Analysis
-
max time kernel
72s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22/02/2024, 18:49
Static task
static1
Behavioral task
behavioral1
Sample
YNAB 4_4.3.857_Setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
YNAB 4_4.3.857_Setup.exe
Resource
win10v2004-20240221-en
General
-
Target
YNAB 4_4.3.857_Setup.exe
-
Size
20.2MB
-
MD5
a25c0a73350a99559f1e30c2f86ad0b9
-
SHA1
e537d5658b67739724e5ee38f9075b453052f1cf
-
SHA256
f3021e45c82d72bd139d86f6a68c96af201bedf53a373f183dca037003b9cdc6
-
SHA512
7c5fc8e35fb0bb009c01fd9f4784bb2902b3298cd644fa8664c2fcfd44f2ad0dc0c20990f2d02408a1a3fdc9b8afcf80f433b8e23b9e988f5358266cf80a0de3
-
SSDEEP
393216:GMBVYD1nCAMtsTDzoFYJ3wERZRdW/r7wPLSSkkUYkNMYlC7Ele8lW4a4oUJmGx9P:GMvYpAtsT3oiVfK/APLS/+u87we8UbU9
Malware Config
Signatures
-
Executes dropped EXE 6 IoCs
pid Process 4784 YNAB 4_4.3.857_Setup.tmp 1140 YNAB 4.exe 848 YNAB 4.exe 2976 YNAB 4.exe 3352 YNAB 4.exe 3660 YNAB 4.exe -
Loads dropped DLL 5 IoCs
pid Process 1140 YNAB 4.exe 848 YNAB 4.exe 2976 YNAB 4.exe 3352 YNAB 4.exe 3660 YNAB 4.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 26 IoCs
description ioc Process File created C:\Program Files (x86)\YNAB 4\Adobe AIR\Versions\1.0\Resources\is-M04UE.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\assets\is-FQ0GM.tmp YNAB 4_4.3.857_Setup.tmp File opened for modification C:\Program Files (x86)\YNAB 4\unins000.dat YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\Adobe AIR\Versions\1.0\is-2FR2V.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\Adobe AIR\Versions\1.0\Resources\is-R0QOR.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\Adobe AIR\Versions\1.0\Resources\is-UL300.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\Adobe AIR\Versions\1.0\Resources\WebKit\is-NTC84.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\assets\is-91SNA.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\META-INF\AIR\is-7HJIH.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\is-SARIE.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\META-INF\is-TV2UF.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\META-INF\AIR\is-29685.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\assets\is-CG7TQ.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\is-0S9JE.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\is-QD5A4.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\is-E280O.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\is-JCNM0.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\Adobe AIR\Versions\1.0\Resources\WebKit\is-UT1CS.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\unins000.dat YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\is-BPKSC.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\is-PU5HI.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\is-P3NJ8.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\assets\is-N1R6C.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\assets\is-NR774.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\assets\is-9HCG4.tmp YNAB 4_4.3.857_Setup.tmp File created C:\Program Files (x86)\YNAB 4\is-E3R4R.tmp YNAB 4_4.3.857_Setup.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 YNAB 4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz YNAB 4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz YNAB 4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz YNAB 4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz YNAB 4.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 YNAB 4.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 YNAB 4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz YNAB 4.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 YNAB 4.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 YNAB 4.exe -
Modifies registry class 56 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ynab4\DefaultIcon\ = "C:\\Program Files (x86)\\YNAB 4\\YNAB 4.exe,0" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qfx\ = "Bank File (Opened by YNAB 4)" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Mime\Database\Content Type\application/vnd.ynab.qif YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qif\ = "Bank File (Opened by YNAB 4)" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ynab4 YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ofx\DefaultIcon\ = "C:\\Program Files (x86)\\YNAB 4\\YNAB 4.exe,0" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qfx\shell\open\command YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ynab4\shell\open YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qif\DefaultIcon YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ofx YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ofx\shell YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.ynab.qfx\Extension = ".qfx" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qfx\shell\open YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.qif\ = "com.ynab.YNAB4.qif" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qif\shell\open\command YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qif\DefaultIcon\ = "C:\\Program Files (x86)\\YNAB 4\\YNAB 4.exe,0" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Mime\Database\Content Type\application/vnd.ynab.ynab4 YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ofx\ = "Bank File (Opened by YNAB 4)" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ofx\DefaultIcon YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ofx\shell\open\ = "Open with YNAB 4" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qif\shell\open YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qif\shell\open\ = "Open with YNAB 4" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ynab4\Content Type = "application/vnd.ynab.ynab4" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ofx YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.qfx\ = "com.ynab.YNAB4.qfx" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.qfx\Content Type = "application/vnd.ynab.qfx" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qif\shell YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ynab4 YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ynab4\DefaultIcon YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ynab4\shell YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ynab4\shell\open\command YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qfx\DefaultIcon YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qfx\shell\open\ = "Open with YNAB 4" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ofx\shell\open\command\ = "\"C:\\Program Files (x86)\\YNAB 4\\YNAB 4.exe\" \"%1\"" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qfx\shell YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qfx\shell\open\command\ = "\"C:\\Program Files (x86)\\YNAB 4\\YNAB 4.exe\" \"%1\"" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.ynab.ofx\Extension = ".ofx" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ofx\shell\open YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qif\shell\open\command\ = "\"C:\\Program Files (x86)\\YNAB 4\\YNAB 4.exe\" \"%1\"" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Mime\Database\Content Type\application/vnd.ynab.ofx YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.qif YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.ynab.ynab4\Extension = ".ynab4" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ofx\ = "com.ynab.YNAB4.ofx" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.ynab.qif\Extension = ".qif" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qif YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ynab4\ = "com.ynab.YNAB4.ynab4" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ofx\shell\open\command YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qfx\DefaultIcon\ = "C:\\Program Files (x86)\\YNAB 4\\YNAB 4.exe,0" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ynab4\shell\open\ = "Open with YNAB 4" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ynab4\shell\open\command\ = "\"C:\\Program Files (x86)\\YNAB 4\\YNAB 4.exe\" \"%1\"" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.qfx YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.qif\Content Type = "application/vnd.ynab.qif" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.ynab4\ = "YNAB 4 Budget File" YNAB 4_4.3.857_Setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ofx\Content Type = "application/vnd.ynab.ofx" YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Mime\Database\Content Type\application/vnd.ynab.qfx YNAB 4_4.3.857_Setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\com.ynab.YNAB4.qfx YNAB 4_4.3.857_Setup.tmp -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2148 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2148 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4784 YNAB 4_4.3.857_Setup.tmp -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 1140 YNAB 4.exe 848 YNAB 4.exe 2976 YNAB 4.exe 3352 YNAB 4.exe 3660 YNAB 4.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1224 wrote to memory of 4784 1224 YNAB 4_4.3.857_Setup.exe 88 PID 1224 wrote to memory of 4784 1224 YNAB 4_4.3.857_Setup.exe 88 PID 1224 wrote to memory of 4784 1224 YNAB 4_4.3.857_Setup.exe 88 PID 4784 wrote to memory of 1140 4784 YNAB 4_4.3.857_Setup.tmp 93 PID 4784 wrote to memory of 1140 4784 YNAB 4_4.3.857_Setup.tmp 93 PID 4784 wrote to memory of 1140 4784 YNAB 4_4.3.857_Setup.tmp 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\YNAB 4_4.3.857_Setup.exe"C:\Users\Admin\AppData\Local\Temp\YNAB 4_4.3.857_Setup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\Users\Admin\AppData\Local\Temp\is-B56VB.tmp\YNAB 4_4.3.857_Setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-B56VB.tmp\YNAB 4_4.3.857_Setup.tmp" /SL5="$601DA,20782605,219136,C:\Users\Admin\AppData\Local\Temp\YNAB 4_4.3.857_Setup.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4784 -
C:\Program Files (x86)\YNAB 4\YNAB 4.exe"C:\Program Files (x86)\YNAB 4\YNAB 4.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:1140
-
-
-
C:\Program Files (x86)\YNAB 4\YNAB 4.exe"C:\Program Files (x86)\YNAB 4\YNAB 4.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:848
-
C:\Program Files (x86)\YNAB 4\YNAB 4.exe"C:\Program Files (x86)\YNAB 4\YNAB 4.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:2976
-
C:\Program Files (x86)\YNAB 4\YNAB 4.exe"C:\Program Files (x86)\YNAB 4\YNAB 4.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:3352
-
C:\Program Files (x86)\YNAB 4\YNAB 4.exe"C:\Program Files (x86)\YNAB 4\YNAB 4.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:3660
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3f0 0x5041⤵
- Suspicious use of AdjustPrivilegeToken
PID:2148
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD57e083476ffae1cbfe0073585ae5fa3e8
SHA18570979361a9022033b09399afc27ecf9d0fc457
SHA2560d07d6920178fb823d32c166e25a9deda77b4183f14c2fc8819840b6c9869adb
SHA5127e33340060f15ae007eae767fb8b704869a32e41ae7437a7e77e0e17ba2f3870ee52d9b33024e56b6700d1beb1c87ece693f50d87795ba0e0429fb0fd6caca41
-
Filesize
2.5MB
MD5c9f2f5236f1c488cfbc2cea7e509cf96
SHA1e71b76a0a001b34c63e64c40e9b041033f5b3201
SHA256dfd5af2f6c3f85337daac0e43f65510b11802dbb6f0cc3220b7e19fae36a1ff0
SHA5120b1b8584bff57f6fe9afe0936296e21165327e5b0ad119b2bd995ecf335b20c5b91ac5109c6a80175b03aad6310a3bc84302716eac9812e4f44ebca5e9911d56
-
Filesize
1.2MB
MD54850bca2700b082163cfabe432f8d8f5
SHA1034b14260d0ead77356f94f7825fe4c42367c478
SHA256a4dfd0d7ae1923e9173afb1f844c9f316400356bc95d423521518bf49d21ba01
SHA5123531f36d22a396ea4bd159655916b0dc356d9385b7360f56afdbe8fc0b492e7c629b640e390d0dadfe0a01e7c73e6bcc971ba29723cb76cfa90c7104731dcc00
-
Filesize
256KB
MD5c7181ca6ae8200fc29d8f8dcd4176c71
SHA1a2eaf57902114faf3e50cba49f5d2fe04267149c
SHA2568d551907bfb70faebd1abad63bf0d95f40825085c1e868b654c5307261143a53
SHA512ac50b2eecc1e5b962ed2e306f3f7302dfa73b8831011136ea554939d24d1d8566ef15b2c8f06bd5b672f2c9fe6de3dd2a0f38d46ad46508a0e4a5b05181afbc5
-
Filesize
7.2MB
MD52f78e6b4d4b124898ddfb55d6518fc47
SHA18c6b53f2dc09ab3cf003b3b2c85f8ab1e6f18e12
SHA256dc09f9c05b41bb70543be1ca2dd1afc886ec80513c76403b26dc6b96ce1516d1
SHA512133bc35c7681ffe9f6ec1419315b0a335395601bba98b17823c5a7d123de835ed98c2683143f16240c52125c2ebe115a56782b20badabb32a3303c8c93e9a142
-
Filesize
7.1MB
MD5feabf173a4d6fcff6de6f8107a7577f4
SHA130cce8cc7b01c9bcfbda05bf728c10ff36fe225f
SHA256d9c2040d6100fe441655abfbf795187a65ac282fe5fa9812e2cb80e3d6bb44bd
SHA51282387f9056f2a54dc76ad7928426db597e08cf7aeceb1e12b07879af88ed131f3b18317c0ed61c32ef338e7208300d762f2d46ff5babca1259eb8435c0d46fe5
-
Filesize
2KB
MD58f7487c76b681fba22a05c595f39b8bf
SHA187e7b04dde3a8fa5dbfa57c6b8b8f1bb8a64989d
SHA256ebdf4f7eaded6a910cc811b77fd89653baee2402dbdeb282358dc208471ce255
SHA5125b4c9d195e91e27f4d2bb3a215a1099c31e25f0576b55b7233fbf5a4b27bdcad0e7e1dffc3acb0fd7424c7dc8c0b8ad5a9cbbaeb2dc1db1584e32ad4aa5afc2e
-
Filesize
211KB
MD58498b21d1c4582162ae4e100822babe5
SHA17f4e05fe9eacbbb8a4fca9baf2fb0a5b732fd03e
SHA256160256d4687b59be6202de349e777aaeac5e93c037c41304f24d34883f2d5327
SHA5120b5e7afeb082a4cc76bd0284203ee635fc17f2a4163655b19bba7c8cb7642cfa61ec16b8b5be87557d051d89400a8b7fcd77e48b7618263221303401c6db2db1
-
Filesize
1.9MB
MD5e021266c87c4bfaa54550ec2c75f53da
SHA1ebda774a7168d7b671c281e31b87dbd575a828b4
SHA256518575bad9e6b43c4e23a40cdbc8aea40f467e942a25a4fb18cc7651e0345d35
SHA5125e5d82c4587cc81ba5b02c93f30750b01a70d82a1096bda52b78671cd867c1990397e29e2452d296bb15b431e2ab0c1ef508627deeec5189f3b0f77ee697f889
-
Filesize
1.2MB
MD529f9be62944155dbb6b0b4f07138ea96
SHA15095375e40047d1b0daa4527c5de271ab23cd2f0
SHA256168e5bbfcc47229ae0375ece11b7c9dabeb0a6bc820058fc2c86f4682cd0388f
SHA512fe9bf378c278986118a7e17d326c795796c6ff20e3c6770ceeffc5d3f948d552147e41d3364cb1e55919d1c54974d135e28fc0753fc555c56a6dd839e4b264fd
-
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
Filesize379B
MD59a86aaaf3235a7fe0b85e4b3bf4cbdb9
SHA15dd34ce2103ea948981cfa784cdd537246f7ef77
SHA2560fa298e52c17a5d4d382cdf71ae73dee9fc3251b4f2ecfde29ffa0986a76b142
SHA512d3e9a03c28c8ddb313c5ba3f517c7bf59a05fd17befb810440d8e230e08b669d004ed46dfcc8f01dcd94347342d96c4d887c4cca2507d8953259001aaf5e200f