ec28a2158a01b865d15a95805eee56100061a9c5ad7262c078668016a7ff374b

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

826bac4a36729fbd2cae710adcec5a60_JaffaCakes118.exe
Size

2.3MB
MD5

826bac4a36729fbd2cae710adcec5a60
SHA1

4fca69b9ce3d2dd835d8b823300ca9a50c44cff0
SHA256

ec28a2158a01b865d15a95805eee56100061a9c5ad7262c078668016a7ff374b
SHA512

1fe2cfe5fdf92b448ada02e20c4737760e19d938d33f541d114dfd447510cc45648a641b994ab3dc91f3782d61a28a832f4574e7041e78461ec211926acbefc0
SSDEEP

49152:diXNYl1dnAUV3cfxPa5aHHW1vo5R8qa2Vb/jyR2hwrT4AV14T6fjCgfP+R3AxDgz:did/b2INT6fh+RwKlsY

Score

7^/10

discovery upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	install_flash_player_ax.exe

Executes dropped EXE 3 IoCs

pid	Process
1636	install_flash_player_ax.exe
4136	install_flash_player_ax.exe
1920	install_flash_player_web.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023c9e-4.dat	upx
behavioral2/memory/1636-14-0x0000000000630000-0x00000000006AA000-memory.dmp	upx
behavioral2/memory/4136-44-0x0000000000D40000-0x0000000000DBA000-memory.dmp	upx
behavioral2/memory/1636-47-0x0000000000630000-0x00000000006AA000-memory.dmp	upx
behavioral2/memory/4136-116-0x0000000000D40000-0x0000000000DBA000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1416	1920	WerFault.exe	92

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	826bac4a36729fbd2cae710adcec5a60_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	install_flash_player_ax.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	install_flash_player_ax.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	install_flash_player_web.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	install_flash_player_ax.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	install_flash_player_ax.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2	install_flash_player_ax.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64	install_flash_player_ax.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	install_flash_player_ax.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3048	826bac4a36729fbd2cae710adcec5a60_JaffaCakes118.exe
Token: SeRestorePrivilege	3048	826bac4a36729fbd2cae710adcec5a60_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4136	install_flash_player_ax.exe
4136	install_flash_player_ax.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 4460	3048	826bac4a36729fbd2cae710adcec5a60_JaffaCakes118.exe	84
PID 3048 wrote to memory of 4460	3048	826bac4a36729fbd2cae710adcec5a60_JaffaCakes118.exe	84
PID 3048 wrote to memory of 4460	3048	826bac4a36729fbd2cae710adcec5a60_JaffaCakes118.exe	84
PID 4460 wrote to memory of 1636	4460	cmd.exe	87
PID 4460 wrote to memory of 1636	4460	cmd.exe	87
PID 4460 wrote to memory of 1636	4460	cmd.exe	87
PID 1636 wrote to memory of 4136	1636	install_flash_player_ax.exe	91
PID 1636 wrote to memory of 4136	1636	install_flash_player_ax.exe	91
PID 1636 wrote to memory of 4136	1636	install_flash_player_ax.exe	91
PID 4460 wrote to memory of 1920	4460	cmd.exe	92
PID 4460 wrote to memory of 1920	4460	cmd.exe	92
PID 4460 wrote to memory of 1920	4460	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\826bac4a36729fbd2cae710adcec5a60_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\826bac4a36729fbd2cae710adcec5a60_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /e:10000 /c "c:\temp\SETUPBAT.BAT"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4460
- - \??\c:\temp\install_flash_player_ax.exe
    c:\temp\install_flash_player_ax.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of WriteProcessMemory
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\install_flash_player_ax.exe
      "C:\Users\Admin\AppData\Local\Temp\install_flash_player_ax.exe" {RemoveFile:c:\temp\install_flash_player_ax.exe}
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4136
- - \??\c:\temp\install_flash_player_web.exe
    c:\temp\install_flash_player_web.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1920
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 400
      4⤵
      Program crash
      PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1920 -ip 1920
1⤵
PID:4456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5

Filesize
1KB

MD5
1ba25895dc793e6826cbe8d61ddd8293

SHA1
6387cc55cbe9f71ae41b2425192b900a1eb3a54f

SHA256
cc4c5c999ca59e5a62bc3ffe172a61f8cf13cc18c89fe48f628ff2a75bdc508a

SHA512
1ff9b34fdbeae98fa8b534ba12501eb6df983cc67ce4f8ffc4c1ff12631aa8ed36ff349c39a2186e0ac8d9809437106578a746eec3854b54fef38a3cc0adb957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6

Filesize
73KB

MD5
a703cd922ea460e372f5a37e9ad67149

SHA1
bef81097e4bb0c99576b132e3604e63319187547

SHA256
5a467bb1f4c2d58886eca4eeb30587ec387f87055df6c8741ab8426c8eab3367

SHA512
3f3605c3f8f4256acf44f20e79edc2c885a75b3bc036dac7d3ba2c9e06a5e6a437c5611180fed52877cea045d6e9466c19a699f79396498f7fc130ecfe8286fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_DBC0394482C86DF73874BFA8B90905A8

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5

Filesize
182B

MD5
ad960c563d2fcfc7cb64cc85862ee994

SHA1
eef74124b50fb67319b4aaf3811912a0ac182b2d

SHA256
376d86cbfb79bd6ceb328bddc1dd9c29b55e7d55daaeb6a8bef20669cf1b43c4

SHA512
ae9f92a4c9dadcd76b19ef187b31de97ef05527ffbc225059b69ebd2fc187b93cb0ad90b748cba475f269aa6d241ecb720c6832fd4b435eceab4bd4a120e229a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6

Filesize
212B

MD5
f09d8c605eac18137108e4c491490d4c

SHA1
2523988d5fd0a67870244e08a1d4e43bd678d6e7

SHA256
a2303a9c170742b9a18c7832db52ebbfd3aea492be4acece5f1970253b50bc5a

SHA512
94f08243ffcff6eb9deef9f03f5d93cef046f829e826e99d059820a41f45bc7e4a2cd3148e659dd28e9db9eacafa2eb818366aab2bcd91ccfb27589eb52bd6ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_4069BD6CA0A97DCB6D4110B1A16AB213

Filesize
404B

MD5
1f75f37aaa2db92d6a14dc81c190a331

SHA1
ab85e3e709b7cacd710d918514811ccb3f865eee

SHA256
bde5306107cc305d7e99b79f4a2242559291b189b96832049e25b09a68838779

SHA512
7feb90dc981d4a34bab05bd9c2c3db3545a6441ce650ef47b9d9a2b74c6de0e359f2fdd8f501a0e2982f025a560551037ae94c7439909ba2d77c4bb4cc0bdebf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_DBC0394482C86DF73874BFA8B90905A8

Filesize
404B

MD5
f98ad4039f8c331fb15e4baba50786f9

SHA1
eebc969b043d15e7e7bbd8f408f05585c5f9414b

SHA256
5aacc232c72f12e8ce3a69e824d3de79b31e12bc59a9a0f885a22878ff627a3d

SHA512
92b4541abf3303f9836d91a0bc40bf2b3d61ab5c0519ff535ecf0f682ca2fb96b44d0f1fbf39b2bfba16a47662e022f1f995f5d86a265a7cb57f46eb46f3a08f

Download Submit
C:\temp\install_flash_player_ax.exe

Filesize
966KB

MD5
fb16e53712cde8512080680c4452a1cf

SHA1
d7e94ddf4a0d83d22f88e8019ec1101e9baaeb3d

SHA256
12d17f14b6087f12cc3f7a0c119f1155d75d112d84ef62e6f57e1650edf7b224

SHA512
2e19792e2f95a0ed9b173dc53fdcd523af04df8fdab249febdd8ccfd91e16e10af3131fea0440badff7cc86cc783aa7dfeac3d1b11de1adef9ed7af9a8452fbf

Download Submit
\??\c:\temp\SETUPBAT.BAT

Filesize
1KB

MD5
1e1dced00287a9e384bbbbe5f98aec8d

SHA1
8414c5fec1e0e112eb24b6ad7ff50c1f56753cad

SHA256
69bb06d604f6c96d2718388da6a26a7a9e12f3ccf7420cd2c65f78939c652340

SHA512
266ca049a922e3135ffdd58a120b6de0feb882c082cc738d53e8a24ec87e24012c08c52e2b1eb84caeb461e62ab342bd006c72ed202104fcef21307ea17583d7

Download Submit
\??\c:\temp\install_flash_player_web.exe

Filesize
540KB

MD5
ac9882ce10dcc80305edea31946f116e

SHA1
9731d9d6fcab4918c9e28c73bb3933d0334a2914

SHA256
91575fcb5fbd0b89f821d7828a498543bbc0c189b0f733aef39dbd4552f83c27

SHA512
e6f6cd00bf82189af22a36dbb2af3a3961c9c55b7c662255556240330f886690714454bd4b8733fb8d4a5d928401d27d5ba7ee86d42a8f5a2fad11b9b72cbdfb

Download Submit
memory/1636-47-0x0000000000630000-0x00000000006AA000-memory.dmp

Filesize
488KB

Download
memory/1636-14-0x0000000000630000-0x00000000006AA000-memory.dmp

Filesize
488KB

Download
memory/4136-44-0x0000000000D40000-0x0000000000DBA000-memory.dmp

Filesize
488KB

Download
memory/4136-116-0x0000000000D40000-0x0000000000DBA000-memory.dmp

Filesize
488KB

Download