ce573c0b8c54161b468056ab6c62214edea12b05c1c25e1bbb6e54ace8a703ec

Analysis

max time kernel
197s
max time network
202s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

v0.81_FlashBrowser_x64.exe
Size

67.9MB
MD5

d044590bbe4a84781f4665bc5aaf883c
SHA1

eab1a5f0969c4766b54b436aec1057981e93b142
SHA256

ce573c0b8c54161b468056ab6c62214edea12b05c1c25e1bbb6e54ace8a703ec
SHA512

746d036e662a7f6c5a2450ba1b4415b610f9bf27b1264051a5208bd8651e109e6a020d28323b1d73e6dfcf706806d5553886b45b8ceee6009648012f8880cc9d
SSDEEP

1572864:zvVaMDheNapAdTpSE5qklfDPx8C/XJmYui2CYIfAY2Avs4m:BzZE5zl7J8aXAYN2C3AY2MsF

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Control Panel\International\Geo\Nation	FlashBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Control Panel\International\Geo\Nation	FlashBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Control Panel\International\Geo\Nation	FlashBrowser.exe

Executes dropped EXE 10 IoCs

pid	Process
2044	v0.81_FlashBrowser_x64.tmp
1484	FlashBrowser.exe
1232	FlashBrowser.exe
1280	FlashBrowser.exe
1720	FlashBrowser.exe
2636	FlashBrowser.exe
2680	FlashBrowser.exe
2428	FlashBrowser.exe
1216	FlashBrowser.exe
580	FlashBrowser.exe

Loads dropped DLL 22 IoCs

pid	Process
1344	v0.81_FlashBrowser_x64.exe
2044	v0.81_FlashBrowser_x64.tmp
2044	v0.81_FlashBrowser_x64.tmp
1484	FlashBrowser.exe
1232	FlashBrowser.exe
1280	FlashBrowser.exe
1428	Process not Found
1720	FlashBrowser.exe
1428	Process not Found
1428	Process not Found
1232	FlashBrowser.exe
1232	FlashBrowser.exe
1232	FlashBrowser.exe
2636	FlashBrowser.exe
2636	FlashBrowser.exe
2636	FlashBrowser.exe
2636	FlashBrowser.exe
2680	FlashBrowser.exe
2428	FlashBrowser.exe
1216	FlashBrowser.exe
1216	FlashBrowser.exe
580	FlashBrowser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
17	raw.githubusercontent.com
11	raw.githubusercontent.com
15	raw.githubusercontent.com
6	raw.githubusercontent.com
7	raw.githubusercontent.com
10	raw.githubusercontent.com
14	raw.githubusercontent.com
16	raw.githubusercontent.com
3	raw.githubusercontent.com
4	raw.githubusercontent.com
13	raw.githubusercontent.com
8	raw.githubusercontent.com
12	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cross-fetch\polyfill\is-L4TV7.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\fs-extra\lib\ensure\is-JMJPP.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\meriyah\src\is-R58LV.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\normalize-package-data\lib\is-393N9.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\pupa\is-H714S.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\resolve\test\precedence\aaa\is-2USV8.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\tough-cookie\lib\is-I6TTP.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cli-truncate\node_modules\strip-ansi\is-GKQGF.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\uuid\is-821N4.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\small\dist\es6\is-6IID9.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\concat-stream\node_modules\readable-stream\lib\is-TC4K6.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\electron-download\is-GRK0J.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\jquery\src\var\is-OM7PK.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\path-parse\is-RRH7S.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\resolve\test\resolver\other_path\lib\is-I0CT3.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@cliqz\adblocker\dist\types\src\engine\is-EVPH4.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@cliqz\adblocker-extended-selectors\dist\cjs\src\is-2FDA4.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\core-util-is\is-NQS9O.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@cliqz\adblocker\dist\types\is-JSI3A.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\electron-download\build\is-SRQ1G.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\extsprintf\is-OQSI1.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\meriyah\dist\src\lexer\is-B7N4T.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\rc\is-7GUEG.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\small\dist\types\src\is-OVDLR.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\small\dist\cjs\src\is-O79RN.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\es6-promise\lib\es6-promise\promise\is-FVEGT.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\fd-slicer\is-PGLF2.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\json-stringify-safe\test\is-RTDBQ.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\klaw\src\is-9JI42.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\uri-js\dist\esnext\is-BM6C5.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\guess-url-type\dist\types\src\extensions\is-EFOEN.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\small\dist\cjs\src\is-UUTJI.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\bl\node_modules\readable-stream\lib\internal\streams\is-MA1D9.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\concat-stream\node_modules\string_decoder\is-PBCQB.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\fastq\test\is-7EQOT.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\fs-extra\lib\mkdirs\is-BRRTS.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\node-fetch\lib\is-7SFBI.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\performance-now\test\scripts\is-E8D4T.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\is-B6G16.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@nodelib\fs.stat\out\is-GOO6A.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\ajv\lib\dot\is-LN77Q.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\has\src\is-5N1PU.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\meriyah\src\lexer\is-LQ9LL.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\mime-db\is-4RSUQ.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\spdx-license-ids\is-I6BP6.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@cliqz\adblocker-extended-selectors\dist\types\src\is-THDJD.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\enhanced-resolve\is-26C2M.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@cliqz\adblocker\dist\es6\src\engine\bucket\is-90CV4.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\fast-glob\out\readers\is-GGLVM.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\resolve\test\resolver\incorrect_main\is-KJC15.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\smaz\dist\es6\is-PF99L.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\electron-navigation\node_modules\electron-dl\is-P7UNI.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\meriyah\dist\is-SJ0IO.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@cliqz\adblocker\dist\types\src\is-BPB3H.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\jquery\src\data\is-M9IQR.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\ajv\lib\dot\is-0UQK4.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\electron-navigation\node_modules\pupa\is-IT08G.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\fast-deep-equal\es6\is-ARTK1.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\resolve\test\is-P3D42.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\resolve-dependencies\lib\is-GBO2V.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\small\dist\types\src\is-29LVS.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\guess-url-type\dist\es6\test\is-RLN6G.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\isstream\is-T8NSP.tmp	v0.81_FlashBrowser_x64.tmp
File created	C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@nodelib\fs.scandir\out\types\is-1P23T.tmp	v0.81_FlashBrowser_x64.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	v0.81_FlashBrowser_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	v0.81_FlashBrowser_x64.tmp

Modifies registry class 26 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowser\DefaultIcon	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowser\Shell\open\command	v0.81_FlashBrowser_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowser\Shell\open\command\ = "\"C:\\Program Files (x86)\\FlashBrowser\\FlashBrowser.exe\" \"%1\""	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\FlashBrowserFile.swf	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\FlashBrowserFile.swf\DefaultIcon	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowserFile.swf\shell\open\command	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\FlashBrowser.exe\SupportedTypes	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\FlashBrowser.exe	v0.81_FlashBrowser_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowserFile.swf\DefaultIcon\ = "C:\\Program Files (x86)\\FlashBrowser\\FlashBrowser.exe,0"	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\FlashBrowser.exe\SupportedTypes	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowser\Shell\open	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowserFile.swf\shell	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	v0.81_FlashBrowser_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.swf\OpenWithProgids\FlashBrowserFile.swf	v0.81_FlashBrowser_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowserFile.swf\ = "FlashBrowser File"	v0.81_FlashBrowser_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowser\ = "URL:My custom protocol handler 01"	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowser\Shell	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowserFile.swf	v0.81_FlashBrowser_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowserFile.swf\shell\open\command\ = "\"C:\\Program Files (x86)\\FlashBrowser\\FlashBrowser.exe\" \"%1\""	v0.81_FlashBrowser_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\FlashBrowser.exe\SupportedTypes\.myp	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.swf\OpenWithProgids	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\FlashBrowserFile.swf\shell\open\command	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowserFile.swf\shell\open	v0.81_FlashBrowser_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowser\DefaultIcon\ = "FlashBrowser.exe,1"	v0.81_FlashBrowser_x64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowser	v0.81_FlashBrowser_x64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashBrowser\URL Protocol	v0.81_FlashBrowser_x64.tmp

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	FlashBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FlashBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	FlashBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	FlashBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	FlashBrowser.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	FlashBrowser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	FlashBrowser.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2044	v0.81_FlashBrowser_x64.tmp
2044	v0.81_FlashBrowser_x64.tmp
1280	FlashBrowser.exe
1720	FlashBrowser.exe
1232	FlashBrowser.exe
2636	FlashBrowser.exe
2680	FlashBrowser.exe
2428	FlashBrowser.exe
1216	FlashBrowser.exe
580	FlashBrowser.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2044	v0.81_FlashBrowser_x64.tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2044	v0.81_FlashBrowser_x64.tmp
1484	FlashBrowser.exe

Suspicious use of WriteProcessMemory 38 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2044	1344	v0.81_FlashBrowser_x64.exe	29
PID 1344 wrote to memory of 2044	1344	v0.81_FlashBrowser_x64.exe	29
PID 1344 wrote to memory of 2044	1344	v0.81_FlashBrowser_x64.exe	29
PID 1344 wrote to memory of 2044	1344	v0.81_FlashBrowser_x64.exe	29
PID 1344 wrote to memory of 2044	1344	v0.81_FlashBrowser_x64.exe	29
PID 1344 wrote to memory of 2044	1344	v0.81_FlashBrowser_x64.exe	29
PID 1344 wrote to memory of 2044	1344	v0.81_FlashBrowser_x64.exe	29
PID 2044 wrote to memory of 1484	2044	v0.81_FlashBrowser_x64.tmp	31
PID 2044 wrote to memory of 1484	2044	v0.81_FlashBrowser_x64.tmp	31
PID 2044 wrote to memory of 1484	2044	v0.81_FlashBrowser_x64.tmp	31
PID 2044 wrote to memory of 1484	2044	v0.81_FlashBrowser_x64.tmp	31
PID 1484 wrote to memory of 1232	1484	FlashBrowser.exe	32
PID 1484 wrote to memory of 1232	1484	FlashBrowser.exe	32
PID 1484 wrote to memory of 1232	1484	FlashBrowser.exe	32
PID 1484 wrote to memory of 1280	1484	FlashBrowser.exe	33
PID 1484 wrote to memory of 1280	1484	FlashBrowser.exe	33
PID 1484 wrote to memory of 1280	1484	FlashBrowser.exe	33
PID 1484 wrote to memory of 1720	1484	FlashBrowser.exe	34
PID 1484 wrote to memory of 1720	1484	FlashBrowser.exe	34
PID 1484 wrote to memory of 1720	1484	FlashBrowser.exe	34
PID 1484 wrote to memory of 2636	1484	FlashBrowser.exe	35
PID 1484 wrote to memory of 2636	1484	FlashBrowser.exe	35
PID 1484 wrote to memory of 2636	1484	FlashBrowser.exe	35
PID 1484 wrote to memory of 2680	1484	FlashBrowser.exe	36
PID 1484 wrote to memory of 2680	1484	FlashBrowser.exe	36
PID 1484 wrote to memory of 2680	1484	FlashBrowser.exe	36
PID 1484 wrote to memory of 2428	1484	FlashBrowser.exe	37
PID 1484 wrote to memory of 2428	1484	FlashBrowser.exe	37
PID 1484 wrote to memory of 2428	1484	FlashBrowser.exe	37
PID 1484 wrote to memory of 1216	1484	FlashBrowser.exe	38
PID 1484 wrote to memory of 1216	1484	FlashBrowser.exe	38
PID 1484 wrote to memory of 1216	1484	FlashBrowser.exe	38
PID 1216 wrote to memory of 2152	1216	FlashBrowser.exe	39
PID 1216 wrote to memory of 2152	1216	FlashBrowser.exe	39
PID 1216 wrote to memory of 2152	1216	FlashBrowser.exe	39
PID 1484 wrote to memory of 580	1484	FlashBrowser.exe	41
PID 1484 wrote to memory of 580	1484	FlashBrowser.exe	41
PID 1484 wrote to memory of 580	1484	FlashBrowser.exe	41

C:\Users\Admin\AppData\Local\Temp\v0.81_FlashBrowser_x64.exe
"C:\Users\Admin\AppData\Local\Temp\v0.81_FlashBrowser_x64.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Users\Admin\AppData\Local\Temp\is-F9H0G.tmp\v0.81_FlashBrowser_x64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-F9H0G.tmp\v0.81_FlashBrowser_x64.tmp" /SL5="$40216,70142909,1135104,C:\Users\Admin\AppData\Local\Temp\v0.81_FlashBrowser_x64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe
    "C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1484
  - - C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe
      "C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe" --type=gpu-process --field-trial-handle=932,15695921507770689519,14335687836529053203,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --no-sandbox --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=940 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1232
  - - C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe
      "C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe" --type=utility --field-trial-handle=932,15695921507770689519,14335687836529053203,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --no-sandbox --ignore-certificate-errors=true --ignore-certificate-errors=true --mojo-platform-channel-handle=1196 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      PID:1280
  - - C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe
      "C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe" --type=renderer --no-sandbox --field-trial-handle=932,15695921507770689519,14335687836529053203,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Program Files (x86)\FlashBrowser\resources\app" --enable-plugins --node-integration --webview-tag --no-sandbox --no-zygote --enable-remote-module --background-color=#202124 --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=1396 /prefetch:1 filePath
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1720
  - - C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe
      "C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe" --type=gpu-process --field-trial-handle=932,15695921507770689519,14335687836529053203,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --no-sandbox --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=940 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:2636
  - - C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe
      "C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe" --type=renderer --no-sandbox --field-trial-handle=932,15695921507770689519,14335687836529053203,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files (x86)\FlashBrowser\resources\app" --enable-plugins --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --guest-instance-id=2 --enable-blink-features --disable-blink-features --enable-spellcheck --enable-websql --preload-scripts="C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@cliqz\adblocker-electron\node_modules\@cliqz\adblocker-electron-preload\dist\preload.cjs.js" --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1468 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:2680
  - - C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe
      "C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe" --type=renderer --no-sandbox --field-trial-handle=932,15695921507770689519,14335687836529053203,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files (x86)\FlashBrowser\resources\app" --enable-plugins --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --guest-instance-id=2 --enable-blink-features --disable-blink-features --enable-spellcheck --enable-websql --preload-scripts="C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@cliqz\adblocker-electron\node_modules\@cliqz\adblocker-electron-preload\dist\preload.cjs.js" --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=816 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:2428
  - - C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe
      "C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe" --type=ppapi --field-trial-handle=932,15695921507770689519,14335687836529053203,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --no-sandbox --ppapi-flash-args --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=952 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1216
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo NOT SANDBOXED
        5⤵
        
        PID:2152
  - - C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe
      "C:\Program Files (x86)\FlashBrowser\FlashBrowser.exe" --type=utility --field-trial-handle=932,15695921507770689519,14335687836529053203,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=audio --no-sandbox --ignore-certificate-errors=true --ignore-certificate-errors=true --mojo-platform-channel-handle=1916 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc
1⤵
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\FlashBrowser\chrome_100_percent.pak

Filesize
175KB

MD5
7c4728b2d58afdd97c4549c96b9561cc

SHA1
1e0d251eedd67e7021fc764b9188184617465c54

SHA256
419cfcc6dc5f38b2e0c970ebd4fad1ef55054579d5c0db2521d7ae494996aac3

SHA512
82d0931e4d1cf38f88050980f518cdacdc981c382771b1732bfbe69f601074a0e7378e27a7470c7dea4e287cb1617a5c038052908ed85134abcd5b6591b4e7df

Download Submit
C:\Program Files (x86)\FlashBrowser\chrome_200_percent.pak

Filesize
312KB

MD5
6af049ad6fd11ee90ad9db31c4e02082

SHA1
5d2f9a59a74dc584b5dd78aeb6de583e969e3eb7

SHA256
edecf8e1ac353bfdae534e42507e5a59973cb4cab76fbb1ff1a470363e725bc4

SHA512
c7fa6e1a57861e62b9b4d615a988c98d13cde8abc23eaed7c36c2ecb86409da4b65b1f579ca2f307e90eb4d08d14b07f7f41ccb8d8c165d6de67c09c16009715

Download Submit
C:\Program Files (x86)\FlashBrowser\ffmpeg.dll

Filesize
2.6MB

MD5
5f5abaee3925504ca6b1dcc358e639a9

SHA1
feca951b321e903254b6e0347d9f3e698471241d

SHA256
d12f0ce401dc6fcf5337f82b4cc7055d893f135ca5ed79978f1801fadaf0a39c

SHA512
5d3707f3c00a8b01ff29f3763817813170bf3b727960c5d5ea8a7e066d7eb80de2e947ae19b7d2de23d7594bb16ac0f2046ed6b1186cd239b239c0abaacbde92

Download Submit
C:\Program Files (x86)\FlashBrowser\icudtl.dat

Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\index.js

Filesize
8KB

MD5
24654746108fd211edfefe9f45d609a8

SHA1
7b74e4c3d2ff77efcedeba8f2f0bbfa98552cae5

SHA256
4c75e9e72b9ab0bcea82e69b2e430f6006bbdcd67a9571772855b9e70974f8c2

SHA512
a806bfff041098c908718d122ca6e57b7e50de234fee8594f7659eb08e723ed7f6b9c69adf9dccf2e36b72c5ccaab5b3954617539926ef16fa889daef2dccdee

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@cliqz\adblocker-electron\node_modules\@cliqz\adblocker-electron-preload\dist\es6\is-I9J8J.tmp

Filesize
23KB

MD5
2e258dba6c71899f540e3ce51a9d3db8

SHA1
dd8fd944808469bc7505c7f7593f369ea81ccada

SHA256
3dc360b99289407cc44188ff7f9bfa630d02fa046369e33d4c60ab34b782e51d

SHA512
4eea62aea8180214f576f28534ae03c205ec98eaf8dbc8dd834121ffa781680e9201e26153f97a98e342970aafbdba8a30a5eba3a9bc8595776004ca2962a76e

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@nodelib\fs.walk\out\types\is-C0J71.tmp

Filesize
77B

MD5
8963201168a2449f79025884824955f2

SHA1
b66edae489b6e4147ce7e1ec65a107e297219771

SHA256
d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230

SHA512
7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\small\dist\cjs\is-GMUJ3.tmp

Filesize
57KB

MD5
0dc2c152628ca51dd3282ca89f6e8456

SHA1
4a3f525a30caf678d745115ed1de3398ed9f379a

SHA256
a7a86695ccf759129614ea42bbecc4ec595bf917c601623479493507908fa895

SHA512
154b925911b070bd0e258cb03559d33c45fad730edeb9227382498e3324a5c3775093efdb990c59984e6671c6083bcda81089810c281996e28db158277ffabda

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\smaz-compress\dist\types\is-CU0JF.tmp

Filesize
132B

MD5
64e15e31fc4311ba4a78164e63f16cf1

SHA1
fd1dbcdf31fd2ca6d3009b025a6a889c5a722a16

SHA256
d03f4254ac4181f760474e07d7688a0ae8229b6fd79dd62c5306f3f231ad86fd

SHA512
7895d0a342699f17909f25b0aa67f4ba1907598e46ac2408013367b26adc98bab33b2fb20842fa04be5469894115f95f594794d2d53d11421ece5335596d0498

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\@remusao\smaz\dist\types\is-LOG72.tmp

Filesize
56B

MD5
f8469276f1264d196b57131905d8bf80

SHA1
3abdb41a8878115e1d1d68931b619022354b5f68

SHA256
ce1a1fae9216be8fc02e7e53b209f0d929e37d96ba944b961fc3febbd3fd31bc

SHA512
ff485b7274e033ba3befa7b01101631e9e98f4931c49cb32ae9ee8b9c2bfb02da56df7d461919c3da9953f8994ded11cc34f14bdfcc33cee6cbc985d529f5b98

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\ansi-styles\index.js

Filesize
4KB

MD5
9d4acb14d5449b232b22bfe40453b00c

SHA1
5f96df8b074e4854c03db87ef309eb6c741f4618

SHA256
d3f197d370760ddd8753c1355b4bdb585a787f1baa92bb8ed217f170c138b594

SHA512
34ddb9208914ac53ed7c0e7162f74d0313a8f348f34db824414028313c03de674995ac98bbf856f5219d44d1af1455fa41678eb14dbc4639567b9227ef11ca31

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\ansi-styles\package.json

Filesize
1KB

MD5
ab7a71ab9f6b46acda83106c5f34e6e3

SHA1
3c9ef7bd0a1c3d805814c654c457cc315c48c116

SHA256
d405f010681d53f77691015e98461f8484b2afe6a9edfdd2ddb27b1e8a8e883d

SHA512
4d99655ebd3ac09430ab6beb431d4f95f71bac48c87f67d10cfe2614f77b20655a47eecb973da1355e15104344dc4688a6c7df128514005d9bd5462c8edc62c3

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\astral-regex\index.js

Filesize
203B

MD5
7fbaddaa119db4530da15b89c710bd80

SHA1
7ba290719f22905da56f50f211aecd6b4ed009b1

SHA256
cb1f850d4f7b3faced8900d35090c800fbd36b7c6b9789017adf306e224943d3

SHA512
c7bc09a16d2c7535959da6cf418dc52180e56ea90ddee8d88a9dfc2e0844c90bc1391df7c372d224f5b664509065f062ce73f7147b88589c8776a33c602034cf

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\astral-regex\package.json

Filesize
562B

MD5
2a28ceb75f3380beac38c0107bc15bfb

SHA1
fedd0c742e7e59305381c88e44e72cad477d37b9

SHA256
de7b6f37998064125df71291045a95b97f7371f04fba6cce336302bb6fbf01aa

SHA512
6766372285882943fb6d666f0444c17dba3ee120a47178002b8ac139d50d8bffc629119b21c1f033ca691b5aa791d61d4f05ea3cb90215dcf60e668fba2abff0

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cli-truncate\index.js

Filesize
2KB

MD5
d638556942b03eb423d92aabc6ca729b

SHA1
9d1e837873478c57d656b90b323a3e784dcaeb47

SHA256
4331f894ede3aeefc6cc4b830e0ad957ad3462cb37fc1c0d95cb1945ce6b1f14

SHA512
8f92df69bf105a88b223e85437593b02a1eefb2b461988ef9aeb1fe59c4954bce11c734abecf3e5addb7b9d06bc3ee1de021ee7032b8976d904beef7adf2ab54

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cli-truncate\node_modules\ansi-regex\index.js

Filesize
350B

MD5
7d1a59d7267eef993b9827ee185500ab

SHA1
9305ae17262f6e11f8afd69835907716ba5c8ee0

SHA256
c92312790eb1f246b7c4c1fe9c1247b15441bbca3c6cb64d167beefc45302753

SHA512
d1bd977b33603f9d06d947bfe108c1945cc2cd4575cd39eb84a20f15876a7dffc59c3b52c92af3b6483c1bb426983bfcc0c00faffe32821a5bdb0bd7d38a0484

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cli-truncate\node_modules\ansi-regex\package.json

Filesize
841B

MD5
a23faa508e1750ce0af91a3f51c2053d

SHA1
f1b78e043012e1ab5689d57377093e88f1400677

SHA256
8b2dc166f2b74d5098bad38bdd3dd2f4d4775c626199872f5e36dbb48c40931d

SHA512
b53cd8d9164c75765d100d66ecebb7a21be515c85e66630ab072c147a5daa08f2a205ba03127edd4799c48867b9dbf99b2ae73c261bb16b937447574e8aa090b

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cli-truncate\node_modules\is-fullwidth-code-point\index.js

Filesize
1KB

MD5
4e13e3959f8c2840a6a8ab3da43c1e5b

SHA1
8d9c9023a3b6c9f8474e60f99ce698f68c1f4c5b

SHA256
7db24c9c5d58273ba32eee1bec3dfebd393fdeddd0b5879ef01dc595476e6979

SHA512
b68ccccfbeedf0596808498c004ae2e69c9739830d92f9c86d4b1a7f234f79a7f4dbf3f081993256e0c6164a5904472420cbc7c734fab54f1372036be41d755a

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cli-truncate\node_modules\string-width\index.js

Filesize
923B

MD5
570a2a45ed08d4c933084c566cfa9766

SHA1
e2b122265bccc50b8965d79b07a559a51e74747c

SHA256
ed69ea4f757130e46dc48a0cc31beb6257e61a31c70936d82b8a3f02ffd64df5

SHA512
f0ad29fc99cb379e7bcb2995c18a55da9ada9852456e8da752ecc679e0caf3d0f989d558ba5f041bb02bc02fb88a8c2f8ae7f1a524a2a041b54ec5637c71c121

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cli-truncate\node_modules\string-width\package.json

Filesize
941B

MD5
9546c3afdec6c3ee9a51fbb9d614976f

SHA1
a5306c15bba6cb123d9f061ca85eb56576c6638f

SHA256
6457a02418f004fe5d3fbbb19c7cbcc1450a8b887ff9a471dc6985ac83a48d36

SHA512
3e43d7d656ee1029abd5dc6da827db81907d99d60031111d747eb9b7354145e0262c113a061fe343d4020a3cba41fafc620d7d9f27cd2d8035a2af32b7eeab9e

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cli-truncate\node_modules\strip-ansi\index.js

Filesize
154B

MD5
d2f059d0b9cfa91f1e899a4632d33da8

SHA1
ac06aab8c4ef70f9d2c18bbd0b2eb5ef0bb7c900

SHA256
bf37cd692bf030c2ec270945bc26aa8b19ad379fa5916f12304758f709ab0978

SHA512
0685ed108c20c84b3c0d4bf181318bf3f3ad6602de1b5bb71dc6a8d377575e974c42bcc14f5d72a244f06044bce8f81005c57ec2d246a513b6f196700a5010c2

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cli-truncate\node_modules\strip-ansi\package.json

Filesize
798B

MD5
6a0c65b4bd6c6b9cd068e2232eef50d9

SHA1
892d549c672831716abe655f087946d2644f2852

SHA256
0130850b9da0584f54cc20d3dab6365c807e9436ac78e016d5009efa99bd0530

SHA512
724a1e498671494c22ba929060058b5539acd34b839d263c9058a07333cda543d5c77435a0a6f13f76adb2f32bb93fa2683f8089245dbc4c8815bde17168ebb7

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\cli-truncate\package.json

Filesize
790B

MD5
d2fc65864e8798a599a0a873a7c5afed

SHA1
f135f157f30a294354eee39915cc3c5c79b09c58

SHA256
158bc43e96ad71ea15210f2270ab1151ebb578fb0b131380fc24d47b1c834975

SHA512
e90dbc05686c8cae73acfb43fdb642e7565fadb861a2d60e9da2aa5b951e691c548eaca295f31ba6ec0ffde94b85f6b3f30afaa9d874fa7a1676cbf14ec89fd5

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\electron-context-menu\index.js

Filesize
10KB

MD5
f08337c8e1980fbb4d5f7e395012badb

SHA1
548a43c94f3b74f70ad37a806ecc1446833b8cf4

SHA256
1e7070935bd06fab58f791cd404ccd0edf43ac25b3772790c0db9d1e9913e3c4

SHA512
0c19dc91a56ea95e45955a4842c90433219d72c57601e27a20c5780a7772cff91d73c904356417e4d934923cfe55cedaf237b7ec544634613eada9fdade3ea7a

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\electron-context-menu\package.json

Filesize
1KB

MD5
0ea6c81d9caf61d05fa86e54bd05f896

SHA1
3f343ffb4530c0049ba7fd275256f72a02c898fd

SHA256
1e23a122e0f1f2e279c897e98841da1dfb65fa1ea1a7a2bc1c93a70b03671ab6

SHA512
dc72868351ab7b7ad506dfd5b895cbba0807e695c70a19e4b7cf11b999aca1d1ff8c59e9b4d0dce09d9aadb525c9069e6ef71e8435c868d10022f2b559cdfca4

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\electron-dl\index.js

Filesize
5KB

MD5
da56c93ea4e4e6a589cf6be21e855951

SHA1
5c4844cd72d611a360646499c4b97d674c4efb84

SHA256
c45a1a57f0e68bc1cd642f39b98d10f187c0edf1d5bd753832822b202a962e0e

SHA512
fa2ba98309d32299f3560f3a507b0e244a0ed2e39eb44b10b81c3c9d6cfe46e77bef94c0ecd591917006f695da3948114bab910ee306a9c870ac3781b6cb69b8

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\electron-dl\package.json

Filesize
1KB

MD5
fab4710b8b2432b1edcea6ce561dbf5c

SHA1
c693ee726a68df6290d05f6a534a1337a6e70ad6

SHA256
217b82310b2f571c7b17b5d7a7d3697e516f2788cac2b6d85aa85bc6714fb8b9

SHA512
97c0f8d4552a24205b603ae7660a74a45386f3f7e3117a93960dfce9723528df713d0f3aec4f7894d9b0b25858b13a67f8e0630ac099d2e105877c1840b3c7d1

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\electron-is-dev\index.js

Filesize
351B

MD5
fddaf52e0326ce1633d865715248d9e4

SHA1
0901d84dd7986901f8d8e42d55e7c7aa08060ca3

SHA256
3cb0133ef3db92f8a3a9ed4d5a22cedf41468e17fea4a6e625a86cbc66294572

SHA512
519aad9681f5af67e6b6c56d2dbe365a55cc67e55db5a0aa67460a538a3e4ddf548f7895f697c389ca3f5b2432675cd74ff6ca5d269596368665897806f735b8

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\electron-is-dev\package.json

Filesize
640B

MD5
29bfedc8cdd60d6f5a701dbf8f103fa3

SHA1
0234f9ca53bf8710c4316ceb57013f8a4fe9296c

SHA256
dfe9b6df870c6ab4bbf9f731a4a6810f44c9958809e5543d89c5aa875f81c8dd

SHA512
f55510443e95b827b34702ca8da9c8879bd5a5738feb03953e43f4f3dca1b1e4ccfa944cb5a350dc7f4bfee863906d96cb4ecb97ea0e02393055b4522ca5d98a

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\emoji-regex\index.js

Filesize
10KB

MD5
0438b0678667b951cf518a14560fa0b7

SHA1
e678799abbf2035d94ab0114ae0783b36a3e5994

SHA256
c56978800e47f095cfbfe96712b5e78d150d1f62e32bb4943675213fce481ef0

SHA512
75924c24968e298b1496170a66624b97a76a77fb4ce5968e7c097ad227401256752d9d28c8a1f84d313ce4b06f9dc9b20e3f75d81398c8951b45375ccb013e3e

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\emoji-regex\package.json

Filesize
1KB

MD5
57308bb3048f9db51fb79d3354f5a06f

SHA1
c26fe90da5886724a2676b8e3d5890beeacaad20

SHA256
7bec29b9ca68f2c4becc60e866c2f9342ecdc89fab39841a818ccd9eda15c148

SHA512
5a31e33ef89ee8c362ad35a097c539024570e2c2386f506bc6c88ba0959112b24450fd769c8ea91404667c181323f047f58d4bb80f37aabf6bed2e57129e333d

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\escape-goat\index.js

Filesize
797B

MD5
0a980b59f243d1cda2e1e70dcb888d23

SHA1
38b515de5d11fc8de154ca2e601832ad2f2646a7

SHA256
e963c05053adf4f814b93c0baf16eae9cdf5f526891dc015c5c6944365df4613

SHA512
2ab1b782c4e962f13a7487d715b01c6fdd5b888923cf16becb30d4dab8112d1c52960c4b2f8952a25afbf7ce23ec9a2af08ad37836acc0cf667554547fcfafc8

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\escape-goat\package.json

Filesize
718B

MD5
2f11efaa039ae210246a73d9852da812

SHA1
5fa3e74aca1e5351db988ed9a96b785e4c7d11ea

SHA256
1d13206cae8317adfc10ad9c1fe8811081c4751a781ac88d3b27eb86c2110af2

SHA512
fd7f9358dd5d4604a2d5e14c80670250e8ca69eafa293e72eb3273efa3086160bdfce93f52146607c00dae22720180ed3a3948014ff0fcb1a8b99b30130a0f34

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\ext-list\index.js

Filesize
306B

MD5
bb406bbe9aa0f2765f626b8d0ae5baa8

SHA1
7dc867bd5423ce2c11ee081fb81103050af97030

SHA256
8e3eb15616a7895d8d0b4e0ccd538040f048a8f8f39b39bc49632d524f2fafdb

SHA512
01a858109347f9280682d58cc17667f98dbfae735e5a4f9fbb71c35f97e808e88a1b346a6f7adb2c4e3448853207965a73352ad953383cb56ea9a11aa18fcd87

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\ext-list\package.json

Filesize
575B

MD5
0059908cae51d8c74e6978919bb9c68b

SHA1
ed4b7b5ad0481785ef315749f1bece88fbd43112

SHA256
1aa02cbc277189344e32609c0f7e9303811a0ebbf1691607343468975257a2be

SHA512
b595a53fb1d609591f6f41b0130e6987c686138b49959651c13701edba5cdfa0212046697fd9b3829a21d00af06c8aae6a2eb8b8bba07137bcefa515ef4aa232

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\ext-name\index.js

Filesize
579B

MD5
b27ee690ff99538591d349f3d6b3af0d

SHA1
55591b146a923a612fdbef6eb938ac92b2accce4

SHA256
09f54f2aeaf1b0bc9c4dd9ecdabd2aeccd60a7d1ff68d61c952077cccfa1371c

SHA512
e4c3f0188f3c16836a95358b5e0b8c1573e6976f9d7f20f14e02e2563dc1de3d946c6364fa776d87a2491e6623b841390b82a323a70c23ab1393acb6ebe33e97

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\ext-name\package.json

Filesize
617B

MD5
5be392bff7a564454036da5f70c0062b

SHA1
9cc0d1f321318a0de7c63a80cb66222a60be6b16

SHA256
b7dd56ec22b6e02488e6631f3e8d0812228161b6f02e04d5f7f25a9e58f4fa53

SHA512
8970c00fef9e980bd25a681453eaa71cd85222bb0d85f8f3d5b39f46d62b81fc74432bdb2be6a775efa1c1f11d977a1256e086cb8ae316885c60db9e0f9a3ecf

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\fast-deep-equal\es6\is-5E6NN.tmp

Filesize
66B

MD5
fd2074bf3f21a4f6085a133414905b82

SHA1
24e189e5af33180fb0add107adb9612bdbeee011

SHA256
d979def17dea97ee491c975f3d3cb31957b7970a791c1d5a3854ea6cd4cce91e

SHA512
8c3b737f047a8b2cf05a61d5ceb06c197c619e7342d6cd7b278b26d4b85477b12f0e4a9a160f868661955c45040a9e3097ab2b9a4b3c145df866fdec5174777d

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\is-plain-obj\index.js

Filesize
261B

MD5
1ff9c99264076e94a437e4235801272b

SHA1
16523ba84e3229bcd98780b380a4f4e323b8bf8b

SHA256
75b63f5b24021fe261ef53adf6ecb8ad3f344e6134fae55a8a2162f7bab3d012

SHA512
a7208df628ccf6b2c1c152a372dbdb3032aea0d9b5e8a57c8be0e46da9809ba236e494d0a194df465727a84ef327519bc69504afe1cd1fd66844091756922450

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\is-plain-obj\package.json

Filesize
604B

MD5
c44065a91a18d83f91088dbbcfefee2c

SHA1
96165e985c551894f224d8ef606b1cf98689b7ac

SHA256
3f2d9ecc4ad7921576d65361b4fce21c5cfee72a4fc18e38b6c2050738df67d1

SHA512
0c1e42960d0efd3afa1fe0906905d9bdc798b3501361680b5e078477cea2a9ff961b165547e8cadb5bb770bf75148557c231e3d3e0d73e6ae1cecd6e80c038ba

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\isarray\is-1KMKL.tmp

Filesize
470B

MD5
32fed65eac22c95ae43ddfd1729b9bf3

SHA1
88615028e91d7872104932a02b78a75f04df8465

SHA256
f9e5ef95d8e8f65a5dcd3a200b38e5a13461ed95114dac053d908c391c12d731

SHA512
b4bb501d9533d0b787339a81ac7e2679b963a6122c511c2cd16c5389a2bd45193d36378d5b36ec27e4f34940c3a8d99828720ecdc2c513ba0d1d855ef806968b

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\mime-db\db.json

Filesize
179KB

MD5
d419d80c8488a8a5ec0b8874f09616a0

SHA1
c1fb02e218772b807ba1faa2a7ed47462c15aaa1

SHA256
66d7569759d8f66ad24b619f15e643be31144d1a51ee29b26b81c3b0a0b6fbb5

SHA512
6bee04baeaff77343d11d643c3f1ce7521e905367f6820487c12f45a9ea352c9b716ed1fe0fe8b6614f228f47c8db0f1c61493e0a955580952e6ea4f27d5a6e7

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\mime-db\index.js

Filesize
136B

MD5
a3e41e93954b3742ed84d3050d6038cf

SHA1
31180f8d0ae079b1bee7ee03e77ea5323583eb06

SHA256
a2532ace32711ae90deb4ae4654c5bc4e56f0a1e21bdd15ba26334bf723dfb09

SHA512
3fb66322fc8b6bcd9284ca8896d540084a7818aa57239d87ee0dcaf29ba9f529a958906685b2c6bb04daf778faed8158811934e656db968e5dd5ee3184ea6b30

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\mime-db\package.json

Filesize
1KB

MD5
88f6ef95eafb68bf2feaa7977de7e713

SHA1
f78efb3d627e7b2671e5ee31d6d8d4a622b92cfc

SHA256
390658d8f315f4b4920baeb55a6f7ea604e3396398f8bd3d213911e8a0d2b9ae

SHA512
0ced704cae81710b207410000a673d97b72afc96d2b5247be184556d8c5ebf5cfa691c34129b14fe4ca2ae4547f1d1bf26efd36100ead7bd9ef792c21a4591f2

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\modify-filename\index.js

Filesize
410B

MD5
504ae9698ad7bb9ee85560c0708a251b

SHA1
bbe58fb63cab1a20151f87fabd4d72b0de191fa5

SHA256
986d2143fab470a323c7d7c15a9bd9e0e278d516f611713c2c1d4e433670b32d

SHA512
fd65242c510bbdac5c66164dd02f86578a453cc32c346caac1225cce6ef1d9d5c6f36e771da7ea60bd901c0d5129e5803126444b8cff8625b14b9b41b665bc89

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\modify-filename\package.json

Filesize
574B

MD5
30d1bfb1f3d3da9371c9bf295efbc1e5

SHA1
36893a86be4437c5cb9c3c5aae76651148e0a970

SHA256
ad9eb723cff26622530e8f3449742b91fcc77a944cc29c1a3dba4cc1d4dedea5

SHA512
898d8786fb4e76ef8f159bb5171e63ff3295b939ade1fdf1e6886f5e208dae4780f53598d995fbc25a6031933a25bd79990da9b1f8e4246c3a970ce66eeca2ec

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\object-keys\is-5SBL7.tmp

Filesize
13B

MD5
3d10912d07e7bc8cd7d2faea51adb2d8

SHA1
8b894ec0b3bbc33011392ad9bafeb1df2634db45

SHA256
16d30e4462189fb14dd611bdb708c510630c576a1f35b9383e89a4352da36c97

SHA512
8d609d64d4e3f7b92e6cb047b2c416902f59f67b716cfc1b030ff4a745f78e2cb65caab8fa38d39cf28e3997fe35ccc24c2e6b1c02de7a39e821467bdee70561

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\pupa\index.js

Filesize
1KB

MD5
2ba8330a872a0fd1b2c05aa9be5616b4

SHA1
c0a509bc6bc0573e931590323b7964ace76d0ae5

SHA256
cf2e02d66c2eca332279570b44f7ead4b32004dd9a5066f11fcae13d09768e14

SHA512
1b38468c82330b108666bea79885e1b146135b3bb6d3741963455d6de262b980ff5965da2043b6c6db18962ab1e792f8a0b746e789f25af3a39acc2a85abb5b0

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\pupa\package.json

Filesize
734B

MD5
900b534fc47ed3b7444b0b3c8bc2e9dd

SHA1
d79825f5ab0fd427b7348697437c10518154f132

SHA256
f1f765306c31e21c9c45e59795f93ab351e4372ece7404509a908d260bf22a19

SHA512
bf6cd2c1a912aa7c7d432e42493ea6fc921eaf2bd50b453862674657e37a623c9737afec3899e213e109ea465e483582135ad77d4409f2588ab1ef43646dbbcb

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\resolve\test\resolver\dot_main\is-7KO1B.tmp

Filesize
20B

MD5
0c1d9e1731bb3d71b0b7a15695bfab14

SHA1
db311f33466c97593aa59411fcfd87e8489d8f50

SHA256
6e66e366f0aefb84ad8110afcd9b2245702c643c831edf8316ff048fec739d2e

SHA512
45e19626ce38abfafe540dd1b108ef171a927b97bfa75fd3943f5f2670e2db6e58af7a33fd3caf0a75fb0e8fac0961928627b9abc743234de97c320b7dd09918

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\safe-buffer\is-RJOOB.tmp

Filesize
8KB

MD5
372fa012d04e945ab97c27e000f8df78

SHA1
0b5844a33b757b9db574541363116917fcbc6d90

SHA256
5e379df3d61561c2ed7789b5995b9ba2143bbba21a905e2381e16efe7d1fa424

SHA512
e420c6f2a15605de938f77a085453e6c0e84b62aae7640aa7bf0e576534f6b07fdefceea14cb2773e9a7fb042885b5bd108ef98e90258a37d3e907307c9fc674

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\slice-ansi\index.js

Filesize
2KB

MD5
d48bdbacc961d96711c8860644a250fd

SHA1
b9cbe561895e16e4070cfe024f845684f5e8fa49

SHA256
ba7946cedfc0375ac06077d87782e96bed31652160dbcb98194a82c483c8aa0c

SHA512
89839dc1649a1c66dadab1c60f5f73ef35895e95c83ae811b80b3e6f1e92f8e83912f2ff613efb550425a8622cafbdb862d93ef8b57acf6e541f25479cf1604f

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\slice-ansi\node_modules\is-fullwidth-code-point\package.json

Filesize
737B

MD5
7c2dfa1f539b955d64d6af55282e1d9e

SHA1
49dbcba3eb3e3cba5b97bce28eb6194775d23c88

SHA256
5b48496ca129073ed44a677b777ea3b91366c8bc228bc75fe858749a78ac1a32

SHA512
c72077c7bf831ef800f96bafe42b3e2534f71ccef210d95823156398d93c37ca29e7f3ec547b7a9f8fec0c94b42647aa5fe33596e0671a2b4f985236ca236c38

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\slice-ansi\package.json

Filesize
775B

MD5
9631bdaf7f76b0a52a1948a87401da51

SHA1
81f2c3be72025e73b5417a0fd588b39e0ba8c459

SHA256
b8499f005b41303ad31286ad520dff25ffd9d21ef4bd12bbcb6546ae78a0b468

SHA512
46d8c5981e9790d3e8723c851f25143c85f81c4fc0a3ebaf02b113aeba6fc0a3e12b1a7a0bf3e5d90e3c6bee0907642ebf147995a63037fb34838b4523dd3cf5

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\sort-keys-length\index.js

Filesize
356B

MD5
38fdaaabfd3d5bd0df7e93b843e82e16

SHA1
52fe42337eb9663f8f4f29100f40b7570be21e36

SHA256
a91203cfeb2736d719e81a8546e89b460b18cd7256dd19bdcd3066ce5d61bb5d

SHA512
699d800aa4bec68b1069d5021587faf48f9b80382ad535523171bda42ff1b45b855732cbd075cf12723b2798488a20391d3b7286d62ba4d0ff6c1617d0a109d9

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\sort-keys-length\package.json

Filesize
578B

MD5
092af12025499afb6d61f8e742b38214

SHA1
a9e67fe75f99168558e087c823e00d16e2e5fd9e

SHA256
397d31b7680c4de5ef238fa187ab90c465d9001725425f1b5afcbc21da3117a0

SHA512
199e461a33fe9baf9ee94d6625a37cde2b0468069b1890e60af58b65d44688bf2a0d2ec46cd5b681e18390cb7150adacfcce76ba49cb99fd47682b832cb48a32

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\sort-keys\index.js

Filesize
788B

MD5
baf3a7a385d3345bc4c385795e0b326d

SHA1
c2f8a0e2813ab5f5a5ef9d28f4b6a6185d233d9d

SHA256
ae87c455241bc3c1bfe9f37ac83345975f44a50fe93c2cf42c9b6364fbe68c5f

SHA512
3692d8bfec4fe2f4a2951d9301361cfb6e3b7cce394a6de09288ac04c2b9e7fc12cb959d726255511ef8cda23bad3b97f86db13025bff10dba139e8f975a9e09

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\sort-keys\package.json

Filesize
673B

MD5
4b6ae35de614e2c17f5b6f64ab5174ae

SHA1
92992db85cebb6cc7fe8499883fab75317dede8d

SHA256
a72e52a4583971e362e857316f0ac3455d8e337edfe9d517bb4b3df59c623019

SHA512
9e321ca63bdded6e865196a2fb8d78f935dbe082c2912118b39b9837e01347807f030056da9c41de19aefed78c191a99d499c04ac97fdad1aa419f17f48aedb6

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\typedarray\is-223JT.tmp

Filesize
48B

MD5
9a948e25c9dd10247619f816d6f38985

SHA1
a88152a7be9167603b19549ff75cd80d22501731

SHA256
9b9a2cce2d8b28843a1a10647f82300c8403ccde268df5b6abc6c349e5167b34

SHA512
1bee2f37f6cd3d1d1acd21d9a355273d51961a93af940e29ec807f52d4547f50465cb6693c78815f89d01f6e5a9b73f748dd702f1196023a56a6754e3ff9666a

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\unused-filename\index.js

Filesize
808B

MD5
fe7f0e0827cdc52b8db64ada7c93553c

SHA1
9658ba14e070efcb278c130b503e09617db202a5

SHA256
8a39b9a4111b9e1a1bde7c8041a55811f564648138fd6a13e91dcd7717331a75

SHA512
e41a2f91730db8056f26585aec349650689ddb94949c452cfd74d46e314c214c5d1115ca4c92b83e1ec068a90e89256ec23db6d36b8d45354b8bdde09b68ebfa

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\unused-filename\node_modules\path-exists\index.js

Filesize
347B

MD5
80637efcf86a9be0842e685bd13e6d8e

SHA1
e67614299feaa6105ac0b8acff41fbad72d12215

SHA256
379a30047a60f8d7b3bbbc2fa1fa0362f53e11ab7e63859fedfa7f2e25a99601

SHA512
1d8b8da9439b323745aded07cf23ecf5c3319750af15e1be95c88faf1698bfca6d22feab50f1c7479f8b2cf6f8540120b9319650f058cb838410bf4f79ff3638

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\unused-filename\node_modules\path-exists\package.json

Filesize
607B

MD5
99ba5e8952c0bb3471b6b1611a0fc534

SHA1
dc362acdf83f36298d8ea6c823ac1d0b3b2096ea

SHA256
5e258d1a0d185ae469fec34de2af18913421b94181ef61238efcfe0b00d1b2c3

SHA512
58a128c36bcd8c92f5350025e1c2d2dadcc7ace674c904cdc11de109449e7ab883f3b7596722ddf57fe1148a361a866180bbec3de1ec81f83b6f747639e6fd10

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\unused-filename\package.json

Filesize
796B

MD5
f368f3eaad8a61f3aa7a124919f0597e

SHA1
ec409e5da5bd19492cb8964f3e183ad0707dfad1

SHA256
6b9349e7c64183490b92f87e8b8d80779df80eb9ffd1a74ea5a2cf5c68f0e525

SHA512
8c7a5fc1bd56865cccd1d76ffdbd0a51d94aafbeebe1464c3d0f72f727b05eb594e368239719e9bb7714c997a5025c42a6178608e1c612f2babb96bcddbfea6d

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\uri-js\dist\esnext\is-98SUK.tmp

Filesize
2KB

MD5
10d8cd218034e95aaf736527efdef7e9

SHA1
c6c817c167d253b816a519a24fc272505cf1d334

SHA256
9f3c5498245c38c9016a369795ec5ef1768d09db63643c8dba9656e5ab294825

SHA512
90c5e9c3106db0c435ecae0278699519a1c4389c0037e549a4b685f231523e3397b39e56e34fac7cffa9e1a35113722b965e4906a535548dea0e449df2b0f5c4

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\node_modules\uri-js\dist\esnext\schemes\is-VGHET.tmp

Filesize
108B

MD5
9b104059fa384d20d4f99137adff65f2

SHA1
48b9f9fe03f37da0019110022632fd2f0de9344b

SHA256
fb2f19ae967742423ded567ffc411b2c947a47813750a745e3de5fe3edf8a878

SHA512
dbdfffbaad5245a07ac744156d5c337d5c19aa40f1ed4a80bd25339bda727e25778609f5d5a23d376ceed67d4094f0e9d546426d0c66af7c993e57e59345ffe8

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\package.json

Filesize
2KB

MD5
857e30df64c13bf0727ee2ead8bfa2f5

SHA1
3e13022ab0b5e4cacd39057143bd1e84afc25290

SHA256
55ff762403ebc51104e87479de0f1b068ad2d30d926207710281c8f5c49d4d02

SHA512
ac0c4d4d2bbf11012dfa036e04d60199f8d2fbe3ec36742d70ae3719b012b506e35b905d435dc2e11aac4d37c00c415dfcbe23a1b5ee5d44923365fdf8ee8513

Download Submit
C:\Program Files (x86)\FlashBrowser\resources\app\store.js

Filesize
767B

MD5
2c06f435a197a2b802f0ed47febf45ba

SHA1
ba7bd77400751ced0562705221a651077083ee39

SHA256
f1bdf7d450eb72cd43adfbb5f9f94135d4ee4d1548e3db07493a1986f78b13b7

SHA512
071d2d76050ca37e6db4df946030981262cf64be1650c0b9ca396a4104ac3ad9bf55d192ca527f41ae33b9dbac183bc8ca12ae915886f7559692d6df9d7b6fca

Download Submit
C:\Program Files (x86)\FlashBrowser\v8_context_snapshot.bin

Filesize
166KB

MD5
8f9658093a87adefba1f1542d5e88e7c

SHA1
adf030c6e8579db6b9fb8f9bfb9e11fe63a9ec96

SHA256
a6357699c5ecec9fe34901813fededdf788bc3066a6548c7f868f0acc4caa5a3

SHA512
4b3c40510ac38fa282c5fc02572220b5c95a62161c869a0a86bcc66b621124901ac770ee36ce1d314b6ce4499a0027499827c734db1e270b9f266190885147e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4247617f52f2c1d553907d7b9f548bd3

SHA1
0a5b0a3d7010d546f25528a4178b6c9038bf0fe5

SHA256
eeb547ad21969b2b00e123928be239bad016ed5de279df47aaeeec3d756cdf6b

SHA512
cd86dfd363e056162ff7a081c98f4b7a10ef319a9f092489dbfc6dad643368bfc7ec7a9dac7bfab21d29c5c17d5bc1b89613e919f1442908fa766b765054018a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcb271ecc16bf7eafcca4edb3c68c8c5

SHA1
55810bbce2c2333fc8383742198c3c8ccc6d8801

SHA256
356208301856c9cdcfec7a57349b99d1d3881d3ff9f364ba78bc4229b65f7fe0

SHA512
a1a3c61d121f37dd68875c37f0da235404296654a88a54ffb34f5b01c50761919a7c2ac20f1808425acbf7bf3bddc8c7e9bda06bf7387612f17fbb9c0a190441

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab713C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar71BC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Flash Browser\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
909a1724437a1a7da3e42c40a63ba6fd

SHA1
1dc5ce150988509f3e5825c644d04a0b344e9a16

SHA256
3c2ecaeb51bcf9a627bbe4e288f556913ee23adfdf581248bac19fa6de4d076f

SHA512
cae64262129b46b5b5d464ee082b3d4fe23f5f8175a74199c5d1dde759bd2c6d57d92275a1e186e099deb8e077fa46ef4387a8e1cd03a07ae06d867ddad30833

Download Submit
C:\Users\Admin\AppData\Roaming\Flash Browser\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
294113203542b6bd1400a5c4e773b8b7

SHA1
de9226e287a620f013645826dbd7d06fb90dcf04

SHA256
a75858fe396d29a4bbd7ff5adf59af64285c2c59ce08607a652fcd0c5df0d9c9

SHA512
18bd6acf04cd549ff0d0e1b4f47ad92fac69f098dbae55505c2695cab471bfd572deaddf50ca7abf311595ca7b4a29ea4b74549f0fd681335f9d61a363d12a6f

Download Submit
C:\Users\Admin\AppData\Roaming\Flash Browser\Network Persistent State

Filesize
557B

MD5
449baa1fa3845b20080d2041a3be06b2

SHA1
3ca3f251a1e867271384228d769a26835712f47a

SHA256
101697e9be570c26c358f62f52331ea5548506eb09fcb6aa7f36b3e91904818a

SHA512
fdddf7248d3f5d0b09f07df3011d2a1f03637e298239eefb9d61511401e22fd19322cf04ab0255f7a5293b3f4b1a8b8fe580c715c5ca1cbc06e5f890ed94e861

Download Submit
C:\Users\Admin\AppData\Roaming\Flash Browser\Network Persistent State

Filesize
557B

MD5
586a876a7fdd742dc6e0ed8f0cabda02

SHA1
21f9f93ea8546e3b9e2dfaa671ae4e4ed98e470e

SHA256
1e01129e003fb4ec70f193b270ea3159ab3a0a729e0ffe35e71ca45ec3863cf8

SHA512
70a2c8501be09eb2dc5d73c4a9d5b3346a5e6a30ca26fdff2b8db8bbc65aba04d99cb52e2bb8818ae0540adca4d4291bf0efc9c3da09f15b85820f653edece5b

Download Submit
C:\Users\Admin\AppData\Roaming\Flash Browser\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\B2X54DDK\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
397B

MD5
18f13d5d50365841e15f38ff3b576470

SHA1
925af99273268c571faa7d8aec4ae16b3710fd28

SHA256
f5a513d977e777f36d61dbd5e2be3c737ade51f304a712f7955244264303adb4

SHA512
61f12376bcb1b41bd791f4b757a28241472e0857d6e25b2456d98b5d8511af1ee69a94a1d288799eb459aa6172ac63988af26694a1df4813e01b4ffa8ac1a326

Download Submit
C:\Users\Admin\AppData\Roaming\Flash Browser\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\B2X54DDK\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
1KB

MD5
ad5010fa0b604980dc20d4010f1eed8a

SHA1
53fa63ebb5eac235c5237efa11869b4c28759d61

SHA256
4da38e7201b3efb57724b3d72fe8f20509aaac1556ae58dd8c0343e87301f686

SHA512
9ec77085b541a932ca838cc922de6ce1459b70ffe864ed00553296b22aeff9ab3e4e419727f027d5ae6405855424447b96b99289aed934ac3c0a8eeaa53e50f2

Download Submit
C:\Users\Admin\AppData\Roaming\Flash Browser\Preferences

Filesize
132B

MD5
290c70a39ea236b46c05c02fc8a26323

SHA1
aa343a0ac0729d7e06a085ee0b7848ce4d77cabc

SHA256
4d211c3c6992897ae6071aeb81c65f405d206c5cd68befe046efdb5285fa8dcc

SHA512
0efdaefbc45fb1cd2aee8b5475d9f7456df48784fd045567093199489c23de7daebedcc5bbebca6b1a897574af74436cddc1f04604266c8e76514c94d4f1ad7c

Download Submit
\Users\Admin\AppData\Local\Temp\is-F9H0G.tmp\v0.81_FlashBrowser_x64.tmp

Filesize
3.2MB

MD5
15998f61d92d7535cdc9f6397164f699

SHA1
515887a6ba23cc70e01e708917924cc74cf579b0

SHA256
31cd09e3b00edff599cd745eabd6f0cff1518b1d32066f5f51385c2ab6eb5232

SHA512
104ed9ea7adb10fe367422931ee0e52ac0a9dc2eaed03b04122b7d3eaf162a9a5a402e420426121615c0d6986e159541c3d00fa018f2b494b1b43cc3e4368198

Download Submit
memory/1344-0-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1344-10-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/1344-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1344-4752-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/2044-11-0x0000000000400000-0x0000000000745000-memory.dmp

Filesize
3.3MB

Download
memory/2044-3388-0x0000000000400000-0x0000000000745000-memory.dmp

Filesize
3.3MB

Download
memory/2044-9-0x0000000000400000-0x0000000000745000-memory.dmp

Filesize
3.3MB

Download
memory/2044-4751-0x0000000000400000-0x0000000000745000-memory.dmp

Filesize
3.3MB

Download