Resubmissions

17/11/2024, 15:11

241117-skp3lasere 8

Analysis

  • max time kernel
    58s
  • max time network
    62s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17/11/2024, 15:11

General

  • Target

    Setup_10024.exe

  • Size

    66.5MB

  • MD5

    a9dfcaf306acbfffcfa73dd2447817c1

  • SHA1

    2cd707c6a9d1f7860edeccb3caf40f92777c7cd0

  • SHA256

    e54b941d2033722df7463bcd9f3ab3e909fc16254721c0455d6214f28a2150c8

  • SHA512

    60e9269d57845656f92f5aa206be75b22974107693a3b87bfb261bfe0a3b7451eb9381341971816de61f646ec80a4746f63ab8e7b1fd31f9b9c671647a51e94f

  • SSDEEP

    393216:gHHFEHHp1UNNtUWnYv3QYDez3QzCQSPIaXSz69II65rUV4:r1UNNtUWnw3ivhdS+9Ix5rUV4

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 5 IoCs
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 15 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Modifies registry class 64 IoCs
  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 61 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_10024.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_10024.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Winamp\Elevator.exe
        "C:\Program Files (x86)\Winamp\Elevator.exe" /RegServer
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2656
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=TCP new action=allow enable=yes
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:2504
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=TCP
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:2672
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram program="C:\Program Files (x86)\Winamp\winamp.exe" name="Winamp" mode=ENABLE scope=ALL profile=ALL
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:2980
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall set rule name="Winamp" dir=in program="C:\Program Files (x86)\Winamp\winamp.exe" profile=private,public protocol=UDP new action=allow enable=yes
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:2816
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="Winamp" dir=in action=allow program="C:\Program Files (x86)\Winamp\winamp.exe" enable=yes profile=private,public protocol=UDP
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:1188
      • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxsetup.exe
        "C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxsetup.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:872
        • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxcpyA64.exe
          "C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxcpyA64.exe"
          4⤵
          • Executes dropped EXE
          PID:1280
      • C:\Windows\SysWOW64\ping.exe
        ping -n 1 -w 400 www.google.com
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:876
      • C:\Windows\SysWOW64\ping.exe
        ping -n 1 -w 400 www.yahoo.com
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2432
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\SHELLD~1.DLL,RunDll_ShellExecute "open" "C:\Program Files (x86)\Winamp\winamp.exe" "/NEW /REG=S" "C:\Program Files (x86)\Winamp" 1
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2704
  • C:\Program Files (x86)\Winamp\winamp.exe
    "C:\Program Files (x86)\Winamp\winamp.exe" /NEW /REG=S
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Program Files (x86)\Winamp\winamp.exe
      "C:\Program Files (x86)\Winamp\winamp.exe" /NEW C:\Users\Admin\AppData\Roaming\Winamp\winamp.m3u8
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2184
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x574
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1152
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2056

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Winamp\Plugins\gen_crasher.dll

            Filesize

            50KB

            MD5

            41b366ede1fbc0934ab725b98028dd09

            SHA1

            ba6790ebb79145bc35af7f1a197cc1f2048457f7

            SHA256

            4b561f368f71f524a1fd5b12f3b74d88e9baa89a9cf6e59128e6977fc47762c1

            SHA512

            1bbd61391db3e2c96c9140bf3a62a1fa0d2b1dd91e8240c62bec9be62e1f74007e42d5274100280fefc0bd7127ec993edb62ecfd3b159a8ba13b4d451dbfdeb6

          • C:\Program Files (x86)\Winamp\jnetlib.dll

            Filesize

            607KB

            MD5

            792104d32753ab1011a7dc41c80cb504

            SHA1

            48314163f4815452b61c7069531a6faa02775bc9

            SHA256

            8d52761d0e9f753f05bb0dfb37d9fd14eba0af4023608012710ca0c3db79e444

            SHA512

            bb3ddc7eedf30e4776c06a667b0ff9aee2605cd32d8e0fee1f93839ff29075fe37713a2b74e5f6ec51c0bc7a6d44dd5f022e196f068f969cd75f14482c5be587

          • C:\Program Files (x86)\Winamp\nde.dll

            Filesize

            84KB

            MD5

            d1b7c43550af02cf4e9712b1c1a63cc3

            SHA1

            0f0d82a6b341dfce6fa4d2b93252faf46a211e19

            SHA256

            202e7e7e30965d970cb37462f0bd763551d757bdf35e04cdc78721559118a469

            SHA512

            22d45cfa22343d5b74101e91cacdeaa73d6520588a365b0667c61e8e82451e78c0624b021e7ce5421d449e5d33f7df15355e272defb9d70c1cdbb89f611760e7

          • C:\Program Files (x86)\Winamp\paths.ini

            Filesize

            30B

            MD5

            8ad85a252352aa655f18d1b9300667b1

            SHA1

            5d2939f3b6c29739303f2caa4560d1f5376309c6

            SHA256

            fb7293e289aa918d2cbc3c362cea48dd061b0e12616924460466f26df28ff05c

            SHA512

            aa3c14551846a2a89b7c4ecbb9ac63e3c83501de5e088634c77e92ffd068a0aa547ad5c0d06890b553469013ff0de0dfe2058de86677966ace9c4d0b8c7b5525

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\px.dll

            Filesize

            682KB

            MD5

            dbb66b386c194a58e29e49d7ebbebe65

            SHA1

            78dced6be8870938a2c8fefb1b5b884159e5fb21

            SHA256

            309a40e28271eee4e41cdb5cd1f83c0087702d42f9fc3a87d62f9f30dd53d68d

            SHA512

            6a49783c86f2bdb6cb522f0e53a6e653eccb89b1a2d0d800bfae499d304cad173f621d9dad7765a13848a1e8bc4da355d94fc1a4bbf2beb5c4d999ea79257764

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxafs.dll

            Filesize

            130KB

            MD5

            e66569100ada3821d49be51109fa111c

            SHA1

            da0d6e0d9073b7d384e410916ae0306e16eee23a

            SHA256

            b7c5e5cdb6bf6fc01d1823b6aa1b0fef62f1e594886e2797a00a03809589c0f4

            SHA512

            981128e378ff2c286ad0aa9ca0012fc72cace283b0bbe4bb21ec7429735ef0b4438a6c6ff8dd3ac11438e25af33162f320a085223d6fcc41f5a7b060d88efb8e

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxcpyi64.exe

            Filesize

            120KB

            MD5

            50a76d2d5e4be94556326c4bf748c758

            SHA1

            dd2188e2fde11b75fa73003bf7502515182d4c88

            SHA256

            1c0e698d620f3703f940baccbfecd883b5f5e46d2436f0c17cb0c6c99155a4ec

            SHA512

            f60decd858d2dce3d7d57f53e7a2f7f1090d2d5fffbb1abcfd37c67718ecc2c92bfd45a208a2ec93efa5e8fa9c33f29e84bc52891998195dda237d6f1ea971a0

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxdrv.dll

            Filesize

            558KB

            MD5

            8f6f3aa814143099b431744b16845664

            SHA1

            67f518591a1cbb954a031cc7421faa1aeb25651a

            SHA256

            7c9449c2e774087305a28117e47fa48bbf33638144e9694f20d20fb15065ac9f

            SHA512

            5fdd908862dcabc37a794d0f7fe134e6df9f34d0e52cc69a535c37872a4f2edb44e2448654b3832a11f41fd57be36f1ad0f863603d1f268f99c6180a3a48bcb5

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxhpinst.exe

            Filesize

            70KB

            MD5

            d2728a10ccd2a675638b016d47b1c254

            SHA1

            9311a83a94d7b5694109e0e9694eada76765caa1

            SHA256

            8ca37574a79fffe781375955362eca8ba4511593dce6672590be8c42a775f146

            SHA512

            a6a31019f560b69935f5873fabe192b5899785544b9cf3841c1a846740edc56b3ba5f396d43d104f51acfd59faa97121f104abf7e4ac4a3fef5539cbd85a9759

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxinsa64.exe

            Filesize

            66KB

            MD5

            6d3630b7f27b3643fde05d1088f84f2f

            SHA1

            be742991eac9c6c8b0674c4be1fbddd10f7b9d37

            SHA256

            573d87feddc84eba6b3450bf00ad7ddf498ca99cc8809359fa9bb60c7ac76f68

            SHA512

            48a218a270357d3513596d92410bc865ef51c3bda6bfe5f53251e2ca3a5ff6edb31d722ee50d6b85d4e3bc7094b956180bed88575eac226236b55d81e0528ec1

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxinsi64.exe

            Filesize

            123KB

            MD5

            94f95be2a44c8291132d314582f141f8

            SHA1

            d5bb1a7519221964497560b579bb5c1f1ab30aef

            SHA256

            df83d7cb34c59e1406fb5bf1edd083f8bca649db97979c6debc3d3ab0e36b980

            SHA512

            4a726c8431d9722f1213659e3cf150cda5a0850bb874f0f7c4c280f6805a122d14882531e06b11cbcd36d8a9a741a67f12b46dd02933d00c65ad1e255e1ca1dc

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxmas.dll

            Filesize

            214KB

            MD5

            746833260d2123ebb46ff44afcb8103c

            SHA1

            54275329dbc8caafb8a4a61198cdaa0986756ee3

            SHA256

            6cc2fc325653f7fc8725808270792921423c7dffba4f4e5bfdf5d396f89c2d97

            SHA512

            a2a577a39ece8b3b1407b528b17a3088179bc5eec3e1a9b14270529f82f6175d9c950da957bf6d707c968e4395eb55464e08778bb887b2871351f5655507252b

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxsfs.dll

            Filesize

            2.0MB

            MD5

            e5ae8bd7d28eb4bf87f9c56daa6d3e3a

            SHA1

            61b841bdc9006953d504c137d5d7d8e8602fb31b

            SHA256

            780e084efbe74ac28d8d91dfff1e3bef97ebda3c54c7bd5c8fbbed128f21ea7b

            SHA512

            4930e9e128f9e8b55657752b5a8b1aa82c252dbae6ed0fc5d3112e5be85f30e6381e514e668ce5eb5dba8177583151d89707410b102d4c6466424682bcbbf0ad

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxwave.dll

            Filesize

            430KB

            MD5

            24fa4bccc5ac82f5471abd0e3c9cb878

            SHA1

            9d9caf552519395fc76c7b756532032686827586

            SHA256

            a90d09923443c749266f65797176d70235854b9157a023362701c0d8477b78f3

            SHA512

            5e05daf7eb1de0baad166758304a5450750a876d4f7a521215aad279a00dfbc34a96299389dc2f523b54a73894433ce35480f559ed04d10ccbb14b1c75111914

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxwma.dll

            Filesize

            58KB

            MD5

            cbaa54ae75a0b8430e6bb65c72c7683d

            SHA1

            5fdead1d32a164426c623f5b871bea3d547801f5

            SHA256

            4f69dbbad8775b22d328968461c0c7ae11fe902bb949e178bf1878009705d0ed

            SHA512

            18b51a143af0d7d279c961143c4e3b5a42d439f59d7cd495dda174e062f3b9981363c021e474fe7901ff4651a174883f748ca98766a12f08606378cca3c4f504

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\vxblock.dll

            Filesize

            98KB

            MD5

            ba8559b1de9e06e1ebc5b41138839fff

            SHA1

            b2eb5557c01a3731adc3e0539b9c9ba32329f35a

            SHA256

            ffa5a535493c11595b1edea75e67ddd6e26e587a27d36e06a499acfa0e0a002b

            SHA512

            3314838685b476cdde9f9eb5be4881b29494b04b3f93a544736a2cbe0716c03cdf7f38fa14cf3e68844495a5452dd00ac1ea335fdd030556dde4715826d50fd8

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\install.ini

            Filesize

            1KB

            MD5

            129725b4e32e12724054f1d018a04e0c

            SHA1

            ce2197507e97999c19cc29d3ba1628d518585246

            SHA256

            090fcca9a97cccdc1bb7f592e993a1e03c5ae578fc8e22ed1eb514cbbdd1d21a

            SHA512

            0479a4fb2ce3c999f8d852ded96a7ae4485737aebb63a7b67fded04ff5712beb118484bf4c2a8de2fb9eab1260db28d4e1c8eb88bc255aa7267efdc1cafce1c2

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\install.ini

            Filesize

            26B

            MD5

            385081d5feee87a4ed1a6e5dcee85f36

            SHA1

            8517162855b477e5498e95ff2e82584ef06d5c6d

            SHA256

            bdc6fb93206c1e7a590f2d4e97d0dab7d3badaf8b4e1a7b8487e9cf59f05eddc

            SHA512

            52bcb1cdae8abbe4b14ff85b57e03426d61e5cb25b1535a827af526ec66c00ae0a327b187cd10279cf18c379c912d3e478ef9966bb497a8b626824fe32d1093f

          • C:\Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\modern-wizard.bmp

            Filesize

            150KB

            MD5

            2d63e33fa1cf672338a22c88fa45e6a0

            SHA1

            86c510009d6c71d05eb2707fe6a10039df525192

            SHA256

            7ae875cfcb6e3b1f4a06460fbda99d8014dc4674ee256b0b79ec656777c7e292

            SHA512

            d42a7401c1d0d77d517d2f8086286bd6cf487cf5400cd8b8d720bcaf15149727751677f444fd9a8e340072deabad51347956894c1c034dd81df793b3b8087252

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\feedback.ini

            Filesize

            884B

            MD5

            34596887db65b4d559bd92adbbd58eb3

            SHA1

            a610a496b41bc38bdb43e04b64c1e8ee2703fb8d

            SHA256

            b481b979a63b97651e2231b684e8d98f7c8a8e77163beeea49710a90da03c566

            SHA512

            115cee2deece2c0a5e83a68e14252272c9bdc2b8102fa33d21d56dd3db0bdf764b093fd4faca1afafcc3c92f8df065bd782c4d7b97c43a92b43b3761be3aa6dd

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

            Filesize

            85B

            MD5

            661f2206ac253963428371f575ce29e2

            SHA1

            a3ae20abb92b0a39f5be0e48387ff36c878d8999

            SHA256

            5eddd08dbbbb3f45bdbd18c5cb621e1d8b4f88961a51b25fb61c972887a20bae

            SHA512

            49a4ab478e326a5b820399c64169cf1a28bc1c7f00cc3a3c5b34b3e5f0553527087c4bd43eb2b4244202186f47e5ea969bf962290ce338f0e28b974d2af6d767

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

            Filesize

            1KB

            MD5

            ea88f208883a61145d61db8279eae5b3

            SHA1

            9940e3b818695d517b267ce6bc3230f96ee35663

            SHA256

            20b000356e443933ae9a2f38af6404227fa36f8186793d62d1078de1f942ca67

            SHA512

            0372e7ff31cc98ab7c6017a43bfe3fe43b786dbe3f479ee3cdce2bbfba701c91d367b37fae5a463a25f9c2deb9f180989e6f28e8d62862731deb30b806e252a3

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

            Filesize

            1KB

            MD5

            412475ef1907d32f51784154f6d0c8f1

            SHA1

            38f5ebb35a037481b32f3d5ff5912d08d63ff2bb

            SHA256

            e136890ebd7ee5e0df97329a5b1556b48b77b62e4b1a9f612c1acff6d77ba707

            SHA512

            f68af166b2dee91401e434164d045616777f1afb68d482295d6e64d0595b262bd4239e8a8a0118ae80adfd31647ecfa78e7cbdd7591e962c2b85ef2d2cdd044e

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

            Filesize

            1KB

            MD5

            6912e8fe99f846694bc8b592c13ec155

            SHA1

            d0c99287e7bc9d2da4541734dc55b37a4712b4d5

            SHA256

            357d2b35be8d16b9b43c59ef1f2f2447a84614ba9c97379db14aeb4c0bb66721

            SHA512

            339cd628c18c1ad3773cb78ebeef302b326aeacccab252e737029b2ed05b552f0900b2fa1d8dbb76cea30d07e9c2eed922f085437391692f4d3dba5c295b8368

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\gen_ml.ini

            Filesize

            1KB

            MD5

            ec6a2c2e5ded028cb262ba1016fac4fa

            SHA1

            8c095e0c56e0e64b83fe09fc60e67d56155a9d82

            SHA256

            a9f996a3bf5e70fa74605babee9cc802745021a606a2e6dc258eae681b1bf8be

            SHA512

            3eabbb812ab9d3c8436c41553c0697927c79bac9d56a8469d23834a2bfcff3369b4e31402cad3c9c069098cf7a9e959fc8fd58ee2b03ecefb65e2589edb7c251

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\ml_online.ini

            Filesize

            54B

            MD5

            869c023e6356f60322b9959002e199b0

            SHA1

            11f9f69683019566bdc932b2cdd8cc69fc6ad926

            SHA256

            be56a246bd91885254c46cd2b13bb2b1298a7810df495d4b5ad9e12e857b6aab

            SHA512

            58b089e54eb3bc7b2de61e9cd726a370289f0e8737c8bf56fc4513b250991b542b1a1ad5cb57a27133b741ac54301c3c9981f968caabac4815fbc48dff12cff3

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat

            Filesize

            466B

            MD5

            11bfa874196e18174379f536a52372e4

            SHA1

            bcb5bea02fce56d0b97b0a6d815e6e73ce72dd5e

            SHA256

            60d2d9bf9ba4c9787f9cdb23d657809685f14f739866c4ab1c64ced47ebc7737

            SHA512

            7cfd5ee948971e44af7c46338191c460a408f0e34212dca2be7ee3c937d06b14dbf656a9006410a00888bc82b34c76caa68adcb79b380a29b67190d19728e2f8

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.dat.o1d00000888

            Filesize

            8B

            MD5

            76a66845f666c52790c3442f7e1a491a

            SHA1

            e392a609d9dc81fab060d8aece449fe616a40053

            SHA256

            101f682d9c519400a4d36b6a09cf0dd39a9faab6353b3ce0eb2f071860b6d05a

            SHA512

            71a6ab36ebfb6ff89ec6fbedfd1982fe0fb7e8c76981d24467eb73a924dc96cc4a0483381beead6517f829fa8babead0176a8df229072040564e708d99b4c783

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx

            Filesize

            68B

            MD5

            d39305c16a773b222871032c4148600e

            SHA1

            196b2a21dabfd3d001e2c79f3fdc7c411c4ca261

            SHA256

            01786514a6a5bb357099b7c11c23615c0e8e6e07aced1f3764f034b6a6be8d29

            SHA512

            bc16b755eb56da66ff8290d1498c9ebbe7a29e27c50a4326cf3cd9018d20c13bccb4d23e63429e07ac33e323ec19e11a69ad2e25c1b5a4a67341ea2019862093

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx

            Filesize

            52B

            MD5

            5dc97ea81161b0668f0e990df136a2ef

            SHA1

            eeaa4074b0aa62296a702a827ca9eb97d1e2826b

            SHA256

            612dee1659afbf7d277a6e3283bcc75107610cc9c2b934288ea04b0bccd92405

            SHA512

            659ec5e24c1950a1aaa8708f15ed0102e0afa87174b95e92201749ecf114b91b853c9c819c6501fcc319caa4c430eabeefe69e72950881dc94456bdaa629c5d1

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\recent.idx.o1d00000888

            Filesize

            32B

            MD5

            137faa0c3baa69f733eaadb966b64ade

            SHA1

            a55982685efc19bb0afffa2eb1f3750241480eb8

            SHA256

            9cc291dcb5847e7f0e6d4bf322164461c6607da934ce9d376c0e15f7ddd33181

            SHA512

            b6286a581aa3d1add62836804a1fc79a2399fd6fa7144945b47f2ff8c0ebe88af3f289bee95db0cae1aa7c532b487a4bb6a9e65710c581afa2b7f13989885d78

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\et7983.vmd

            Filesize

            585B

            MD5

            4e9180a184a1198d9594c98d4e01919f

            SHA1

            ddcb8d3490b1fa89abca6ff28e172fc9bd6a8fc7

            SHA256

            6b4104b26ba3333b9baf2738993a14c4f51fbc8b1dac8560095e00aeb24ca7b6

            SHA512

            43cc1bb4cd1d7c2615e8a259db6bbf915a1b9534f030d368d210ad2e866f24b31cfd17fae669e86a702faa16eac181bfc570a85d495686499b5ffe3559db682b

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\et7983.vmd

            Filesize

            910B

            MD5

            fa6b6eaa81a2662b8c45b126727ea832

            SHA1

            6087f9505d21819ed2f656517a0a13664aeead2b

            SHA256

            370be262ff415bed2a40f450f69dfce660e3e635af0924dca0c1f118e489c046

            SHA512

            f26688d6236021172c0f2d001e5636f018fef9ba7c7fadf688bd78fb1f9633c766cdf9ff2581997bc7af8a5ffd92da19cba699a46a64a555ccc0e7e57bd7b3c1

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met7993.vmd

            Filesize

            127B

            MD5

            252e14c85c8b8288fda93614891308eb

            SHA1

            636d352077cab476c805fac2bc4ff58d83a14b99

            SHA256

            cd160e25ecd10aeada7cbe1b0913b8dc8098d009e43b9a549765e0250531c81b

            SHA512

            7c5654607006bd1300874257f9c452b7e5aeaf90e4815ccfa0f195988f7d51dfb8dce68c71d15649242f8d05f970d67101917c4ddeef12ea05d39fa8aa1f293b

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met8955.vmd

            Filesize

            174B

            MD5

            9936bebab9c4e0e2aac7dceffc42dbac

            SHA1

            c1d2b8ceed49c904db7f174e06cc4e8ef851a87b

            SHA256

            ee730918e759544d7d087fe0b2e0aee12145ec36ecd4f4aced4336d85503a124

            SHA512

            16a5da57970c1d9b0e00bd8ac21ad53260b48db7b7b8bdb1953c625e8b6a9a132afa53fcb835163b73fe6a5dae40aa5ddffda9a11f42e8942c07b180363f2ff0

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met8965.vmd

            Filesize

            116B

            MD5

            c83239613245411ebd5416fe69629720

            SHA1

            e0b7924b12a88958fb9e18d5d8bdf1ed9ab84337

            SHA256

            a1defd5d6eed464399dc2a0f2c07d1f3a10e45963899ff4b824f748b690362d1

            SHA512

            f3d264e25bbceb2c58d741bfa16c35213df9a629ac59ef9a275c2ec60320b6580c6f1468627e966e14bc27695d9e157ce264a6259a4f78995e7fbe304d5e4528

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met9927.vmd

            Filesize

            126B

            MD5

            2cdaffaec77db6248825896e5c424893

            SHA1

            fc8df8ddc7811bfcf8f426dce0316c7eb6366b69

            SHA256

            6217223a02d019b85e566e2804ae6ae4dd3643c95578279a27909c9eedbdb961

            SHA512

            387e12cab715c8d9530b21725808c91bface84949f03d17312890464ec53ffbd79ce3a83685e0897e208a2e26e85c8296b848d91b0677df1bac446c229cfe05e

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\met9937.vmd

            Filesize

            103B

            MD5

            eebb8da8e062bd685542bffe0bb94e74

            SHA1

            75faddb50b83eae36988c1e3eab075fe8d5a3415

            SHA256

            ec58f79fffd619862667c1a7644ad34f76c4623f2b7857a5341640c893d4de18

            SHA512

            8a23a32b28a558e9a5d3a615d4412b768af8948f132b09e97ca121471db46693a4d05ce4df64f1ad951749d65c4d19000e08f7870d99eef9b90b62d2864f1bfa

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metA8F9.vmd

            Filesize

            116B

            MD5

            c386b2dab1e50ba2766d84fbff261563

            SHA1

            04689715512886016010a77f4cb1e6659e0df0b5

            SHA256

            ae6359b0c31c69599ebb789f3016908d680c7079d452c4648a3af0226b78a84b

            SHA512

            f67d207fad5f0a78d1c7e507257aa903704020f8339720c7e6e23e7d4699d084a57628703a0cd4f33b0460e5454a6d33b99c51f37e346a95504949ce30929723

          • C:\Users\Admin\AppData\Roaming\Winamp\Plugins\ml\views\metA909.vmd

            Filesize

            125B

            MD5

            d39c2a872b313f71c47f6bef8a44b425

            SHA1

            fb0b1e55ba114f0ec0856cec44934c692690e487

            SHA256

            84f5b0b1ecb3612db2d369b18c758cd0de8ad31b371943343fc5b776092fceae

            SHA512

            b21b234843480ade18abbfc1dcae5edd536def427bfbd39d0c384e439c2b0692d1654703e32b4648ffb6f719fc1236edbc588bffd242ea7792fbb41b82d65b7a

          • C:\Users\Admin\AppData\Roaming\Winamp\Winamp.ini

            Filesize

            293B

            MD5

            bc44647d4f52e067a3d61bcea14fe74e

            SHA1

            42e182ca102d903d987856141d523d336a0ebecb

            SHA256

            ccba000bbc7f9152001d5e7217d7bd614d7322328a5a46b69e4a726295fe285f

            SHA512

            e223f333632b3c883420474f687ed6a78a2fa54d8d7a66ea8febbed8465201fe0905cfb6db01880a048f5cf4d41c160f0374a7914cafe22c489c10fbf3ee74ce

          • C:\Users\Admin\AppData\Roaming\Winamp\Winamp.q1

            Filesize

            4KB

            MD5

            d24f1b829d1bd197e157b12d19c220e9

            SHA1

            555274f63e5b6ddbbd548179754fd0b2cbddf888

            SHA256

            58065811d8e881a5087af0c9a44d2baaa9628dc3cd1b1847533dad2c35a02cf8

            SHA512

            55c5c6bc1c466eebde84b98e024d774711bc1f1e32b28842d77eaea93dc030878e74012ea48179925313490b7c77d07383213ebb63d691228d2333e4217b33fc

          • C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

            Filesize

            333B

            MD5

            cdce0972140bdbb3a9dd317548149197

            SHA1

            dfbe1673d708ee75146eed957eca28a754ed5930

            SHA256

            52ea725a9f81894fe6320986557d51b40687479a7b933bebb43a9c912095ffb8

            SHA512

            f78394b3ee5552b25d9a75fe2e22b7a25121bd4e5f09a0b96dff647d91ba0fbbbcb509f171e2b186b44a8725a6b37c243520c3f3692011ec90e4238fc92dcefa

          • C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

            Filesize

            356B

            MD5

            f76efc12c9bcce9cc881575c96f052f9

            SHA1

            bc7390a7635b385b51456687558dc90bf032af37

            SHA256

            eed6c69c2b5c93c92d608e65bde3d0fb4f71bf701be9283072b88a5483d54ee6

            SHA512

            6b94615007ca2ed308e31ecacd11f6042038019daecdf9fb49cc7bf60c78b9749bccb809f3d91d6bc7487139c616bab961334de080063828867416728212a7df

          • C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

            Filesize

            1KB

            MD5

            80d68602177f04efc8c40dc8dd49263e

            SHA1

            2bab8d1aecd8c44a44a68c4a06876da1c9c9f96c

            SHA256

            a4dcc67fc9264261c503aa541a744dc902f41f95b6b282c57e489a5954b9e7bc

            SHA512

            07e9f56d317868988047b58317619d035ae828141bfb347bddaad6f8ca0fd209b96c45cc7c2645c67868f6b631b3ccbe970e003c292d45100cecca3edbe72594

          • C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

            Filesize

            2KB

            MD5

            d8212924840d3a3bccdfaf7f7b543ce6

            SHA1

            92dd07aab414a88552799a71ea10f35b29584586

            SHA256

            6a4b6c3c720a89f2b4e3d4abd4e93a234792be006a3ab6d95af1aa05cfdf9fd4

            SHA512

            6662a837f600918ec82947b198845f38eb890191609f6fcdb9365b542752b1313b4419a5bc8d90f25ad2a2c70512249b2207d39aa59e4400690ad5ecb4aec1c1

          • C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

            Filesize

            1KB

            MD5

            91556002d2ad06a9eb072230af74f0b4

            SHA1

            18a91faed752e330b631273eb31a7812186babcf

            SHA256

            385ccae65d6c67e66f8a514d227bd363d959a131e167e59969419f977c421f56

            SHA512

            f9cbd01f52724f38b864058400c3a292f833cb6046f5dc32d6a47da760e84c4ee7396f35da319b02f5465c932bc3f44fb921d996da2a64e8951c08103154838f

          • C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

            Filesize

            2KB

            MD5

            438a956e27784499cf705a6a1b2aa1b1

            SHA1

            2c97f4a7417c776b4d44f695107e49fc30ae008a

            SHA256

            5f3a68d5a7346d4036d08cbb1c520f872117e6524b358cca06d26dba7f0d5152

            SHA512

            894653811700fece580372973418b2487887dd164a7b94d6a18a72bcb71c05563ca0bbc7827db118b2391c6dd2932e81b10a77bbb1801b4fc758d8a2c331b8d1

          • C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

            Filesize

            4KB

            MD5

            0b4e215ff523d3f164781ded7302acf6

            SHA1

            bd532714f24789afdd419b7431ab1b7ac0dfa2d6

            SHA256

            5e1ad063a76723ed659a8920cb9be9d0a1f8b8cc4707daee1d9e7b4ac28fe1a0

            SHA512

            af9cd32bab5371c0c2d9ad500452d4fd58d82e214395bff410dd98f896d0a5e8d47d57f2b0bcde219b5e3a583d3dca76ce3bdbfd85cb74fd8b6188f758ed3716

          • C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

            Filesize

            4KB

            MD5

            dceddb6e6e8806d71947d60c820988bc

            SHA1

            63c6c72c4e7a9ece0fd7326bf8306b3132f5fbd7

            SHA256

            7add9221bd0f55859d8c98d20c6fbdb5d59642d921f3ce190f1a848663c6947f

            SHA512

            eb8a027972b19ae783b5e2411671122376eeda20d503425218eb4443283673048c068a96a3548aecebe48954293b5b19bf8fddf31e69428d82709a2c4edd00b9

          • C:\Users\Admin\AppData\Roaming\Winamp\winamp.ini

            Filesize

            56B

            MD5

            69c56e3d98acc64fd35ec6b2916db596

            SHA1

            cc9d47c9fed45c892578c04e080696ffc2ac0eab

            SHA256

            85b420b1faf6d7e70567eaf2b01eac6dcb78e02e2375956c317c8e98d6cbbad1

            SHA512

            234f0db4c217469ec585903915758c890b0040a97735574caa1d73cde68c0fe239b58ce60720a16ee136c14ef0977af894167d12488af5993cd7514d9d79ce8f

          • \Program Files (x86)\Winamp\Elevator.exe

            Filesize

            90KB

            MD5

            5e90e4e003ff75b207d956227c8db1fc

            SHA1

            e05c30b4e1dd22afae5fe0a117e62ee69af878fc

            SHA256

            35f2265273b38d3f81d6ef07f57bc20fca07f62687445aab6651c141157cb519

            SHA512

            7dc765ebbdc8c707da12e4a321f80545def74cb93ee73c6545893a7366173ead0108292603856dcc6136bbc46550f73ecaf36553c12eff5ed32a391d1efe63ab

          • \Program Files (x86)\Winamp\Plugins\Gracenote\CDDBControlWinamp.dll

            Filesize

            1.5MB

            MD5

            72ab7ff3886957602a68b3d89bde44fa

            SHA1

            91365edba7dc4aae61edf0c5a16705552e668b6f

            SHA256

            025ee64129129e7e6bff4c0769cf93e00e095b752299e7d633de5d9c261e173b

            SHA512

            ac1b58c308bcebe6c4b4672b5a4aa14cd1d3a923c80ac495f4d42aab45db0d085ddbf51111f3045bbdc74d1456f642f62775362cf3d132c1b6aaae0c47663c35

          • \Program Files (x86)\Winamp\Plugins\Gracenote\CDDBUIWinamp.dll

            Filesize

            1017KB

            MD5

            ac5430ae266925bb85d2d5800d03c262

            SHA1

            b9a86664a0fac9b79c162587a203674bc6ae9191

            SHA256

            fb4211686c2ddba152cbc239ef8b630c5d2a8c05e9056d4c797cd0ddb200e9e4

            SHA512

            3992049fe87785c6827fa35b271c37696733b362bf276d5098b0e1befe6c217ee7847d1256dedc1fbbb2d608e7cc195e9229dbde7519615127b7f361edd8a15b

          • \Program Files (x86)\Winamp\Plugins\Gracenote\CddbMusicIDWinamp.dll

            Filesize

            905KB

            MD5

            37ffbcbc724d72a49248cd6df27cea84

            SHA1

            7ee0fa08510f549d9ad7538416e0e19bdf911ad8

            SHA256

            98a8b5ce8023885391bd4be08781deb141479eaae5c70e264eac2d6c2da54f7c

            SHA512

            b6fc63a76321e241547061a876f50f5b99e68880f6ba4af3d66656354cf827d99f07d38ffab6764c83c5ab1f35748876077af04743d747df3a3a5f86314a69e1

          • \Program Files (x86)\Winamp\Plugins\Gracenote\CddbPlaylist2Winamp.dll

            Filesize

            1.1MB

            MD5

            7c7f404f3923a9346978be902e2257de

            SHA1

            c1f41edfb4af754db2e2679a8ae40d3b1a9075b9

            SHA256

            1239b23e01467f6fdc2a0dd109c5713588fe77a4d206d60dfb3712e08d1dc3d5

            SHA512

            c60806b31bcb314c4d6e3e4ddd394752a665d16ee223359677e6d08dbf288aef88967a4aea46efbe28600f35f7abc5b6267a6c69820a29ce3f9f2e805fbcc477

          • \Program Files (x86)\Winamp\elevatorps.dll

            Filesize

            50KB

            MD5

            c990acb402c04bd44319183198c748f3

            SHA1

            d20358545f8148394a1205f63d6bfa3bcb950f28

            SHA256

            fde86abbc080ce9dc48975100ad908b05a53e5c1026e34d064f3245a01770fbb

            SHA512

            86c5c5027e9e4571888d5edef060eb71fe1a2a365c5f2933ae95f263a188f2256d9f9e7182616e53146455f81892f1a923da2c2e10937de06f888d6d2bc8dd70

          • \Program Files (x86)\Winamp\nsutil.dll

            Filesize

            409KB

            MD5

            cdc510af97cee27fe9b7f6e79321960d

            SHA1

            7a676c673e46a6bb33edd35bb8051dc8428a39e4

            SHA256

            714149e044c0b1598d50b0de75f0e6c7b6b4b879a4d8fb195243e68758cf3f84

            SHA512

            4bd33b051d8a0ea158ae665323383d4ad326a6f7693fcd02aa6b4a6f6dc6ea28b75c26f394710668bba50a46cf4896eb173b664183389a95ababb4aa0e68207b

          • \Program Files (x86)\Winamp\nxlite.dll

            Filesize

            28KB

            MD5

            f270d9dbf305256d0979841886f288a3

            SHA1

            6e85e6d9e80c97e2d85b1754170b4ff9e50fe6bb

            SHA256

            bdc9e1a1edf9d42ca846b67256fc30befdf63c69354dcb30046e594e347a39ac

            SHA512

            b5b139870ac0ed729d6281a47ad002af2ac9102624846f0ca9ea198322fc20db9825261d4b3df26833df93d1dab3a2dbb8896eea100d06c7bcdbbd5ed08ea1f2

          • \Program Files (x86)\Winamp\tataki.dll

            Filesize

            86KB

            MD5

            54784a40c6e296df888635fafdc199c3

            SHA1

            863c0ee77db87557f39762e82d305d5bdc36fc91

            SHA256

            081220e46b00d9d1671f15658b6a9df7504223f514b03a593e5b9c56c68f135c

            SHA512

            5ae6bd6fce3d6f346409624a4229ec60fba113715d4ac17fc3f72c557a0b00b51de601bc44f214e39549e29d085e9acccc8aa5bc5acbe89638f1358fdc5d69c2

          • \Program Files (x86)\Winamp\winamp.exe

            Filesize

            2.2MB

            MD5

            e000683011d966dd6cccf2bc3b6027c6

            SHA1

            7fea5c8039be8e5476c9322f14eadb9d855d1d72

            SHA256

            6760afda7a59a7dee557680e48a957cf1367ed04194808af61f779b7fb668850

            SHA512

            2dac85d626cb64b0ebc811b8d92d06503e06306df4830c562195a8116b25ae531bceedacb2b36487901454279cf4d9e328117f1133ea0fabff0a973ad7f4225f

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\Dialer.dll

            Filesize

            3KB

            MD5

            61b40a89c8b94ad6355262e118c8420c

            SHA1

            6b8fcae8baf661e115763cec2d69db7a6b767030

            SHA256

            4e63d7b877a7e8889b6cd7bebc1dec767bff0f5bd41d8936d4a5b29d934ea4c5

            SHA512

            77f7e3cdd2f2ec3a2cf619afec6438e0966a2f0d43539d62e9cd8e2acce56322e2dfa2f747937c3d62346640fb64e1176b52a329027a5a0569e0f05ceeb7a126

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\LangDLL.dll

            Filesize

            5KB

            MD5

            a1cd3f159ef78d9ace162f067b544fd9

            SHA1

            72671fdf4bfeeb99b392685bf01081b4a0b3ae66

            SHA256

            47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

            SHA512

            ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\NSISdl.dll

            Filesize

            15KB

            MD5

            7caaf58a526da33c24cbe122e7839693

            SHA1

            7687112cb6593947226f8a8319d6e2d0cdef3b11

            SHA256

            19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

            SHA512

            aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\PxCpyA64.exe

            Filesize

            66KB

            MD5

            08d51e037f487f9ca9fd0b0388f4c15a

            SHA1

            67188d670673a5e9185616923d1b1a8aa22ad8bc

            SHA256

            fbaa0fd8dae9bde80bfe497dca28c6fc9174c14b12ab93e3942fffa04e3db3cf

            SHA512

            a40bb551fa8a705a5ac2bdc02a17ebba1c6c70f9ffce38c668b07bc538dc4461658b0bf220e26aa1833f624009f417f05c44aa0ff81af59a5ada4f97dd99013d

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\PxHlpa64.sys

            Filesize

            54KB

            MD5

            87b04878a6d59d6c79251dc960c674c1

            SHA1

            cc34993ed2b375bbab87058f79097eeacf381aa5

            SHA256

            3eb8db0624e646f0a65d0381408d35cf9fdc5abfc30df6431f4070a8eb68447c

            SHA512

            5c034f27ffd5d26faa2b6db9a6e97b261a0997400901e846880fc2eadda4ffc3aaf9885b90997ebeac8902b10f2e0f3e38b41e6f476b7c45f57ac5f9e59312b8

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxhelp20.sys

            Filesize

            44KB

            MD5

            e42e3433dbb4cffe8fdd91eab29aea8e

            SHA1

            6f764c5e20eecd6f3d4154d9d89d2420dd783470

            SHA256

            20abd8372b242fd356ac143e7eb56f93cfea4988ed1b0c4434cb64c387d7f66c

            SHA512

            260a2104aef64fd5a276e289e1cbe37502583e94039af41a3803f1c464d78c72def4e911f14312b94c63b28b1f6792a7bd10f23db837daf5a1a9ffd478c40810

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\PrimoRedist\pxsetup.exe

            Filesize

            70KB

            MD5

            4ee24c7fd67b098431c951db7686bd19

            SHA1

            5b14bed150ea0bf619b938ce94b9f32b02a6aadc

            SHA256

            0f445c4b76bc309a940d5f4ba615bef1dcefbc0d160f3a8d06e0038160d9b4af

            SHA512

            7853bcd7482b85ab362935060506a1b44779946e9428838a1c95cc54fcbf94058ed9c2101b5c4e3114ed125b88692ed694b394ff94ecc8d88c39b57bb21f08f8

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\SHELLD~1.DLL

            Filesize

            4KB

            MD5

            9c266c2dc7eca5bcab2d8df4990e0c1f

            SHA1

            662da3d9ca18aacdbaef884065fbfffdfacfabfa

            SHA256

            ea7800b89e49e7d7214c1405b4906f366096dfadff28d0732acb90ab2e9a99bd

            SHA512

            e9318db79b02df6b3b72ed16c5d70e4b46bab71f31544ce0323cd6dae739be1948a9d3a468977d703576d7f33580e3be5d1d1ace1fb29cee9dfe325c6e828139

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\System.dll

            Filesize

            11KB

            MD5

            bf712f32249029466fa86756f5546950

            SHA1

            75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

            SHA256

            7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

            SHA512

            13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\execDos.dll

            Filesize

            5KB

            MD5

            0deb397ca1e716bb7b15e1754e52b2ac

            SHA1

            fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

            SHA256

            720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

            SHA512

            507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\nsDialogs.dll

            Filesize

            9KB

            MD5

            4ccc4a742d4423f2f0ed744fd9c81f63

            SHA1

            704f00a1acc327fd879cf75fc90d0b8f927c36bc

            SHA256

            416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

            SHA512

            790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\nsExec.dll

            Filesize

            6KB

            MD5

            132e6153717a7f9710dcea4536f364cd

            SHA1

            e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

            SHA256

            d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

            SHA512

            9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

          • \Users\Admin\AppData\Local\Temp\nsuF5E5.tmp\nsis_winamp.dll

            Filesize

            4KB

            MD5

            1e1ded1cf1c69852f2074693459fb3b5

            SHA1

            81b165cae4d38a98760131989fdd8aed2c918679

            SHA256

            5946278545abbd0b0f5188752fe095e200c85abe0783632a00726d090c0753ec

            SHA512

            a6f9a43d4432658c3504629e9209ad350af69eff542d139e0ccfe0dbf8662f15034edd3cf8b56d606a740b66c8221cafad999088a4e64a4c9c9fb47793a19f96

          • \Users\Admin\AppData\Local\Temp\setup.exe

            Filesize

            12.3MB

            MD5

            76954d7dbf005d6db5e38d64f25a8c20

            SHA1

            054ad10803aa95f512a2c56293be7d1a287696f7

            SHA256

            e9e2eb114941f9f9157b4fb139e5588665fb89b709df82d4a8346ae66ccf03e1

            SHA512

            49e77880255470096830059bda1baf1d955f7f33659118995495aa6a6e090e32c798a8568504f213a90c4d3c3c81db41c22c54359d0689adb7b233c96c4fff4a

          • memory/2184-3207-0x0000000005AD0000-0x0000000005B15000-memory.dmp

            Filesize

            276KB

          • memory/2588-258-0x0000000000820000-0x000000000082D000-memory.dmp

            Filesize

            52KB

          • memory/2588-248-0x0000000000820000-0x000000000082A000-memory.dmp

            Filesize

            40KB

          • memory/2588-251-0x0000000000820000-0x000000000082A000-memory.dmp

            Filesize

            40KB

          • memory/2588-2161-0x00000000050C0000-0x00000000051BF000-memory.dmp

            Filesize

            1020KB

          • memory/2588-2241-0x0000000000820000-0x000000000082A000-memory.dmp

            Filesize

            40KB

          • memory/2588-2242-0x0000000000820000-0x000000000082D000-memory.dmp

            Filesize

            52KB

          • memory/2588-257-0x0000000000820000-0x000000000082D000-memory.dmp

            Filesize

            52KB

          • memory/2588-2173-0x00000000050C0000-0x00000000051A3000-memory.dmp

            Filesize

            908KB

          • memory/2588-2155-0x00000000050C0000-0x000000000524D000-memory.dmp

            Filesize

            1.6MB

          • memory/2588-2179-0x00000000050C0000-0x00000000051D5000-memory.dmp

            Filesize

            1.1MB

          • memory/2620-2754-0x0000000002E00000-0x0000000002E45000-memory.dmp

            Filesize

            276KB

          • memory/2704-2253-0x0000000000160000-0x0000000000162000-memory.dmp

            Filesize

            8KB