1cc6193073a75d7ab69bc94ba2265ebaf3ee0e4780684acd242bb4eea298be6f

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 04:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
Size

242KB
MD5

116ec1b12439d8bbd2a4220e8a0c034a
SHA1

b9acb1845b16752bfca051cd4f9ddb2487c7493d
SHA256

1cc6193073a75d7ab69bc94ba2265ebaf3ee0e4780684acd242bb4eea298be6f
SHA512

e33587be241640a30f0cb060a0d55bc140a63ce9d5eefb9c21dfc1f894ee73b4f727ba7d6d8bc2aac095ea6b8357c2118cd4a5bff1ba6d88c4fe94a53d95b6b0
SSDEEP

6144:39ka8sKwB/q/4JZmFUq59nT4drJrLOgRHLslh2PA73:3KsRFq/uZmCq59TkVrLRrsr2PA73

Score

9^/10

evasion persistence spyware stealer

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe

Looks for VMWare Tools registry key 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Tools	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe

Deletes itself 1 IoCs

pid	Process
2604	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2624	3870112724rsegmnoittet-es.exe
2596	3870112724rsegmnoittet-es.exe

Identifies Wine through registry keys 2 TTPs 2 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\WINE	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\WINE	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe

Loads dropped DLL 2 IoCs

pid	Process
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\3870112724rsegmnoittet-es.exe = "\"C:\\Users\\Admin\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\3870112724rsegmnoittet-es.exe\""	svchost.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1804 set thread context of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 2624 set thread context of 2596	2624	3870112724rsegmnoittet-es.exe	30

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe
2468	svchost.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
Token: SeSecurityPrivilege	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
Token: SeSecurityPrivilege	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
Token: SeSecurityPrivilege	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
Token: SeSecurityPrivilege	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
Token: SeSecurityPrivilege	2596	3870112724rsegmnoittet-es.exe
Token: SeSecurityPrivilege	2596	3870112724rsegmnoittet-es.exe
Token: SeSecurityPrivilege	2596	3870112724rsegmnoittet-es.exe
Token: SeSecurityPrivilege	2596	3870112724rsegmnoittet-es.exe
Token: SeSecurityPrivilege	2596	3870112724rsegmnoittet-es.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	380	svchost.exe
Token: SeSecurityPrivilege	380	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe
Token: SeSecurityPrivilege	2468	svchost.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 1804 wrote to memory of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 1804 wrote to memory of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 1804 wrote to memory of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 1804 wrote to memory of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 1804 wrote to memory of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 1804 wrote to memory of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 1804 wrote to memory of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 1804 wrote to memory of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 1804 wrote to memory of 2256	1804	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	28
PID 2256 wrote to memory of 2624	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2624	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2624	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2624	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	29
PID 2624 wrote to memory of 2596	2624	3870112724rsegmnoittet-es.exe	30
PID 2624 wrote to memory of 2596	2624	3870112724rsegmnoittet-es.exe	30
PID 2624 wrote to memory of 2596	2624	3870112724rsegmnoittet-es.exe	30
PID 2624 wrote to memory of 2596	2624	3870112724rsegmnoittet-es.exe	30
PID 2624 wrote to memory of 2596	2624	3870112724rsegmnoittet-es.exe	30
PID 2624 wrote to memory of 2596	2624	3870112724rsegmnoittet-es.exe	30
PID 2624 wrote to memory of 2596	2624	3870112724rsegmnoittet-es.exe	30
PID 2624 wrote to memory of 2596	2624	3870112724rsegmnoittet-es.exe	30
PID 2624 wrote to memory of 2596	2624	3870112724rsegmnoittet-es.exe	30
PID 2624 wrote to memory of 2596	2624	3870112724rsegmnoittet-es.exe	30
PID 2596 wrote to memory of 2468	2596	3870112724rsegmnoittet-es.exe	32
PID 2596 wrote to memory of 2468	2596	3870112724rsegmnoittet-es.exe	32
PID 2596 wrote to memory of 2468	2596	3870112724rsegmnoittet-es.exe	32
PID 2596 wrote to memory of 2468	2596	3870112724rsegmnoittet-es.exe	32
PID 2596 wrote to memory of 2468	2596	3870112724rsegmnoittet-es.exe	32
PID 2596 wrote to memory of 2468	2596	3870112724rsegmnoittet-es.exe	32
PID 2596 wrote to memory of 2468	2596	3870112724rsegmnoittet-es.exe	32
PID 2596 wrote to memory of 2468	2596	3870112724rsegmnoittet-es.exe	32
PID 2256 wrote to memory of 2604	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	31
PID 2256 wrote to memory of 2604	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	31
PID 2256 wrote to memory of 2604	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	31
PID 2256 wrote to memory of 2604	2256	116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe	31
PID 2596 wrote to memory of 380	2596	3870112724rsegmnoittet-es.exe	34
PID 2596 wrote to memory of 380	2596	3870112724rsegmnoittet-es.exe	34
PID 2596 wrote to memory of 380	2596	3870112724rsegmnoittet-es.exe	34
PID 2596 wrote to memory of 380	2596	3870112724rsegmnoittet-es.exe	34
PID 2596 wrote to memory of 380	2596	3870112724rsegmnoittet-es.exe	34
PID 2596 wrote to memory of 380	2596	3870112724rsegmnoittet-es.exe	34
PID 2596 wrote to memory of 380	2596	3870112724rsegmnoittet-es.exe	34
PID 2596 wrote to memory of 380	2596	3870112724rsegmnoittet-es.exe	34

C:\Users\Admin\AppData\Local\Temp\116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Users\Admin\AppData\Local\Temp\116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\116ec1b12439d8bbd2a4220e8a0c034a_JaffaCakes118.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Looks for VirtualBox Guest Additions in registry
  - Looks for VMWare Tools registry key
  - Checks BIOS information in registry
  - Identifies Wine through registry keys
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\3870112724rsegmnoittet-es.exe
    "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\3870112724rsegmnoittet-es.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\3870112724rsegmnoittet-es.exe
      "C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\3870112724rsegmnoittet-es.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Windows\SysWOW64\svchost.exe
        
        C:\Windows\SysWOW64\svchost.exe -k netsvcs
        5⤵
        Adds Run key to start application
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2468
    - - C:\Windows\SysWOW64\svchost.exe
        
        C:\Windows\SysWOW64\svchost.exe -k netsvcs
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:380
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\upd3934cdb3.bat"
    3⤵
    - Deletes itself
    PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7038.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\upd3934cdb3.bat

Filesize
277B

MD5
d0a6c7b5246e6f8359ece3b0998d31da

SHA1
8ac99d8d60e59c381b843746d56c63c91a020283

SHA256
314ba9bc1ed27af7a1044da4bff73cd57485d73709e816f485eaf3a7a548d348

SHA512
b11a9c7204a5c3d002c3638c5ff0de995190f6ffac5eebcfa4f6a2eb5198d28ae881c54cc0eb243fe41610d9e4f7699de8f485a8156a7f6b00efc6d43b091e56

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\3870112724rsegmnoittet-es.exe

Filesize
242KB

MD5
116ec1b12439d8bbd2a4220e8a0c034a

SHA1
b9acb1845b16752bfca051cd4f9ddb2487c7493d

SHA256
1cc6193073a75d7ab69bc94ba2265ebaf3ee0e4780684acd242bb4eea298be6f

SHA512
e33587be241640a30f0cb060a0d55bc140a63ce9d5eefb9c21dfc1f894ee73b4f727ba7d6d8bc2aac095ea6b8357c2118cd4a5bff1ba6d88c4fe94a53d95b6b0

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\content-prefs.tmp

Filesize
3KB

MD5
70a7c732523cae20be715c92be55f210

SHA1
ec922dc13633f66a028a9c773f700a1ac1a470b1

SHA256
b3f5fb1756b594be47b879afe4335562a87298af7dcda7ba466086aea572796a

SHA512
66ff3f9e59ee041e55a865947b66d78238fcb10111b0deeb15436a4740d36bb8680e667fa2583d4917825154c1a73f9c17bdada4369dea21479c2854ca85dcde

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\content-prefs.yze

Filesize
2KB

MD5
c9b59fd755632596583d3fc9ffde7626

SHA1
516f5240daa98cd246182126c76a220e1917b212

SHA256
adbed3bfcf725224ace880619f63eabfa92bbe45842fe83c7ae7761aea443356

SHA512
5aa7b3f82a2be72ebb06ff05f1adb13196a4cc3c4e6ee3fbbcf26839cebfe89023a15863dd8f6cfdbc5f164356d29f671132d171f75b4cc0bc08d3e0d8748f65

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\content-prefs.yze

Filesize
539B

MD5
17262d6f8d01a6574a5881e22d381295

SHA1
534dff8b825588a4b3549ad4a662ae42b7bd30f3

SHA256
864f625b5211d12e04fa3dd77c7a1ec7a7c7b14e869d9f5f833bde2abf8d31b1

SHA512
396610feaa30f69b1b02ff32cecb70f4453c9dfc8535ca2f2190f151eb2b2b353068a67609ae3d1d98986edf05ba94e3f356c0c86980c1307af4f7b7d5b24eeb

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\content-prefs.yze

Filesize
1KB

MD5
075896a4740de286f68433bbbaa8d3ad

SHA1
685ea12c6f8c0e80e1cd57c843ab1daa540742e9

SHA256
171f14289e4dab53aa5ad99739ab63aebba4e3b492f2d4d9470dfa62a7fa848f

SHA512
cf796483dadb675751df4bf794d52923c5e95670f946d69f54366dffb68b72394cafac0fdbff7651959dfe920efd2ca6b5163bfa7435f3c9490ea06b471a0324

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\content-prefs.yze

Filesize
733B

MD5
e9f31ce917ae14bf77a7a193b2f7cbcb

SHA1
54c1e27407b650d9b33b11e17a4b04ea5569636b

SHA256
7c27aa0676859995748e3e23d579a9b120b2179e0690ad5745d3896137d92150

SHA512
25e0129db632c6cbf5884c46ab08512a84dd5abb258a9cfb5b74583119b216b3d7e33302edc613e6e7ae06fb795c4b91f56303e9fb0ac90b333cd02d04ec6c32

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\content-prefs.yze

Filesize
1KB

MD5
78066e988186d128cfad945e02fedfc5

SHA1
34ff06f0512b9ed462ba08a106c11b464e302bef

SHA256
dfc5b484b2846daef6d769c5e2b4a1f45ea2dea4739d2f875cfec37fae78162b

SHA512
95e75415c3735dc887cac217c163ee3d51c8566c6e38c5a0f5aa0e3e5cc3b907024669307bb8f8b34bb2636707116d9c5268ceb907855ff9e5970d92e1a060d3

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\content-prefs.yze

Filesize
3KB

MD5
009297628478b5a7d3a971d2864d7b7f

SHA1
1c1ffbc06342ef54a7ee932a10cf55cd896c7445

SHA256
01cbca8f22e8053d9f3b8ce5d36c6421ae8170f99f78e02a293c09deb061ed9d

SHA512
3587eb159fb38944ad53ffa6cec744ae30b5eb8d311321dcc9172e5a03ee00c92ecad02f17d5d4c8dd347178f5862a48edcbd00c89fabc357a88b616a7b63d23

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\content-prefs.yze

Filesize
3KB

MD5
db86411c758b22bd45434f901225d893

SHA1
c0f1c9448812408a055b7c14396ee91d99043910

SHA256
495409920db3ff29e6f75a2d5f07188746ce1421c49f3a30e339d8bfec3483f1

SHA512
f9f0e476ba50e9b06511d9c5d32f0a217eb361ff69cb09a30185029a33dc3ec1bccb031890dedf5ca854ca48eeeb38c2f2661ca80d843bd57f366ee168631b39

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\content-prefs.yze

Filesize
3KB

MD5
45b0653ec1cefb741b73627d6c3bf7a9

SHA1
56e9226fe79d2cc7c658a33814e98681edb51fb6

SHA256
46b987c72441cb10a858a48ea02ac63fd8dd6a204513b3f7ed939efd8e6aa429

SHA512
d0ccdf29c9cce11511648a3b1e1fbe4c90321536495c658292c8a8495e2ca0964930b9dd77ccd4336794735419370a265b2200158d0a1e909db63df7b19a971f

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\content-prefs.yze

Filesize
4KB

MD5
d82d9c3176b4b684a55fd28269cea3b5

SHA1
921ca0601d43cb569cf6552b64ebba1c7083e81b

SHA256
80e7df938628d7a167f810ad3f434926e23b8b72ded0654742e7ac2429ef9ed3

SHA512
9b52d183cf68c0140253307cda653cb01a18586a9513444cbbe00beeb01d1d2eafcde1fb9427c9c9fed415e5337a5554c9a4c9857543d5c75f844016e5a72a57

Download Submit
memory/380-152-0x0000000000080000-0x00000000000A4000-memory.dmp

Filesize
144KB

Download
memory/380-298-0x0000000000080000-0x00000000000A4000-memory.dmp

Filesize
144KB

Download
memory/2256-50-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2256-2-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2256-8-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2256-12-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2256-15-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2256-0-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2256-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2256-6-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2256-14-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2256-4-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2468-63-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-53-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-243-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-84-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-82-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-80-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-78-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-76-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-74-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-72-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-70-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-68-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-66-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-51-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-65-0x0000000000080000-0x00000000000A4000-memory.dmp

Filesize
144KB

Download
memory/2468-46-0x0000000000080000-0x00000000000A4000-memory.dmp

Filesize
144KB

Download
memory/2468-61-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-59-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-57-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-55-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/2468-47-0x0000000000080000-0x00000000000A4000-memory.dmp

Filesize
144KB

Download
memory/2468-49-0x0000000000080000-0x00000000000A4000-memory.dmp

Filesize
144KB

Download
memory/2468-48-0x0000000000080000-0x00000000000A4000-memory.dmp

Filesize
144KB

Download
memory/2468-297-0x0000000000080000-0x00000000000A4000-memory.dmp

Filesize
144KB

Download
memory/2596-44-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2596-32-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download