Malware Analysis Report

2024-10-16 03:33

Sample ID 240324-t5svnage4x
Target flash_decompiler.exe
SHA256 8702aca7ecd0552f596d6af97c397ffead6302182d8c87ae8dd3feea9dd8a5b4
Tags
banload discovery downloader dropper evasion persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8702aca7ecd0552f596d6af97c397ffead6302182d8c87ae8dd3feea9dd8a5b4

Threat Level: Known bad

The file flash_decompiler.exe was found to be: Known bad.

Malicious Activity Summary

banload discovery downloader dropper evasion persistence trojan

Banload

Sets file execution options in registry

Registers COM server for autorun

Executes dropped EXE

Checks BIOS information in registry

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Program Files directory

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-24 16:38

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-24 16:38

Reported

2024-03-24 16:41

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-B5M02.tmp\flash_decompiler.tmp N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe

"C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

C:\Users\Admin\AppData\Local\Temp\is-B5M02.tmp\flash_decompiler.tmp

"C:\Users\Admin\AppData\Local\Temp\is-B5M02.tmp\flash_decompiler.tmp" /SL5="$8021E,27643739,119296,C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 191.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

memory/4744-0-0x0000000000400000-0x0000000000428000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-B5M02.tmp\flash_decompiler.tmp

MD5 c9cf73dd30f17a16fdc1c96aea79c75d
SHA1 73572ec70cc6dbe8096da804c1d1e7fb3cc0baab
SHA256 ba46791872b52dd5b8669c60e3b0ed77b3c9fac4c12c228130bad6db6c3380f9
SHA512 e1fd8a1d65c60dedcfdcb10cf028fab51e96a8dc6442f7af5073a86a1373dd30b6e35f4e6c64d590ca0131de5146500cde00f2b72927fd48e7b835a47fa0e942

memory/3300-6-0x00000000021A0000-0x00000000021A1000-memory.dmp

memory/4744-11-0x0000000000400000-0x0000000000428000-memory.dmp

memory/3300-12-0x0000000000400000-0x000000000052B000-memory.dmp

memory/3300-15-0x00000000021A0000-0x00000000021A1000-memory.dmp

memory/2784-40-0x000001F6AE790000-0x000001F6AE7A0000-memory.dmp

memory/2784-56-0x000001F6AE890000-0x000001F6AE8A0000-memory.dmp

memory/2784-72-0x000001F6B6E80000-0x000001F6B6E81000-memory.dmp

memory/2784-73-0x000001F6B6EB0000-0x000001F6B6EB1000-memory.dmp

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

MD5 2fd6de151bc3397c9c31e8f70f40eb3c
SHA1 b9c90bf596d99c3a6cf2d587045257b5433ff742
SHA256 9bc9272e856c81795323f5b84dc7c6e9f57930cc224ce972bd63c2c07fb5ac3d
SHA512 d445b1b8d7c1308a7fcad1a491fd05b61a8479b5ac3cafc67c3a16186ca9e28455baca06c0315444fb1865a4543f0cb9400fa982e6b189a27f2b6aa95398afe4

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-24 16:38

Reported

2024-03-24 16:45

Platform

win7-20240221-en

Max time kernel

172s

Max time network

364s

Command Line

"C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

Signatures

Banload

trojan dropper downloader banload

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_176_ActiveX.exe C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_176_ActiveX.exe\DisableExceptionChainValidation = "0" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_176_ActiveX.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_176_ActiveX.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32\ = "C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\ = "C:\\Windows\\system32\\Macromed\\Flash\\Flash64_14_0_0_176.ocx" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32\ = "C:\\Windows\\system32\\Macromed\\Flash\\Flash64_14_0_0_176.ocx" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
File opened for modification C:\Windows\system32\Macromed\Flash\Flash64_14_0_0_176.ocx C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
File opened for modification C:\Windows\system32\Macromed\Flash\FlashInstall.log C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
File opened for modification C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File opened for modification C:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.dll C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
File created C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
File created C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\SysWOW64\FlashPlayerApp.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\system32\Macromed\Flash\Flash64_14_0_0_176.ocx C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\activex.vch C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File opened for modification C:\Windows\SysWOW64\Macromed\Flash\FlashInstall.log C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\system32\Macromed\Flash\activex.vch C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.dll C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-CBQGD.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-ND7CN.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-S72C6.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tutorials\is-I761Q.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-LSEHO.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-OOPQ3.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-E34QC.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\unins000.msg C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\swscale-0.dll C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\lame_enc.dll C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-IDD02.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-T5RF7.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-1EP9B.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-6FA1T.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-IIPLK.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avformat-52.dll C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avcodec-52.dll C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-DGLTQ.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-4F3C3.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-PP9CJ.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\AutoUpdate.dll C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-DNJQ8.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-6F3FU.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-29UJ7.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-9BEH4.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-HR8CH.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-7U39C.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-9N4D0.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-6IEE4.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-576VH.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-5NP77.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-I2EKG.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-6M6V8.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tutorials\is-4S5A9.tmp C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avutil-50.dll C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags = "65536" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/futuresplash C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\Policy = "3" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/futuresplash C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/x-shockwave-flash C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags = "0" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppName = "FlashUtil32_14_0_0_176_ActiveX.exe" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags = "65536" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000} C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/x-shockwave-flash C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000} C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppPath = "C:\\Windows\\SysWOW64\\Macromed\\Flash" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppPath = "C:\\Windows\\system32\\Macromed\\Flash" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppName = "FlashUtil64_14_0_0_176_ActiveX.exe" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib\ = "{D27CDB6B-AE6D-11CF-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.13\ = "Shockwave Flash Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.spl\Content Type = "application/futuresplash" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.swf\ = "ShockwaveFlash.ShockwaveFlash" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32 C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS\ = "0" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ = "IFlashBroker5" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR\ = "C:\\Windows\\system32\\Macromed\\Flash" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\ = "Shockwave Flash Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.sol\Content Type = "text/plain" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D62F405A-97CC-641B-93FE-D85298F2F3AF}\ProgID\ = "MimeDir.MimeDirParser.1" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CurVer C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32\ = "C:\\Windows\\system32\\Macromed\\Flash\\Flash64_14_0_0_176.ocx, 1" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.swf\ = "ShockwaveFlash.ShockwaveFlash" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\TypeLib C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\0 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\ = "FlashBroker" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.14\ = "Shockwave Flash Object" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ = "Macromedia Flash Factory Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/futuresplash\Extension = ".spl" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\Shell\Open with Flash Decompiler\command C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\ = "FlashBroker" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID\ = "ShockwaveFlash.ShockwaveFlash.14" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.sor\Content Type = "text/plain" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\ = "Shockwave Flash Object" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10\ = "Shockwave Flash Object" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.11\CLSID C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory.1\CLSID\ = "{D27CDB70-AE6D-11cf-96B8-444553540000}" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\ C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\ = "Shockwave Flash Object" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory\CurVer C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version\ = "1.0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.swf\Content Type = "application/x-shockwave-flash" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D62F405A-97CC-641B-93FE-D85298F2F3AF}\InprocServer32 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\CLSID C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalizedString = "@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\ = "Shockwave Flash Object" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win64\ = "C:\\Windows\\system32\\Macromed\\Flash\\Flash64_14_0_0_176.ocx" C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Token: 33 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1460 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp
PID 1460 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp
PID 1460 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp
PID 1460 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp
PID 1460 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp
PID 1460 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp
PID 1460 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp
PID 3044 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 3044 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 3044 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 3044 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 3044 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 3044 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 3044 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 2636 wrote to memory of 2400 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe
PID 2636 wrote to memory of 2400 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe
PID 2636 wrote to memory of 2400 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe
PID 2636 wrote to memory of 2400 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe
PID 2636 wrote to memory of 2164 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2636 wrote to memory of 2164 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2636 wrote to memory of 2164 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2636 wrote to memory of 2164 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2636 wrote to memory of 2164 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2636 wrote to memory of 2164 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2636 wrote to memory of 2164 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 3044 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 3044 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 3044 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 3044 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1716 wrote to memory of 1516 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1716 wrote to memory of 1516 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1716 wrote to memory of 1516 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1716 wrote to memory of 1516 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1716 wrote to memory of 1516 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1716 wrote to memory of 1516 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1684 wrote to memory of 1692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 1692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 1692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1684 wrote to memory of 3028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe

"C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp

"C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp" /SL5="$70124,27643739,119296,C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe" /install

C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe

"C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe" -install -skipARPEntry -iv 1 -au 4294967295

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -install

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe"

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x544

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7139758,0x7fef7139768,0x7fef7139778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1376,i,3864942676887532823,17949295871608030053,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1376,i,3864942676887532823,17949295871608030053,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1376,i,3864942676887532823,17949295871608030053,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1376,i,3864942676887532823,17949295871608030053,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1376,i,3864942676887532823,17949295871608030053,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1116 --field-trial-handle=1376,i,3864942676887532823,17949295871608030053,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3240 --field-trial-handle=1376,i,3864942676887532823,17949295871608030053,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1376,i,3864942676887532823,17949295871608030053,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3680 --field-trial-handle=1376,i,3864942676887532823,17949295871608030053,131072 /prefetch:1

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe" "C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tutorials\fd_intro.swf"

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe" "C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tutorials\fd_intro.swf"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
GB 142.250.178.4:443 www.google.com udp

Files

memory/1460-1-0x0000000000400000-0x0000000000428000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp

MD5 c9cf73dd30f17a16fdc1c96aea79c75d
SHA1 73572ec70cc6dbe8096da804c1d1e7fb3cc0baab
SHA256 ba46791872b52dd5b8669c60e3b0ed77b3c9fac4c12c228130bad6db6c3380f9
SHA512 e1fd8a1d65c60dedcfdcb10cf028fab51e96a8dc6442f7af5073a86a1373dd30b6e35f4e6c64d590ca0131de5146500cde00f2b72927fd48e7b835a47fa0e942

memory/3044-8-0x0000000000240000-0x0000000000241000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-K96J9.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

memory/1460-15-0x0000000000400000-0x0000000000428000-memory.dmp

memory/3044-16-0x0000000000400000-0x000000000052B000-memory.dmp

memory/3044-19-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-0KJFT.tmp\flash_decompiler.tmp

MD5 ef2f25f0fb7bc015fa879d8a205db9a4
SHA1 9f4d2146de745a0417df4a36c27ea81e7b46f0a9
SHA256 7b13c896de44102883422f497801ff1ee473d83f0e6d14a4659cbf317eb9a893
SHA512 43911aaa59e76925962249fb5876657d3ba110db4085a7f84cb7839048dafac01122f722ff33b34d7fd1fb69279ec16cad47251f8f9c9989e0e93668a6f66d25

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe

MD5 e00d70b5ee3e1d54f2ed7751ca164488
SHA1 2fa0084e54761b9876456f19e9d71529a734bde2
SHA256 58f25ef2e3eb7cc8e6e33e5258cfd00e52d939ab5db348bc53730955493b3d84
SHA512 1d345bc8f2dc7fc07aa558a96bbfec72cad99ed8c73c49718a3833fe56c812c0fe86b993a75452d8c8df2e2fa7ca60cfd9caae582a94115a2e9ae20f6e8476a6

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe

MD5 72848a7433679b944de97342e426b9a3
SHA1 8d984f10938ff6539d0cf1de977b8c26f6968524
SHA256 547f9a2b3ef99e4a31501ae29570f4c559bf3f932a3a168ca376c5c5beeea9a5
SHA512 f1da51ab403b418c911311abeb1ad5ae4ef01ccab7b075c457b7b1f1979a245eddaa5917976d9759177ee696f9b4fade6de374179753806f2a3086ea3df0e0c0

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe

MD5 cf72c017a8340b4673d75a6e90806a3b
SHA1 a6a997e5f0cf02003445e23c60e37f096358b2bf
SHA256 3641c26b182d7c0addafb0d33e16c94a3f127654e661a2935ed1d00f84e39619
SHA512 3affbacd75d9a524848c44d6900ca538be46c821e65a772ba0ee8aee963590ba93f4ac13e6b336170ae8925dc9ae7f0014300bf07efacab78698d6d4d332ec64

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe

MD5 fafe79efde8db6e143004db90433cf67
SHA1 a0da710e0cff502126ccfebd2ec74d9bcdac3e09
SHA256 6cf3cc8802c63bb8625ba12cb13ab6dcc68d498657c325858b8f0ab9c0f23b82
SHA512 40c654c07196e6f18d7321c3362f3405475abd76b996b6ee0c4175e6355426697bd6934a28ea5b39b1d4b3b958554951b7a6f6d8c8aa683f82721ddb68e88fae

memory/3044-34-0x0000000000400000-0x000000000052B000-memory.dmp

\Users\Admin\AppData\Local\Temp\{662D6E89-62C4-4281-98C7-B944C689C80D}\fpb.tmp

MD5 e23251f56bd9de8dd18a8d68885dab78
SHA1 84358654fd43202d39c342cc394f3dc88fcabe03
SHA256 91d6e2237a156e502c4f2041ca3ff38d769b2003384cdfaa51f227f3e9b5ab25
SHA512 32f45ee1217aef553b11584212e15b73fbe04a2aece882d1cd2b39b0232160ffd42958d7f0d4c7d6b8efeec41af550ac53d3c39a08f1af36ecd419d40dc521d4

\Users\Admin\AppData\Local\Temp\{17841D4C-6386-4922-B2E4-081BAF7B8481}\fpb.tmp

MD5 7805e5fd154a06c713fe9c6e3d4f02c9
SHA1 757b51d549a72a6157bcef7cbed38058c303c61c
SHA256 2d40a95b58ca7db3b11a7b73079e856074c3fd76c4e0f9d7c2741c5ecadd242e
SHA512 36201753349b94d5216bd56f2b2af240544654c4c3def195dfae74efe5b893cae25e6653d831be18c03b98a67f8413c3b607200ee9b4562a5f4d4ccaea7bbde4

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe

MD5 311be1a36e63ad06dee370d92251afc0
SHA1 0045ad1c2bfa906a349f043d9043a42d96873d70
SHA256 dae4a8c4bd39d89cb3c91990cd3c5fba61c0ccc7ba17ceec72f2b1f7ecd0d416
SHA512 5b880198b4202bfac35094bea8a977ac5d805ef82c6f16a06a6efadb426a091f015af99ca9518169d0bcc127a3aea6329675885136aa299b1734530f3d509829

\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe

MD5 7de311812b2e13391a1a6bfac48353cf
SHA1 bdf8cc79d78effcf9fa6ee556bbf04577fdd759f
SHA256 296c1d02ce61074fd15de13aa872133158aebe2c0bb18d0ac5e7926204166a69
SHA512 076fe1761884b2b1694af976a2ee74adfdf4947b65a82b426f5283b2385e7daba7b6483cea2492c8d67fe4fff4f94c7ae374ffe88f5e1a71a8821fed7e662920

C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe

MD5 8ccf57ce44e91a1dbfde50bccd838a73
SHA1 ac93e34f55ab97b164788c0fe33f74c5b893d885
SHA256 d132494b35c55daea1795801add0580fd2c22a13579b4bb77471b8886dd2fa8c
SHA512 25f4bb4634caf4a373cb82ea25260b45cf66af8166c30399df925b7ae73fdb4957f500096011572ff18754366a9c6b4b0e19dc0d8ca426410412fb51602adb50

C:\Users\Admin\AppData\Local\Temp\{AE602BAA-755E-4952-A10F-C7B665253118}\InstallFlashPlayer.exe

MD5 9dd277f0601f8ab60f92487799421d7f
SHA1 07f5080a8bd97666d5a222b41b63fe604a91de5a
SHA256 59c5ba8d74aa832d2d66eecdbd925ff657e77dd42d677435a4c0626e1874ddb5
SHA512 12f306a232395981db22cf18ab3cc3a8ab98059ca05bf40866bef2659db1e8d314aef48a17c6b40ec76fbfe73dc93fbc532b38e3ca862c8d76ba10f1840d6883

\Users\Admin\AppData\Local\Temp\{1ED3E2B3-B504-4632-971B-FC85DFDF4A2B}\fpb.tmp

MD5 9d08e472e123b7701e90ca38168a8fb5
SHA1 3811ca63a36ea3128e50ab16edcf126f238b20a7
SHA256 c14c86a7b7b3b72644b9cd212ccc128e0a0a34dd20dc7d0a4d4fc8580dd36ade
SHA512 9341850fe1ba838dd54f4c985679f90dfd804c1149c85dce1a362dd7ebc8b336f448ca02d30bad4d91ba22f43b00e975e1d6551bf3329f27afc7dae571cf5e90

\Users\Admin\AppData\Local\Temp\{55599083-CA98-42F9-9396-FA77B1B0BCF3}\fpb.tmp

MD5 69a24367f48f7984a5b343551a171072
SHA1 082182f7419175e62f28bf18f97210a1e0117fe1
SHA256 6ac3e542dfb2b06fcb7771211e9c392e72bbe690982cb4cbdd810949587b2c42
SHA512 ef8b50ba4fc402b92b4c14e1e259c861c8da26e0e2be61b3275fefb2cd6e66362cb81d8cd989bb41496e6641977da4c7c05031f2055ecffdba9eaa23c6203ed3

memory/2400-71-0x0000000071CB0000-0x0000000073433000-memory.dmp

\Windows\System32\Macromed\Flash\Flash64_14_0_0_176.ocx

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\System32\Macromed\Flash\Flash64_14_0_0_176.ocx

MD5 a0bec3eb2b85f8332dbb2e3d213cfd00
SHA1 9def0223187f81116b5f2e171db882c706d07078
SHA256 7b9bb2683e2369861bb8f37e0da3f28d80d4fcbc146b6470cb707aa70f1640bc
SHA512 9ed735b832b142988ddc69ba7fa97e8a3784e6074611cebd3a88a0fb3c35c9cf58827c17c9415131dc1a3ff238dde0300aaf20dbc73a17feed9fc941101b8baa

\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx

MD5 224abf3a6e87b978da13457246f3089b
SHA1 a3702389e1dba21ecc408c352feee32e2afa6deb
SHA256 89fac246784237bb1af6944883eefba6d9475fd824595bcde57743ddac918511
SHA512 10740e3a6b3343f6db89eda8d186afb54127bd7fcb8b4b0c750fecbb6fc7a05b466c358373ce80b0b135a6988fa431996abeff4ba792efe97c7013f9b40ed5f6

C:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx

MD5 af672df98df6644c9f5e49a9eb7c1233
SHA1 5e9180b0d1e30f5679efc53d7dd793435dc5c765
SHA256 ad035df2e055b2b0250005fca69c3a2b7cce50bdaedef58929a45978ffb5555b
SHA512 7fdebb07b17f21d8ec27a004cf0d27c95b80ffdc1efa7802d1efd12aaba081910efaf46a5e212f1dca3d9f81519bc98a798d386bbc1e4375096a1e1658779727

\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

MD5 9e5197d65ba34a4db45b8befc3288c23
SHA1 e7a6227ee35d0e7a559bee8431ac9951526f7936
SHA256 ebbe6126b6b73616032f8e1731642e35c6cb6b395ef74bccb781cae076ee8434
SHA512 e3e350b973f18d711dd02c53cf10be6cff82b593c96d54809595ecfad6cbd080734e0f59144ee107115897c753c57010f13ecf175b73b5bbb3e711e924009216

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 1d99d715816907c66f9e20317d111957
SHA1 3fc5439a9ed814846cd8c1c1ec9627d6bb744bd3
SHA256 bc4f291b72df26d383496cb1837a1202ec94f46b8adbce0ca0323ee1554d7286
SHA512 a0906dba4b5405f741ca74d2bcf42fd1ea9213a79a8d91b79ca3871ab74582a84d38c5f9d8e402eb3e0b26049b870b0c405cb49749fb034d47484f7de8287cf0

memory/3044-180-0x0000000003090000-0x00000000030A0000-memory.dmp

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 6cff54c84e0891a750faf80083c4a4b1
SHA1 97a1fb221aa194a44763c6a27d47b0acd737eb18
SHA256 98a2ff45c3a6230abe3818600d09f20b31f7b55a983d4bba2ad881c57501147f
SHA512 87c8a962bc22322905b02b5960ba84dd95d82ee68568e779983ad9c8994e4224ced81670e043e56a9f82ea2ad2fb2167e4d2d5082d86fcb1d942bbab5690e5ab

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 9c9ee5da6b679edb79ff6ba55fbba88c
SHA1 ea2c5c9f211535d6d5263a66429f1b640c140776
SHA256 852c4d97772b95ffa70192015d36a0af0e77a9de4a89809911a0b36e11b43fe0
SHA512 3787bd67a02ab6a72c412f34c54877ee382707ebc86515d888ada8f1f863b5eb8a4ef698754c45917f11866addabbdddb673812a3805676b23245ce2629fbc68

memory/3044-185-0x0000000003090000-0x00000000030A0000-memory.dmp

memory/3044-186-0x0000000000400000-0x000000000052B000-memory.dmp

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 f93428dc750b49440643702263491aff
SHA1 28df5a6cc367efe3988c2c243a4c47087deef578
SHA256 b6af1107a5b980c5f507cd8c99261ccef7d9b9dd849ccd85d64a41c9d35ed654
SHA512 5922aa425d577bf27f48aa68be819e126bbf7852de4f55f64a240547bf3dab51250ac76c0db9b350c62ffc047c709b9463536ae2d04603df77b5d9ff0a424f46

memory/3044-190-0x0000000003090000-0x00000000030A0000-memory.dmp

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\unins000.exe

MD5 6c5e6f2c3606f187c5120ee551d24331
SHA1 e0bb30d1be6972d60e42aeceee8375701e98ccf4
SHA256 fd02164088619b6cf0cc8fd00828eaf02c48ee2fb36f295cd3f8e0b02fb18d2e
SHA512 be9b3edc52fac49a7065e4aa94c9f42edbb63694914258041a4d891364609d90a86dc29e469e7dc615dc3d9f190a8012ae7305b206402601e5235c84dbd9de34

memory/3044-200-0x0000000003090000-0x00000000030A0000-memory.dmp

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 180990e3ecf117281e5f270700ce9f07
SHA1 b6c27f55dd4b45f62d21db2030f5d5f1b78c89ba
SHA256 bb476cc25abd354478005d594c25ea61cf1f9b7dee977c9873aae0f128cd47da
SHA512 f2e5a8c3a763338be61b1f647410bcb68aa0be0c9e1e8546cca21153f2defe1b11baa650e129edf1649f47a8c3ebf3ecc9699591555971c92795323fa265d5c6

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 d8a7838d52547d78b1e011bd3b7cdae6
SHA1 f14cb5e7bb737ea5d2dfa63b7e620acea598cb11
SHA256 4e4e3f0c5bf294d921badb1e596d0b99a487036b9fd46d8d9d1f2da8c0be9aab
SHA512 795afd8fec7a695ebbcb4a93232c11b8116b219186cda572c3db487886acba2c036544f6777d3a2ad32f752006c6026b1da3ff3dfb38fcded3e957c494223147

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 9f68030b4d365e2950b6645e119ab0f5
SHA1 0c7e0a59a4040ff96c9bd9e20a107609ad6bc24b
SHA256 5e099cf503a821fdfc81e4ac12ad8994c5e1336262f83807ff4eb6d39c954ed3
SHA512 01b28e298457f722e9f5d4e8cb31338472b2398856f1fae443d6f8ee1818ff51ac25ecddb718b1eb9c21d6a6ae3ef722546fae3ba7ef34d60843aa38541aa49e

memory/1716-207-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-208-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-209-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-210-0x0000000003430000-0x00000000035A0000-memory.dmp

memory/3044-214-0x0000000000400000-0x000000000052B000-memory.dmp

memory/1460-217-0x0000000000400000-0x0000000000428000-memory.dmp

memory/1516-221-0x0000000003430000-0x00000000035A0000-memory.dmp

memory/1516-227-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-228-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-230-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-231-0x0000000000400000-0x0000000001568000-memory.dmp

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\AutoUpdate.dll

MD5 b4715ca0f9f08fde8c82ffb89b455460
SHA1 c789d6a8f4b0dae97ebda5b99af7bf1a337882aa
SHA256 00b4e9748dfbdecca3bb3500768bb5e26d7de06ba81050ff0abec35e57517a45
SHA512 961dfd1652b828a7d2e6940908b237adc93559f6f2048026b62bcd46ca38cc0d8d06dacfdaffa381236ddc787a90ce0b5d7f82793474778f494c60b431b6b61f

memory/1516-242-0x0000000004CF0000-0x00000000052B9000-memory.dmp

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avformat-52.dll

MD5 46e4d63cdf7d3184e4179081c1efba78
SHA1 316b342c52d43b79efe60e7ed37a667cb549d7e7
SHA256 935f01c0ab7a1f509d4c02eed5e8a6beee6cfa9897fadb4dfc0f43a649f0d22a
SHA512 ae6044a090559d8bffca62c5d8b06d1cad5adaff74af9e9b88629b0331db9c5ea30c63c772e465b256aace0cec9c10f5700d3c98293b0782ab05a105145dbd69

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avformat-52.dll

MD5 5903c75593c744acd1c49d290bb24fe1
SHA1 13014411f3d6d16926c96fdd6e89253ed55ba250
SHA256 a974a051e8d26dbe0a672e710f9b3ab71d1407580301fa7d64d35eef96cd7056
SHA512 201e820fc80c8d2f44ac0483b91bb40383cef534a692c85872142b7b39ea29bf85151b13a41d5d97a10767facc8e9f8a49e333daee43a73a7d0f815b6362ee4b

memory/1516-249-0x0000000004CF0000-0x00000000052B9000-memory.dmp

memory/1516-248-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-250-0x0000000064940000-0x0000000064A16000-memory.dmp

memory/1516-251-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-252-0x0000000003430000-0x00000000035A0000-memory.dmp

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\swscale-0.dll

MD5 c9ea8c737889cd4f87b72b06239d4a4f
SHA1 b6dae6ac26725f3e23fd2f184c490a8dd489bc42
SHA256 513381fbbd4950c172699070af6a45c8c3193488e26202e33df4397f45816730
SHA512 bc999121aac043d445a21fe4d18d8122dc46ae9c672c647f773d9d9dfc10a00a2735616706c75363d0ec52a9731434221a695fc5b94e49b850d88112e6601489

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avcodec-52.dll

MD5 7ce4c8d8c43dadebee3a83d9e4aa37b9
SHA1 9e8ee1a9be72dc03fce99316253ddb9e8b42f279
SHA256 0fb7a0e27e5b6aca0fb04d6161c43d8ffb9f3e7c0d9c416b308c1a58ef7ac0aa
SHA512 0b21cd8b7c3b92101ec11236d7e3f68ddccf23b317bca1854849d34e67469e349c8a75ecc6b978bc046fcd70270f3125c6eacdd12dea09c042edd536a4c8a123

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avutil-50.dll

MD5 d7cfb561dc0170a3db0c9352b31a06f2
SHA1 84f0ee0f528fd2368951430a7ad63dc441963e45
SHA256 a23151c333250549de42b83c6aff06c0880ed829331c9cafa158d1b39a4c58ff
SHA512 eb541e663ed6ab9ee41ad7ea16997d63b1b586d3b78a7a9d4bc78f651dbdd5b5263f3b39c0dc85736cdd67d150739872a87511bfdd45ac120c9297bfffb3b6df

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\lame_enc.dll

MD5 0a9b1ff3db39aeba0ba1ce1eca3bc62b
SHA1 3d21ec0d2ffe3a5b122cc165f34067c45ef5a126
SHA256 ca6af76acd53124c033648369d31268723398d5c3422113fc59e9dc630d17f91
SHA512 a4cd4f513db67c48e8eb1ade323302430a11285e8e3b90b0c4394bc63bd9957373ad0d64bca2458cec8a0c5edfcf57459fc378dcded2e22e9468c1e2d34d8a6d

memory/1516-255-0x0000000003430000-0x00000000035A0000-memory.dmp

memory/1716-260-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-276-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-285-0x000000006D780000-0x000000006D7A6000-memory.dmp

memory/1516-287-0x0000000003430000-0x00000000035A0000-memory.dmp

memory/1516-288-0x0000000000400000-0x0000000001568000-memory.dmp

C:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx

MD5 21c273725d5897b8f71b02262bbde3d6
SHA1 e66d29e441f9d0ce2ae8a9ab1b37b173133aa8a1
SHA256 0bdc2dd09a4d7e1d0d22e8cff1218a9e0bb3101c45e6d75aefc3ef29d3bd0022
SHA512 1dd3668d509a98822115dc00cf567a9afec471c89d816a10482d6792ff5bd9680eb6b70ef506abc9330a91f1d82988a757c998ac02ba3f3cba1d79c696f4f0be

\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx

MD5 d94ae09d1becda835f3a308c046ab17b
SHA1 75324c9194180a2099555160d587f04ba99c8d71
SHA256 c1f05ab15487c0c56af9ff73209363d54d61c2cf30b18889d58e04a4eb86bbb0
SHA512 44d67f67971156cd160baada6085ea23c23fc269d7396874a3aaebff4986e4e95c5c5f0024ffa12e2bbc6288b09a3cda9bcaeb9f239ba4cf9fac1efda36f686a

C:\Windows\SysWOW64\Macromed\Flash\activex.vch

MD5 d3df1022c8caacba253ebfb4eb593a66
SHA1 1720b3dd6004c8240e657147341bb7e6d07134e6
SHA256 26e2b59d2b3df2db5e95e17a29e5a7a9968a188cea67c956d804fd94f0a5dafb
SHA512 16bc1e0cd7e7bdbbb3212e4b7a76f3d6ef9c2b77a258110caf6c083d84a080ccf458056e0678f68581ccdc0840ae85d188b58dc40c143fd3ea348b26a3beffc8

memory/1516-297-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-302-0x0000000001940000-0x0000000001941000-memory.dmp

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tutorials\fd_intro.swf

MD5 27ee9e17cb9c15d526e81c2a5e4f3524
SHA1 03ab26767124533b11ae46eca68ae861c32d0b5f
SHA256 72c39bda39402e786a1e77043435758c4742d43dd84dbf839b5bbffc5f4c56e4
SHA512 98e89b84782318f5fc771b73fd804664770fbdba4018ebd1bd78b89346a29d1988b490b2703f72bf7650f1065136aec142a16bd452615fe089527eaab18d02af

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 2ccc25469ae699ec11c0b8a776c6425b
SHA1 ad9908b8d1d04a1270644d748335cd5f8b14914a
SHA256 737469a5f7f4b1035eb0a75c2b56fb98e857a9f2f5f5df03effe83c1561c8dde
SHA512 9b3de56cf0c807b22bddec22e2b64e96928c30cc1e356df389c439f4d809100fdd7aa4410e470b2064ca78b7ead0598f6b97c2f8357f4dc32d46e8632a3575b1

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 5378ea524c2331451eb579e30f8434f1
SHA1 34c586d63e26e02b8c4d281eb00a4ad344077a45
SHA256 dcb59eae0138ee4c8b1a242ab6f9afa060a9cc6a39e41686148acb4a68d40d38
SHA512 0c79a78975e7050a99ed0e609b475c2d34ee78917693995ba213323eba57b7ac87900bd98bb25424e8752b591204acedf9a80e02171bad27474c1fe2f7391382

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 673e0953d5fc166fe0b1e677f3522cc7
SHA1 d4e44ed1ae3cae9e5048ed41447700c803e9aef2
SHA256 b718a96985e977a8a42eb74ceec4534bc199941e81bd1fa3d43f543274dc8fd6
SHA512 9bb3b48c23f016547b67adcfa099228c8dec8ff7869f8869c4e0aee762502e596f41544b513ab03c9e31dea13c539e46bf218d6d8980af904ae1b0ec544312a9

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 4a7e0ae727f331ff066fa06fd12efffc
SHA1 957aba33521d6045ec0db1224d109d36d460080f
SHA256 01c2b3984297121be2978e91c89fe5204b3ec42e9e7ca8fc9132db7c1d6130d5
SHA512 4b31e6948c5a4897081362524725497a16bf9fab850724880eff3f3bd571220164d2f81b2b572347e6d5e047d6bb36b69a8de767b10bc51886fefc74d875f2a9

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tutorials\fd_demo_limits.swf

MD5 39a58b195a0c0c3fc7fa104e9e8ff2fa
SHA1 0da735a8d3db03b405ccf5ab0ebea5827cf4a564
SHA256 07e0e16492f4a8bff66b92622062c4950b05a64c879731523d643bbc0b94d78a
SHA512 9ade4be4618353500cb05c372668d56a941eb8a3aac7348df684d3362fd0e508dbabe8bf78dddafe90b99be0ca90a0990005d41f5a5726c2dc57a6bc5958d5e7

memory/1516-309-0x0000000009930000-0x000000000AA98000-memory.dmp

C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

MD5 be4bf6c524d9f4d8e5903ace8f25a7ec
SHA1 d667a30a4fbbf2444e6b9fdc5545ba4a96bc9d86
SHA256 473054731436a79ae554ff5baa2b15ab1c507febfb4eafa80753530c447354da
SHA512 7c98b9f1e322a0470f254ea2899d9393376cafffd2fdfc03b1a37923018d8be6b884bbb542bf61b00f619c59df91b6167e99c188d4e1d85b5d7a7c9d741fb364

memory/1516-323-0x0000000009930000-0x000000000AA98000-memory.dmp

memory/1516-324-0x0000000009930000-0x000000000AA98000-memory.dmp

memory/1516-325-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-331-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-336-0x0000000001940000-0x0000000001941000-memory.dmp

memory/1516-337-0x0000000009930000-0x000000000AA98000-memory.dmp

memory/1516-338-0x0000000009930000-0x000000000AA98000-memory.dmp

memory/1516-339-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1516-345-0x0000000009930000-0x000000000AA98000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

memory/1516-385-0x0000000000400000-0x0000000001568000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/1516-416-0x0000000000400000-0x0000000001568000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 5e28e72b443ded036a4cf369d0dda3bf
SHA1 0500de4480a54243b12d096745c6ba04c9479e66
SHA256 15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e
SHA512 7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 15b0aaf42519949e0589846dbd0e7373
SHA1 cae3cf1d876c2588de6bfbf8158339f43cc7eebf
SHA256 44eee7468d19e58ef24c93ba401ab0299aa2849bea2f9cfe4a769d0b77f7cae7
SHA512 e65f80817a0453df6ecb8f075e5a93dde1f4d250a3aabf8c2055ea42152aa5c21a8321d64a81641bf19809b214eb8f90f6b7788d3a5bc6cd52bad5dc4d7a8d8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab2edfac79064dcc6b575adbc76aa8bf
SHA1 5291f6635acb421e4f3bf9fa348c02e257dc7c58
SHA256 38a36c107bf1f36d56799bd3ea93814c9367f8cec2c874d938ab9a73f7d00e5c
SHA512 3b3aeae5eb8bf06b82e0a03ab5ca1188377225f93626348567aba1ca8310550c2943422ccb2a26cf68ab7cc66a81b71c88a948fb45124b3b1666204aaeaae57c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c58505813fcc9cb390e07e0a901c9738
SHA1 8e6adfa23aa2651d6555b887e69104bc40805d78
SHA256 0396e5332d510a9038ea4f9dcbd86256aeb1ae7fa7ee4e3e568d71e24834fd6c
SHA512 ad2f8949d7e7df1e76616807fbeceb41dd7beeb774abd1e60adb214039600dfc0313423aae314758bf9d450cc982cafa7fd18d1f69014e0aeb94f9c4fca9f283

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d992a467d81186bd51a9b2be8da960fe
SHA1 dd49ed72206ca661be9f6bb1f079a263d1827a08
SHA256 e92fa9084d0c93f5311614a6d0b2872a88f79f74697403484b891df5f0469816
SHA512 00956846d06203f4a6cbd05b1d39f68109f46b0bc48e279e8b7e805da810a20d8ff0448505cc4152ceb8701614ab79099dcefc60c26d6d3fd876fdae768b3b60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f526fb81d1a99b93e73ca97ca1fa310
SHA1 11aec8c46255c7c5a82e88be2ad183fc11fecf80
SHA256 5816bec0ca7f26b871a586a947af383339d23a480dab2ecb90002e398c7afb3d
SHA512 5698f6b00ee7d3b65e0660d1815f64ff8d0a2813bf4e28fdbb4d16472b9be8868bace206d53540192a7a845a77437e87c88f4f2fd1e7ae8e6e0c0700f7fa4974

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4c4f7f08eb54e3285dd3e70b4646fd88
SHA1 28f14f80826568c5598df625f5ddc432f7f5395c
SHA256 c453a4c20a60328a7be012518301804e052657447c79c081f97ae48d9741447c
SHA512 da51a9f10001aa27ecb335f6a50d43b38c86111ea42c1c6ef0992751d84383d4039a48b9f9a521e6fdddb74e545542ddab3a9723af1ccd407546ae739ae59d0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7cc4bc08c21d426d672ad0de68d08065
SHA1 69a88b507075d54140def7972598a3421c0f8489
SHA256 64f8b055ba2c6fa954e5cc7333fe0a98355450b1a99a4491b226e74f413ccfc2
SHA512 e9758d95ff70c7f18ff0bd632a702b1be7fb7157b6e81cc513cdcd666b3568c44abb8755be852e9cbfbe3aaa0abaca3d8fb5a438ac4a9e92967bfc9c8df078c9

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 d340804628b12a4e15ad8079bb9a313b
SHA1 fc9bdd335ecf6b19054c5fba891d27a02b65f0cb
SHA256 782409570fa93ac831e8db7af7e2d0c2c078af7627f22f94bfd42bc9f035fc5c
SHA512 96e908a53a85aee0b05921b9c7238742e667bd3f31264bb3a08a662571e2816dea9ccd6b7aadb71b1624d6ef20362e07f78cd08d268e3615e5ea37cd8ec78624

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 05b1a26464491ce5f5dd1454a55c76a3
SHA1 ada60518dc17f9c1ec10d3e4b5b8a2dcfa82957a
SHA256 fcf44aa73b917b926398eb49ffcbf16d097946d910cb2f166f21a49f71a07152
SHA512 6af5c6bf0b294b97a232a9f7bfa166884271616d4f50974374b183fbb521a66b175d4945f923f85878e3bda8a5f7cbdb5295bc6bcb6594f38c2e3684ee7cefe1

memory/1484-642-0x0000000000400000-0x0000000001568000-memory.dmp

memory/2936-649-0x0000000000400000-0x0000000001568000-memory.dmp

memory/2936-650-0x0000000000400000-0x0000000001568000-memory.dmp

memory/2936-651-0x0000000003460000-0x00000000035D0000-memory.dmp

C:\ProgramData\Licenses\0B608C43E7FF4F3D3.Lic

MD5 3346889dfa9eea9f44d41ffdce2664f4
SHA1 b0bd370a24ddc25f6ab1f69a3866611378d94dc9
SHA256 561609a0dfeba5df46f45c3d4c974cce88946935978105620cf38d4ce09f7232
SHA512 3f5b47346f1743deb5360c6fab93344561346a8531a49f67794e98a5251eff8bad0f0cd0b3780caf9aafb343fa06318b67e3410f31fdd7dfba78c0ae3142637c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cab0dafbb3e1ed7cd8c14668fbf1dc4b
SHA1 b48a190c0f0e4b93e3c3a1ada54431389dfb7016
SHA256 b34bcb98701828b3064879a03695fdc70ff65f5d9105c5a3fed04ba778189907
SHA512 64bc880fca73d7763a576f51c71872eb8a1e8d7f0e067014e8cb4286631b8e8f8dcb96ba64b9a6ae2af3236a7fb76b01c7bcfbeb46313d353ad356c22a61973d

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\AutoUpdate.dll

MD5 22c139c1d4b14fb5cf8a688578b43430
SHA1 324942077845fd3f4b6a5642d5a67218033719a4
SHA256 500798d72c523b07d69cb7f116809ce270d1090a5608847864f803ea66406b27
SHA512 951bc53f76c3ac479e10ae3dd044811c9fdfda563c5b19138da3c222ad90bc931d789c20960260be8b291a06fe71e03e2a9c5eec2611c323f3ba73d3265c3fff

C:\ProgramData\AutoUpdate\FlashDecompiler.exe\Statistics.xml

MD5 6f4a6f22eb4e1d9c0af83b8e413e88b8
SHA1 aae506ed4366c5490c6acd9f7a466f135111d743
SHA256 7f21b4b275cf9d504c05ad6eb3b0cd26e499980d0dba4e52cfc09bd838c1871b
SHA512 e7b8a572ba0aacc00ad98517ad1fd84bf30cd09f3ebd3ed66b13bcba24dc95833a537e3b2d8ed9bd4387187aedec20dd14e0da03dc2c598705992e669bd4fa8b

memory/2936-684-0x0000000004340000-0x0000000004909000-memory.dmp

memory/2936-694-0x0000000064940000-0x0000000064A16000-memory.dmp

memory/2936-695-0x0000000003010000-0x0000000003011000-memory.dmp

memory/2936-698-0x0000000008650000-0x00000000097B8000-memory.dmp

memory/2936-699-0x0000000008650000-0x00000000097B8000-memory.dmp

memory/2936-700-0x0000000008650000-0x00000000097B8000-memory.dmp

memory/2936-701-0x0000000008650000-0x00000000097B8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c84d9583b92fb36cea058ec4b1e6ba8c
SHA1 a9e478b6b12e5df45db8c35a752b36f6b45f3506
SHA256 5076c672a0f112952ec82976b83ac73b80078478e5608f42c9359d7a6dcb33f3
SHA512 13a60abf25b55a2bf5bb6997c0f59f2e37cbf84b7bcca3318215cac2924a6018765f69441ba1e9a1bbde4d693ab452439413961d325d2795d84932e1a51f16da

memory/1484-726-0x0000000000400000-0x0000000001568000-memory.dmp

memory/2936-727-0x0000000000400000-0x0000000001568000-memory.dmp

memory/2936-728-0x0000000000400000-0x0000000001568000-memory.dmp

memory/2936-734-0x0000000003460000-0x00000000035D0000-memory.dmp

memory/2936-737-0x0000000003010000-0x0000000003011000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da976d1a12148bc36291049ef3a13bfb
SHA1 da8a080740f5ba3e2546140286b5886bee2e7748
SHA256 f15ca3097cd421dd6ae2919d26542156b8d9404e9ca3cc0c009b9c412e66617a
SHA512 cc3840eef8f89126b21c302cd2b666d926ef6415ac02e0ccfba9a27aba5cecf788465a418bdf3a4e577e836b1520408c93224725bd222927a5afce9a37b6a722

memory/2936-752-0x0000000008650000-0x00000000097B8000-memory.dmp

memory/2936-753-0x0000000008650000-0x00000000097B8000-memory.dmp

memory/2936-754-0x0000000008650000-0x00000000097B8000-memory.dmp

memory/2936-757-0x0000000008650000-0x00000000097B8000-memory.dmp