6fcf1fcde9800628f700089d3cf01481f85e9972d8721750cdaed0fdea544a2a451c3c23b70e9efd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\PxCpyA64.exe

Filesize
66KB

MD5
08d51e037f487f9ca9fd0b0388f4c15a

SHA1
67188d670673a5e9185616923d1b1a8aa22ad8bc

SHA256
fbaa0fd8dae9bde80bfe497dca28c6fc9174c14b12ab93e3942fffa04e3db3cf

SHA512
a40bb551fa8a705a5ac2bdc02a17ebba1c6c70f9ffce38c668b07bc538dc4461658b0bf220e26aa1833f624009f417f05c44aa0ff81af59a5ada4f97dd99013d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\px.dll

Filesize
682KB

MD5
dbb66b386c194a58e29e49d7ebbebe65

SHA1
78dced6be8870938a2c8fefb1b5b884159e5fb21

SHA256
309a40e28271eee4e41cdb5cd1f83c0087702d42f9fc3a87d62f9f30dd53d68d

SHA512
6a49783c86f2bdb6cb522f0e53a6e653eccb89b1a2d0d800bfae499d304cad173f621d9dad7765a13848a1e8bc4da355d94fc1a4bbf2beb5c4d999ea79257764

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxafs.dll

Filesize
130KB

MD5
e66569100ada3821d49be51109fa111c

SHA1
da0d6e0d9073b7d384e410916ae0306e16eee23a

SHA256
b7c5e5cdb6bf6fc01d1823b6aa1b0fef62f1e594886e2797a00a03809589c0f4

SHA512
981128e378ff2c286ad0aa9ca0012fc72cace283b0bbe4bb21ec7429735ef0b4438a6c6ff8dd3ac11438e25af33162f320a085223d6fcc41f5a7b060d88efb8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxcpyi64.exe

Filesize
120KB

MD5
50a76d2d5e4be94556326c4bf748c758

SHA1
dd2188e2fde11b75fa73003bf7502515182d4c88

SHA256
1c0e698d620f3703f940baccbfecd883b5f5e46d2436f0c17cb0c6c99155a4ec

SHA512
f60decd858d2dce3d7d57f53e7a2f7f1090d2d5fffbb1abcfd37c67718ecc2c92bfd45a208a2ec93efa5e8fa9c33f29e84bc52891998195dda237d6f1ea971a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxdrv.dll

Filesize
558KB

MD5
8f6f3aa814143099b431744b16845664

SHA1
67f518591a1cbb954a031cc7421faa1aeb25651a

SHA256
7c9449c2e774087305a28117e47fa48bbf33638144e9694f20d20fb15065ac9f

SHA512
5fdd908862dcabc37a794d0f7fe134e6df9f34d0e52cc69a535c37872a4f2edb44e2448654b3832a11f41fd57be36f1ad0f863603d1f268f99c6180a3a48bcb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxhpinst.exe

Filesize
70KB

MD5
d2728a10ccd2a675638b016d47b1c254

SHA1
9311a83a94d7b5694109e0e9694eada76765caa1

SHA256
8ca37574a79fffe781375955362eca8ba4511593dce6672590be8c42a775f146

SHA512
a6a31019f560b69935f5873fabe192b5899785544b9cf3841c1a846740edc56b3ba5f396d43d104f51acfd59faa97121f104abf7e4ac4a3fef5539cbd85a9759

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxinsa64.exe

Filesize
66KB

MD5
6d3630b7f27b3643fde05d1088f84f2f

SHA1
be742991eac9c6c8b0674c4be1fbddd10f7b9d37

SHA256
573d87feddc84eba6b3450bf00ad7ddf498ca99cc8809359fa9bb60c7ac76f68

SHA512
48a218a270357d3513596d92410bc865ef51c3bda6bfe5f53251e2ca3a5ff6edb31d722ee50d6b85d4e3bc7094b956180bed88575eac226236b55d81e0528ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxinsi64.exe

Filesize
123KB

MD5
94f95be2a44c8291132d314582f141f8

SHA1
d5bb1a7519221964497560b579bb5c1f1ab30aef

SHA256
df83d7cb34c59e1406fb5bf1edd083f8bca649db97979c6debc3d3ab0e36b980

SHA512
4a726c8431d9722f1213659e3cf150cda5a0850bb874f0f7c4c280f6805a122d14882531e06b11cbcd36d8a9a741a67f12b46dd02933d00c65ad1e255e1ca1dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxmas.dll

Filesize
214KB

MD5
746833260d2123ebb46ff44afcb8103c

SHA1
54275329dbc8caafb8a4a61198cdaa0986756ee3

SHA256
6cc2fc325653f7fc8725808270792921423c7dffba4f4e5bfdf5d396f89c2d97

SHA512
a2a577a39ece8b3b1407b528b17a3088179bc5eec3e1a9b14270529f82f6175d9c950da957bf6d707c968e4395eb55464e08778bb887b2871351f5655507252b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxsetup.exe

Filesize
70KB

MD5
4ee24c7fd67b098431c951db7686bd19

SHA1
5b14bed150ea0bf619b938ce94b9f32b02a6aadc

SHA256
0f445c4b76bc309a940d5f4ba615bef1dcefbc0d160f3a8d06e0038160d9b4af

SHA512
7853bcd7482b85ab362935060506a1b44779946e9428838a1c95cc54fcbf94058ed9c2101b5c4e3114ed125b88692ed694b394ff94ecc8d88c39b57bb21f08f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxsfs.dll

Filesize
2.0MB

MD5
e5ae8bd7d28eb4bf87f9c56daa6d3e3a

SHA1
61b841bdc9006953d504c137d5d7d8e8602fb31b

SHA256
780e084efbe74ac28d8d91dfff1e3bef97ebda3c54c7bd5c8fbbed128f21ea7b

SHA512
4930e9e128f9e8b55657752b5a8b1aa82c252dbae6ed0fc5d3112e5be85f30e6381e514e668ce5eb5dba8177583151d89707410b102d4c6466424682bcbbf0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxwave.dll

Filesize
430KB

MD5
24fa4bccc5ac82f5471abd0e3c9cb878

SHA1
9d9caf552519395fc76c7b756532032686827586

SHA256
a90d09923443c749266f65797176d70235854b9157a023362701c0d8477b78f3

SHA512
5e05daf7eb1de0baad166758304a5450750a876d4f7a521215aad279a00dfbc34a96299389dc2f523b54a73894433ce35480f559ed04d10ccbb14b1c75111914

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\pxwma.dll

Filesize
58KB

MD5
cbaa54ae75a0b8430e6bb65c72c7683d

SHA1
5fdead1d32a164426c623f5b871bea3d547801f5

SHA256
4f69dbbad8775b22d328968461c0c7ae11fe902bb949e178bf1878009705d0ed

SHA512
18b51a143af0d7d279c961143c4e3b5a42d439f59d7cd495dda174e062f3b9981363c021e474fe7901ff4651a174883f748ca98766a12f08606378cca3c4f504

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\PrimoRedist\vxblock.dll

Filesize
98KB

MD5
ba8559b1de9e06e1ebc5b41138839fff

SHA1
b2eb5557c01a3731adc3e0539b9c9ba32329f35a

SHA256
ffa5a535493c11595b1edea75e67ddd6e26e587a27d36e06a499acfa0e0a002b

SHA512
3314838685b476cdde9f9eb5be4881b29494b04b3f93a544736a2cbe0716c03cdf7f38fa14cf3e68844495a5452dd00ac1ea335fdd030556dde4715826d50fd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\install.ini

Filesize
1KB

MD5
4cb5d4c07b16dffd93de3fe3c106e552

SHA1
e6a4cbfb713c9b048f554264b36ad669ca2cdb0e

SHA256
7a98650a47286892b57b2a5f4c92ca187a965c6f08153f206ded5c72344c6e1f

SHA512
02b32554e33451f68eb9188c0acec5f6f3ba05a0a171c0ab37c76c277d81bb1c8390b00a70fb6d93d3267edfad26d71cd3a9aed103f301c6a96dc79bd7b6af9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\install.ini

Filesize
26B

MD5
385081d5feee87a4ed1a6e5dcee85f36

SHA1
8517162855b477e5498e95ff2e82584ef06d5c6d

SHA256
bdc6fb93206c1e7a590f2d4e97d0dab7d3badaf8b4e1a7b8487e9cf59f05eddc

SHA512
52bcb1cdae8abbe4b14ff85b57e03426d61e5cb25b1535a827af526ec66c00ae0a327b187cd10279cf18c379c912d3e478ef9966bb497a8b626824fe32d1093f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp122D.tmp\modern-wizard.bmp

Filesize
150KB

MD5
2d63e33fa1cf672338a22c88fa45e6a0

SHA1
86c510009d6c71d05eb2707fe6a10039df525192

SHA256
7ae875cfcb6e3b1f4a06460fbda99d8014dc4674ee256b0b79ec656777c7e292

SHA512
d42a7401c1d0d77d517d2f8086286bd6cf487cf5400cd8b8d720bcaf15149727751677f444fd9a8e340072deabad51347956894c1c034dd81df793b3b8087252

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup.exe

Filesize
12.3MB

MD5
76954d7dbf005d6db5e38d64f25a8c20

SHA1
054ad10803aa95f512a2c56293be7d1a287696f7

SHA256
e9e2eb114941f9f9157b4fb139e5588665fb89b709df82d4a8346ae66ccf03e1

SHA512
49e77880255470096830059bda1baf1d955f7f33659118995495aa6a6e090e32c798a8568504f213a90c4d3c3c81db41c22c54359d0689adb7b233c96c4fff4a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\feedback.ini

Filesize
884B

MD5
34596887db65b4d559bd92adbbd58eb3

SHA1
a610a496b41bc38bdb43e04b64c1e8ee2703fb8d

SHA256
b481b979a63b97651e2231b684e8d98f7c8a8e77163beeea49710a90da03c566

SHA512
115cee2deece2c0a5e83a68e14252272c9bdc2b8102fa33d21d56dd3db0bdf764b093fd4faca1afafcc3c92f8df065bd782c4d7b97c43a92b43b3761be3aa6dd

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
85B

MD5
661f2206ac253963428371f575ce29e2

SHA1
a3ae20abb92b0a39f5be0e48387ff36c878d8999

SHA256
5eddd08dbbbb3f45bdbd18c5cb621e1d8b4f88961a51b25fb61c972887a20bae

SHA512
49a4ab478e326a5b820399c64169cf1a28bc1c7f00cc3a3c5b34b3e5f0553527087c4bd43eb2b4244202186f47e5ea969bf962290ce338f0e28b974d2af6d767

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
736B

MD5
e8e4de3ec9f89e77875156f283ba9fbb

SHA1
99ed568d5960daa45d2a1381bf4f5642d4dba246

SHA256
9398d8058d8b955148305fe2296561f738dc027ae6efedd8285a6933ba05151f

SHA512
322d8d1cd4eaf938e1534aad56f04c52f08a0d2bff17a79dabf91d5e59ce56d2d0b1118209fbb17a8c90dc2f57adca48201cf37c1521360082473fdb6d5913ac

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
127dfe62eacf7da57c6edc64d64a480d

SHA1
892bc38cb966d4ae6062bc3a1e1e1faab234bc17

SHA256
ce1c3e9df5eac18a0bd4e71e6315d24fe32036202c7383e917424a82391894c2

SHA512
082854e662d87b568aed47b3fe4c76d5567642aa2b53ba2dfdb476a653f0ac443d46db25e39bf74722853ec1dfb92e61f03b4e2f1845e578fce941145b924dbf

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
006b67edac514f0a64a915a4b5ee62be

SHA1
579e50972cb06cc3caa305c5d0c4b84fc18aafbd

SHA256
fdf0fa1886976ce1ab99939b287e66debd77cfaf274ba9bf31a33682a04fc84a

SHA512
8b7a84239f62b12952dd7dbf9f0db1a547a3e23e46e28e357a000465590abb94f5c1e2822357d0c0d55ccaed790772765bf2a1e7ba5dc304ed2590f33a55e581

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

Filesize
1KB

MD5
aed0c4116fcb601e145b8c4db9360f45

SHA1
c383546dac0f98bc76ae67d0c52e267ee923a96c

SHA256
b1a476a5ee90eb87af31f46ea09e347c53d5150a7a4c2b365d0a596df35155ae

SHA512
66ee563f191147b1285e48b9c8e317dde5b0a837539d6dc0f7f32a37ee92819ba4d1ef3cb71bc1928f1e290a9b4502f63a7236d725f07a861d036d31fd68725c

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat

Filesize
466B

MD5
aeed0f8f982ec0ab2b4d59e2738a2312

SHA1
e035eb99173faae8a403ce0a3c187583da1b00fe

SHA256
5680605ca88cf3c3066d79bf8ba94435e61c1e9e92929d905299741542079647

SHA512
d9d40cef12e03ec6ee08f3f512e8923602ada4e5a9c75b9751f11ec7765c3c05f4e71ac9d86d9715f2e9f913fbcfdbf9e10f91ea7f1da219addd0dbc68e78461

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat.o1d00000DCC

Filesize
8B

MD5
76a66845f666c52790c3442f7e1a491a

SHA1
e392a609d9dc81fab060d8aece449fe616a40053

SHA256
101f682d9c519400a4d36b6a09cf0dd39a9faab6353b3ce0eb2f071860b6d05a

SHA512
71a6ab36ebfb6ff89ec6fbedfd1982fe0fb7e8c76981d24467eb73a924dc96cc4a0483381beead6517f829fa8babead0176a8df229072040564e708d99b4c783

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx

Filesize
68B

MD5
d39305c16a773b222871032c4148600e

SHA1
196b2a21dabfd3d001e2c79f3fdc7c411c4ca261

SHA256
01786514a6a5bb357099b7c11c23615c0e8e6e07aced1f3764f034b6a6be8d29

SHA512
bc16b755eb56da66ff8290d1498c9ebbe7a29e27c50a4326cf3cd9018d20c13bccb4d23e63429e07ac33e323ec19e11a69ad2e25c1b5a4a67341ea2019862093

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx

Filesize
52B

MD5
5dc97ea81161b0668f0e990df136a2ef

SHA1
eeaa4074b0aa62296a702a827ca9eb97d1e2826b

SHA256
612dee1659afbf7d277a6e3283bcc75107610cc9c2b934288ea04b0bccd92405

SHA512
659ec5e24c1950a1aaa8708f15ed0102e0afa87174b95e92201749ecf114b91b853c9c819c6501fcc319caa4c430eabeefe69e72950881dc94456bdaa629c5d1

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx.o1d00000DCC

Filesize
32B

MD5
137faa0c3baa69f733eaadb966b64ade

SHA1
a55982685efc19bb0afffa2eb1f3750241480eb8

SHA256
9cc291dcb5847e7f0e6d4bf322164461c6607da934ce9d376c0e15f7ddd33181

SHA512
b6286a581aa3d1add62836804a1fc79a2399fd6fa7144945b47f2ff8c0ebe88af3f289bee95db0cae1aa7c532b487a4bb6a9e65710c581afa2b7f13989885d78

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\et9570.vmd

Filesize
910B

MD5
fa6b6eaa81a2662b8c45b126727ea832

SHA1
6087f9505d21819ed2f656517a0a13664aeead2b

SHA256
370be262ff415bed2a40f450f69dfce660e3e635af0924dca0c1f118e489c046

SHA512
f26688d6236021172c0f2d001e5636f018fef9ba7c7fadf688bd78fb1f9633c766cdf9ff2581997bc7af8a5ffd92da19cba699a46a64a555ccc0e7e57bd7b3c1

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met9580.vmd

Filesize
126B

MD5
2cdaffaec77db6248825896e5c424893

SHA1
fc8df8ddc7811bfcf8f426dce0316c7eb6366b69

SHA256
6217223a02d019b85e566e2804ae6ae4dd3643c95578279a27909c9eedbdb961

SHA512
387e12cab715c8d9530b21725808c91bface84949f03d17312890464ec53ffbd79ce3a83685e0897e208a2e26e85c8296b848d91b0677df1bac446c229cfe05e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met958F.vmd

Filesize
116B

MD5
c386b2dab1e50ba2766d84fbff261563

SHA1
04689715512886016010a77f4cb1e6659e0df0b5

SHA256
ae6359b0c31c69599ebb789f3016908d680c7079d452c4648a3af0226b78a84b

SHA512
f67d207fad5f0a78d1c7e507257aa903704020f8339720c7e6e23e7d4699d084a57628703a0cd4f33b0460e5454a6d33b99c51f37e346a95504949ce30929723

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met959F.vmd

Filesize
125B

MD5
d39c2a872b313f71c47f6bef8a44b425

SHA1
fb0b1e55ba114f0ec0856cec44934c692690e487

SHA256
84f5b0b1ecb3612db2d369b18c758cd0de8ad31b371943343fc5b776092fceae

SHA512
b21b234843480ade18abbfc1dcae5edd536def427bfbd39d0c384e439c2b0692d1654703e32b4648ffb6f719fc1236edbc588bffd242ea7792fbb41b82d65b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metA561.vmd

Filesize
116B

MD5
c83239613245411ebd5416fe69629720

SHA1
e0b7924b12a88958fb9e18d5d8bdf1ed9ab84337

SHA256
a1defd5d6eed464399dc2a0f2c07d1f3a10e45963899ff4b824f748b690362d1

SHA512
f3d264e25bbceb2c58d741bfa16c35213df9a629ac59ef9a275c2ec60320b6580c6f1468627e966e14bc27695d9e157ce264a6259a4f78995e7fbe304d5e4528

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metB533.vmd

Filesize
127B

MD5
252e14c85c8b8288fda93614891308eb

SHA1
636d352077cab476c805fac2bc4ff58d83a14b99

SHA256
cd160e25ecd10aeada7cbe1b0913b8dc8098d009e43b9a549765e0250531c81b

SHA512
7c5654607006bd1300874257f9c452b7e5aeaf90e4815ccfa0f195988f7d51dfb8dce68c71d15649242f8d05f970d67101917c4ddeef12ea05d39fa8aa1f293b

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metC505.vmd

Filesize
103B

MD5
eebb8da8e062bd685542bffe0bb94e74

SHA1
75faddb50b83eae36988c1e3eab075fe8d5a3415

SHA256
ec58f79fffd619862667c1a7644ad34f76c4623f2b7857a5341640c893d4de18

SHA512
8a23a32b28a558e9a5d3a615d4412b768af8948f132b09e97ca121471db46693a4d05ce4df64f1ad951749d65c4d19000e08f7870d99eef9b90b62d2864f1bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Winamp.ini

Filesize
392B

MD5
aef9c47c671b4de2e3aee6f95d35dd59

SHA1
9bc17d77741da2def8f281a0d708aaee99c662f8

SHA256
8737b650d4e5d836980e3577351923de8beb6c9e65eab25dc27bd2ea7d784a3a

SHA512
5ff496c650bbbce00006c5de53021a34de675d2385807461ea79c97da3ae38da13b4dc363f9c4a654c36ff24494d8c0fee054b3d7ea085f6a816882faf9d43d6

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\Winamp.q1

Filesize
4KB

MD5
d24f1b829d1bd197e157b12d19c220e9

SHA1
555274f63e5b6ddbbd548179754fd0b2cbddf888

SHA256
58065811d8e881a5087af0c9a44d2baaa9628dc3cd1b1847533dad2c35a02cf8

SHA512
55c5c6bc1c466eebde84b98e024d774711bc1f1e32b28842d77eaea93dc030878e74012ea48179925313490b7c77d07383213ebb63d691228d2333e4217b33fc

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
432B

MD5
dcce0aa3903f9c3949b8330bfe7451d8

SHA1
a761396b073824a51f8813f73ad6e524677ec232

SHA256
2eaa93805f1efc96969a3ffb718089bc47f6c0fa560d145bc7e7cc6b7b33364d

SHA512
1e2322ac3ffdeef35cec5a6f4df876b8c1cb3f14c9e1aa9b27b8117a43ffbad8720352f6de93d84de59ce7087c9d71e7d6ad58cdd5d3f44b4efd8b63c199b858

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
455B

MD5
b8e0289a4921df330c9052d4b1e1cb23

SHA1
09f16e24c1c39d9346dd9873721a0cd09a4e22f6

SHA256
1258e470ff5638c44af499adf83be5800906da0c0f3835cc52016c68af12195e

SHA512
754992a618c125e46970474a300efd55e4a77bd7a49ac221d052566145bc89635db660122889d820625c94ae74acbe99a9f0ef943d10d5650e5a699bf9cf26e4

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
467B

MD5
c64105ecd02a80c56b93b022975ad80f

SHA1
e3c7ed1c0b08e6a4061998e1985d8bd3d2f74f5e

SHA256
8630dbe99407ae48ae874ba98d29fa733fdd7bd7a6f720c341eb93aed445cd2a

SHA512
2a064d41dd809ac121e1083221fda0590eaeb58f7bcd01220e5f0e45790b932730e5831e7a3f92bec998bb5ffc6350193078371118583e1e8ffb6e966120b8ad

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
873B

MD5
33e08f9c4af68e60b080256f2598867c

SHA1
38bf0422ed5c3a279dbd4ea10b38802305578810

SHA256
14fcc959ec8e0fa1f8277639084bae73b0951bbcea426764fcce2f860bf34225

SHA512
cc7adb080aecdc459fac3ce908ba72a52cd7784f1c04594b73b7c149e98c60700a85da905a9c35d462349f2463cd1e87ff2b143e964ff09aeb52b8e74906ac1d

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
1KB

MD5
61feb05e443ee94161704d36f13d57b1

SHA1
e4974b57d7c4a1a2c69215b2d48e74a6e791e3bb

SHA256
7f16611b6ad7a0f468b4b78de4a676afb75b1c4b57fe007b4ebcb9d1542285ef

SHA512
fea4eb960c39e53ea6ecbe7f049c39692cd8d81c763ce885dc53eb01661af352399100d560268bd7c119c7810ffe81cb78143120ece1caaab560d1d1d1f501e7

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
2KB

MD5
1878d4488247424e8f16932753a7b132

SHA1
3ac2c22da37e0e0ecc451f6989ecece67cbd2728

SHA256
2ec1092df98c4194ebbfc023678f8546153d5bbb3fe9bda342a6c1c1c72e4b8a

SHA512
69016fe9e57de21211936034436bf72dcd08ebe531e9173fcae0b79ae20df8d3e269b09dd51a9e655fa836c69dfa71fe312f0dd1ba066f2f5559ab1f74c714ce

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
2KB

MD5
abef410214296c0320af4b3ca250c13d

SHA1
4bada2b1af55defb36a4bbb68ce1f4c970892c04

SHA256
fed1a2357cd0e78335d69331e992333ea8d30a92c0f7ff876f9dfd5cb3981804

SHA512
2d724b45664dd0e5c09aa300d641df6fc7c7e3da5639078fb12817c84ccac6bb0fb90adbf5f84c6b17cfda08b0fb2e04ee5ae6fd3a3edbe06f9c57e6dd02a00c

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
2KB

MD5
b9fd1c9e597274b8790d4223b44015e4

SHA1
b4707204677351ab0d3eb8f88ca26f41eff5f6b4

SHA256
8eb60e4f50f5bdc3871dbc35f2f19c55b91f69cfd61f81292e1abf18de6f61db

SHA512
37dde4fd565310bfd2492146e521530f45ff4ead34fc951580a764c5e497b2a0132d45bc72618ba4b9a97d5eadce294608d769520c8517bf249cfb3de877f51e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
2KB

MD5
348fbe2774a26bfe03781ca94ae9f836

SHA1
d98090161dd901b3b3966d4f6c2344c7c97b844a

SHA256
dfee84f666a8b21f81770712118b5dd488955ec5dd84ba07f94c8cadf2bfe6ed

SHA512
b732e06dcd5e158445634dc1878cc4b6cc153658a4b4fa6285ff548588ecba96ff8534073405495bd884ef3a1f239d458fc882ed737e52e8b2254d3c3312996d

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
2KB

MD5
d283f553d1b4272db2d61229904ecca7

SHA1
21ecfaf89b120538fadc4facd5f1e6f2ff4fb90a

SHA256
a76a21a90f8024e7ed2bbf819f00101635013ce10a88d208c350aecfd9043b31

SHA512
aa10c5a5e9f3471d0d7f40b77c55dfd0d90e690097782b7135a3c42996e1571d4952dd9a5d617181ac2eabfe0d70775aecc663a960a98795e94e25fe33131b80

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
2KB

MD5
1ae7ac748ce853565c106c2c4957a751

SHA1
c704c848ffa2c4c8edf027736f80093ba6e32355

SHA256
76aec042705221d674d89ded5f33a581d39b9cabd4887de340c9d78465363cfe

SHA512
2e3e05234c8577c9055547798ae327faa70bad3e0e1d2acc75bf87ff86d7390dacaa5f88ab9fa8e1c8182c4d78841904b20d6703795ce6711aeab74bebc4533e

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
3KB

MD5
0c9bf6ccef494023e6ea39c30ce71c31

SHA1
71716b8843f96e264df74a3a674ae611c19a9d2c

SHA256
cada539ad9a6802ae3da89195ffebfa7c321a4c9c5c0377989ff1a6f0a0f9e30

SHA512
593c003226972130c3ec9d9e7f657f333418c5509f8c8594bf2ebeac51c1b3e0503c94fdce5f8e728255fb26446d81ac91c7096d5e397d86a815b8fb5cd356ca

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
4KB

MD5
3836cb9420dab433a7b042db12f922ef

SHA1
94d48707c8d1314883f95807e96cd64fbfcf53b5

SHA256
65c6079a665a97a4095262c8f2965da573b1365b9861abafe6ef2c16bffb6b81

SHA512
7823bd238dc30ed7ab855958efcce62af63ae0fee9171c48dcd8ebb47771198095f930b7b11c2791a97f7f39e490c0c0ee1bdf1526450ec2035cb93f1d728d99

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
4KB

MD5
4239bd8f58465f3a1b8e92dd29a28465

SHA1
d98c05129c05b8abc245260c85e2bb96b12efc7d

SHA256
9cfb090087cf47e0a6460159f0fc52367d1e045b189723ff6349c97798af507a

SHA512
12b3e769a195b94e4fb37c91d7c1d592d52f4ead0aa5ff77be2d163049a911b68bb8cb743cdfd0fa6ff7308aa554601afffcbecf8397a6df6b7de719b528c18b

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
4KB

MD5
c319eb4e282f0e98f12e6f2d1c73ec18

SHA1
e4d50dbdd5bebceeb29b0759cae8fa47e5300dc5

SHA256
530dd060950f0648ec954067db2a7f3b2c082f6036db602aaeedbaf0075fed0f

SHA512
af65b39aa017b79a7473d569a8fb21683188b8d9e908e3affa12f905cb2e7873a54e514322baeca21a5cf57a9f09089a01902babde2e9f32bfda0d31e20d7f50

Download Submit
C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

Filesize
56B

MD5
69c56e3d98acc64fd35ec6b2916db596

SHA1
cc9d47c9fed45c892578c04e080696ffc2ac0eab

SHA256
85b420b1faf6d7e70567eaf2b01eac6dcb78e02e2375956c317c8e98d6cbbad1

SHA512
234f0db4c217469ec585903915758c890b0040a97735574caa1d73cde68c0fe239b58ce60720a16ee136c14ef0977af894167d12488af5993cd7514d9d79ce8f

Download Submit
\Program Files (x86)\Winamp\Plugins\Gracenote\CDDBControlWinamp.dll

Filesize
1.5MB

MD5
72ab7ff3886957602a68b3d89bde44fa

SHA1
91365edba7dc4aae61edf0c5a16705552e668b6f

SHA256
025ee64129129e7e6bff4c0769cf93e00e095b752299e7d633de5d9c261e173b

SHA512
ac1b58c308bcebe6c4b4672b5a4aa14cd1d3a923c80ac495f4d42aab45db0d085ddbf51111f3045bbdc74d1456f642f62775362cf3d132c1b6aaae0c47663c35

Download Submit
\Program Files (x86)\Winamp\Plugins\Gracenote\CDDBUIWinamp.dll

Filesize
1017KB

MD5
ac5430ae266925bb85d2d5800d03c262

SHA1
b9a86664a0fac9b79c162587a203674bc6ae9191

SHA256
fb4211686c2ddba152cbc239ef8b630c5d2a8c05e9056d4c797cd0ddb200e9e4

SHA512
3992049fe87785c6827fa35b271c37696733b362bf276d5098b0e1befe6c217ee7847d1256dedc1fbbb2d608e7cc195e9229dbde7519615127b7f361edd8a15b

Download Submit
\Program Files (x86)\Winamp\Plugins\Gracenote\CddbMusicIDWinamp.dll

Filesize
905KB

MD5
37ffbcbc724d72a49248cd6df27cea84

SHA1
7ee0fa08510f549d9ad7538416e0e19bdf911ad8

SHA256
98a8b5ce8023885391bd4be08781deb141479eaae5c70e264eac2d6c2da54f7c

SHA512
b6fc63a76321e241547061a876f50f5b99e68880f6ba4af3d66656354cf827d99f07d38ffab6764c83c5ab1f35748876077af04743d747df3a3a5f86314a69e1

Download Submit
\Program Files (x86)\Winamp\Plugins\Gracenote\CddbPlaylist2Winamp.dll

Filesize
1.1MB

MD5
7c7f404f3923a9346978be902e2257de

SHA1
c1f41edfb4af754db2e2679a8ae40d3b1a9075b9

SHA256
1239b23e01467f6fdc2a0dd109c5713588fe77a4d206d60dfb3712e08d1dc3d5

SHA512
c60806b31bcb314c4d6e3e4ddd394752a665d16ee223359677e6d08dbf288aef88967a4aea46efbe28600f35f7abc5b6267a6c69820a29ce3f9f2e805fbcc477

Download Submit
\Program Files (x86)\Winamp\Plugins\gen_crasher.dll

Filesize
50KB

MD5
41b366ede1fbc0934ab725b98028dd09

SHA1
ba6790ebb79145bc35af7f1a197cc1f2048457f7

SHA256
4b561f368f71f524a1fd5b12f3b74d88e9baa89a9cf6e59128e6977fc47762c1

SHA512
1bbd61391db3e2c96c9140bf3a62a1fa0d2b1dd91e8240c62bec9be62e1f74007e42d5274100280fefc0bd7127ec993edb62ecfd3b159a8ba13b4d451dbfdeb6

Download Submit
\Program Files (x86)\Winamp\System\albumart.w5s

Filesize
25KB

MD5
3fdfdcd756afba33849d8b7684fe77e7

SHA1
1c06b7c06082f217b96277b3962e7e021e7685df

SHA256
93aabe12b37713acba5c7c94b30d3892e539683df69af7cc73bc1bf2551cf24a

SHA512
a1677d97d6ce58c076938d988367cc4f95c575cc6931b046dd7435cdf135b173aa69280957119b1ce8370382ad832f36ef758723782f2c1d16b47f013defdd41

Download Submit
\Program Files (x86)\Winamp\System\auth.w5s

Filesize
166KB

MD5
dcd7d62e2dbcdd7d7b90b18a7b6184ed

SHA1
4b6f23e077651e3cd5648d30e7d54bf274e5d452

SHA256
c00175ca500e434592cf16a6b3dbf6b02dad2b26150660fd22c5198c21b0fc7f

SHA512
dff9bb0a14b80e1fcb516e8ee7b9af7685ad7b5d52a7fd632e789424072ba8bd54613065c79311f752c47e7a59450dc7118ada48a56ea85debfde9c1df28b9c3

Download Submit
\Program Files (x86)\Winamp\elevatorps.dll

Filesize
50KB

MD5
c990acb402c04bd44319183198c748f3

SHA1
d20358545f8148394a1205f63d6bfa3bcb950f28

SHA256
fde86abbc080ce9dc48975100ad908b05a53e5c1026e34d064f3245a01770fbb

SHA512
86c5c5027e9e4571888d5edef060eb71fe1a2a365c5f2933ae95f263a188f2256d9f9e7182616e53146455f81892f1a923da2c2e10937de06f888d6d2bc8dd70

Download Submit
\Program Files (x86)\Winamp\nsutil.dll

Filesize
409KB

MD5
cdc510af97cee27fe9b7f6e79321960d

SHA1
7a676c673e46a6bb33edd35bb8051dc8428a39e4

SHA256
714149e044c0b1598d50b0de75f0e6c7b6b4b879a4d8fb195243e68758cf3f84

SHA512
4bd33b051d8a0ea158ae665323383d4ad326a6f7693fcd02aa6b4a6f6dc6ea28b75c26f394710668bba50a46cf4896eb173b664183389a95ababb4aa0e68207b

Download Submit
\Program Files (x86)\Winamp\tataki.dll

Filesize
86KB

MD5
54784a40c6e296df888635fafdc199c3

SHA1
863c0ee77db87557f39762e82d305d5bdc36fc91

SHA256
081220e46b00d9d1671f15658b6a9df7504223f514b03a593e5b9c56c68f135c

SHA512
5ae6bd6fce3d6f346409624a4229ec60fba113715d4ac17fc3f72c557a0b00b51de601bc44f214e39549e29d085e9acccc8aa5bc5acbe89638f1358fdc5d69c2

Download Submit
\Program Files (x86)\Winamp\zlib.dll

Filesize
43KB

MD5
dc5f4a3ef0c9a72118882f70263a0882

SHA1
2f386dacfc412c5951698260fba10dfaf1b19ff8

SHA256
6ec25680a10a0df7ba353705a0c32b4470758390f6c9b2afef98862dff4a8779

SHA512
cfdbf20adaf1255ca73f2be15d2e6007440cee15e930d6b1ea085cf1e89e1d1bd4a67a7bfec02bff61e3abe0c5659b67c5ee28637968c9e0dfc5304e5a741652

Download Submit
\Users\Admin\AppData\Local\Temp\WES7B8F.tmp\ombrowser.lng

Filesize
10KB

MD5
01891b473049ce79da02069c94bcf13b

SHA1
0409c3a0e83934fccc66bb3f145f5b19d1259db9

SHA256
7b46de4ace361780527e799e6338405a2abfe21b74174dc739a19d1b11e69615

SHA512
173efed2cca628a7a5f8731bea502ff53eb4420daa81848cbcfa097f62c451f3857364a010282515ca3466ca25fa3f6840d79058facd3a61676e0e7397701cd6

Download Submit
\Users\Admin\AppData\Local\Temp\nsp122D.tmp\Dialer.dll

Filesize
3KB

MD5
61b40a89c8b94ad6355262e118c8420c

SHA1
6b8fcae8baf661e115763cec2d69db7a6b767030

SHA256
4e63d7b877a7e8889b6cd7bebc1dec767bff0f5bd41d8936d4a5b29d934ea4c5

SHA512
77f7e3cdd2f2ec3a2cf619afec6438e0966a2f0d43539d62e9cd8e2acce56322e2dfa2f747937c3d62346640fb64e1176b52a329027a5a0569e0f05ceeb7a126

Download Submit
\Users\Admin\AppData\Local\Temp\nsp122D.tmp\LangDLL.dll

Filesize
5KB

MD5
a1cd3f159ef78d9ace162f067b544fd9

SHA1
72671fdf4bfeeb99b392685bf01081b4a0b3ae66

SHA256
47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

SHA512
ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

Download Submit
\Users\Admin\AppData\Local\Temp\nsp122D.tmp\NSISdl.dll

Filesize
15KB

MD5
7caaf58a526da33c24cbe122e7839693

SHA1
7687112cb6593947226f8a8319d6e2d0cdef3b11

SHA256
19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

SHA512
aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

Download Submit
\Users\Admin\AppData\Local\Temp\nsp122D.tmp\SHELLD~1.DLL

Filesize
4KB

MD5
9c266c2dc7eca5bcab2d8df4990e0c1f

SHA1
662da3d9ca18aacdbaef884065fbfffdfacfabfa

SHA256
ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd

SHA512
e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139

Download Submit
\Users\Admin\AppData\Local\Temp\nsp122D.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nsp122D.tmp\execDos.dll

Filesize
5KB

MD5
0deb397ca1e716bb7b15e1754e52b2ac

SHA1
fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

SHA256
720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

SHA512
507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

Download Submit
\Users\Admin\AppData\Local\Temp\nsp122D.tmp\nsDialogs.dll

Filesize
9KB

MD5
4ccc4a742d4423f2f0ed744fd9c81f63

SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc

SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

Download Submit
\Users\Admin\AppData\Local\Temp\nsp122D.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
\Users\Admin\AppData\Local\Temp\nsp122D.tmp\nsis_winamp.dll

Filesize
4KB

MD5
1e1ded1cf1c69852f2074693459fb3b5

SHA1
81b165cae4d38a98760131989fdd8aed2c918679

SHA256
5946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec

SHA512
a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96

Download Submit
memory/1376-2133-0x00000000045C0000-0x000000000474D000-memory.dmp

Filesize
1.6MB

Download
memory/1376-2142-0x00000000045C0000-0x00000000046BF000-memory.dmp

Filesize
1020KB

Download
memory/1376-2157-0x00000000045C0000-0x00000000046A3000-memory.dmp

Filesize
908KB

Download
memory/1376-2167-0x00000000045C0000-0x00000000046D5000-memory.dmp

Filesize
1.1MB

Download
memory/2588-3007-0x00000000035C0000-0x0000000003605000-memory.dmp

Filesize
276KB

Download
memory/3532-4080-0x0000000008210000-0x0000000008255000-memory.dmp

Filesize
276KB

Download