Malware Analysis Report

2025-01-22 23:11

Sample ID 241207-zbr9xsxnfj
Target flash_decompiler.exe
SHA256 8702aca7ecd0552f596d6af97c397ffead6302182d8c87ae8dd3feea9dd8a5b4
Tags
banload discovery downloader dropper evasion persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8702aca7ecd0552f596d6af97c397ffead6302182d8c87ae8dd3feea9dd8a5b4

Threat Level: Known bad

The file flash_decompiler.exe was found to be: Known bad.

Malicious Activity Summary

banload discovery downloader dropper evasion persistence privilege_escalation trojan

Banload

Banload family

Event Triggered Execution: Image File Execution Options Injection

Checks computer location settings

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Checks BIOS information in registry

Loads dropped DLL

Network Service Discovery

Checks whether UAC is enabled

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-07 20:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-07 20:32

Reported

2024-12-07 20:35

Platform

win7-20241010-en

Max time kernel

141s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_176_ActiveX.exe C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_176_ActiveX.exe\DisableExceptionChainValidation = "0" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_176_ActiveX.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_176_ActiveX.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A

Network Service Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\Macromed\Flash\Flash64_14_0_0_176.ocx C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
File opened for modification C:\Windows\SysWOW64\Macromed\Flash\FlashInstall.log C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File opened for modification C:\Windows\system32\Macromed\Flash\FlashInstall.log C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\activex.vch C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\SysWOW64\FlashPlayerApp.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File opened for modification C:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
File created C:\Windows\system32\Macromed\Flash\activex.vch C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
File opened for modification C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.dll C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File opened for modification C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\system32\Macromed\Flash\Flash64_14_0_0_176.ocx C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
File created C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.dll C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tutorials\is-NBA3U.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-DH47C.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-AB67I.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avformat-52.dll C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-8C222.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-7O6OG.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-P9FNI.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-2TO9A.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\unins000.msg C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avcodec-52.dll C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-Q7US3.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-61QFT.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-FUN9N.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-6B2E4.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\swscale-0.dll C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-IJ29R.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-ARJ19.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-2E3HD.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-N67R2.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-BFHA2.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-H8AAC.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-SP26Q.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\lame_enc.dll C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-4PPGF.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tutorials\is-VQ836.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-KB85M.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-7SL5H.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-BTF1K.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-OHVL4.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-2J3E0.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-7BQ9D.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-S8R86.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\AutoUpdate.dll C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avutil-50.dll C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-BFTFO.tmp C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000} C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags = "65536" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/futuresplash C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppPath = "C:\\Windows\\system32\\Macromed\\Flash" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppName = "FlashUtil64_14_0_0_176_ActiveX.exe" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000} C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/x-shockwave-flash C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/futuresplash C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags = "65536" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\Policy = "3" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppPath = "C:\\Windows\\SysWOW64\\Macromed\\Flash" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags = "0" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppName = "FlashUtil32_14_0_0_176_ActiveX.exe" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/x-shockwave-flash C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ = "Macromedia Flash Factory Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D62F405A-97CC-641B-93FE-D85298F2F3AF}\ = "Constructor for Scriptlet Automation Handler" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0 C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\ = "Shockwave Flash Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8 C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\ = "Shockwave Flash Object" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.12\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1\ = "131473" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000} C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ = "IFlashBroker5" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID\ = "ShockwaveFlash.ShockwaveFlash.14" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\ = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9} C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\CLSID C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32 C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory.1\ = "Macromedia Flash Factory Object" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.12\CLSID C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/futuresplash\Extension = ".spl" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0 C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory.1 C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.12 C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mfp\Content Type = "application/x-shockwave-flash" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\ = "Shockwave Flash Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win64\ = "C:\\Windows\\system32\\Macromed\\Flash\\Flash64_14_0_0_176.ocx" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000} C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\0\win32 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66} C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory.1\CLSID C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D62F405A-97CC-641B-93FE-D85298F2F3AF}\InprocServer32 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory\ = "Macromedia Flash Factory Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.11\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ = "Macromedia Flash Factory Object" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib\Version = "1.0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000} C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID\ = "FlashFactory.FlashFactory" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/futuresplash\CLSID = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\ = "FlashBroker" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CurVer C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\ = "C:\\Windows\\system32\\Macromed\\Flash\\Flash64_14_0_0_176.ocx" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10\ = "Shockwave Flash Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32\ = "C:\\Windows\\system32\\Macromed\\Flash\\Flash64_14_0_0_176.ocx" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\ = "IFlashObject" C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\TypeLib C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.11\ = "Shockwave Flash Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1712 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp
PID 1712 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp
PID 1712 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp
PID 1712 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp
PID 1712 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp
PID 1712 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp
PID 1712 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp
PID 2140 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 2140 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 2140 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 2140 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 2140 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 2140 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 2140 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 2948 wrote to memory of 3040 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe
PID 2948 wrote to memory of 3040 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe
PID 2948 wrote to memory of 3040 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe
PID 2948 wrote to memory of 3040 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe
PID 2948 wrote to memory of 1668 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2948 wrote to memory of 1668 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2948 wrote to memory of 1668 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2948 wrote to memory of 1668 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2948 wrote to memory of 1668 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2948 wrote to memory of 1668 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2948 wrote to memory of 1668 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 2140 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 2140 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 2140 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 2140 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1544 wrote to memory of 1796 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1544 wrote to memory of 1796 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1544 wrote to memory of 1796 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1544 wrote to memory of 1796 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1544 wrote to memory of 1796 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 1544 wrote to memory of 1796 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

Processes

C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe

"C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp

"C:\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp" /SL5="$5014E,27643739,119296,C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe" /install

C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe

"C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe" -install -skipARPEntry -iv 1 -au 4294967295

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -install

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe"

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe"

Network

N/A

Files

memory/1712-0-0x0000000000400000-0x0000000000428000-memory.dmp

memory/1712-2-0x0000000000401000-0x0000000000412000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-GETVP.tmp\flash_decompiler.tmp

MD5 c9cf73dd30f17a16fdc1c96aea79c75d
SHA1 73572ec70cc6dbe8096da804c1d1e7fb3cc0baab
SHA256 ba46791872b52dd5b8669c60e3b0ed77b3c9fac4c12c228130bad6db6c3380f9
SHA512 e1fd8a1d65c60dedcfdcb10cf028fab51e96a8dc6442f7af5073a86a1373dd30b6e35f4e6c64d590ca0131de5146500cde00f2b72927fd48e7b835a47fa0e942

memory/2140-8-0x0000000000400000-0x000000000052B000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-TTHUP.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

memory/1712-15-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2140-16-0x0000000000400000-0x000000000052B000-memory.dmp

memory/2140-23-0x0000000000400000-0x000000000052B000-memory.dmp

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe

MD5 f84400792447ebf6adaa615bcf149eb5
SHA1 16231b509d8e689dc34ae36597d41c4fb1b3a67e
SHA256 cb3043490ce4bf1210098746af8be5a19e7a6d5ae153d34636efbe4bf9af3ef8
SHA512 edf5193b6058c949766d545e7fad87db03fd1eaed5e9d75caed4bbda13ec560a67957391930e582c82c9005023db73585e722b6bc31f9fb0d36cb903be8a7efe

\Users\Admin\AppData\Local\Temp\{2E777A8E-D6BE-453C-A1F1-CA00F2662F8B}\fpb.tmp

MD5 e23251f56bd9de8dd18a8d68885dab78
SHA1 84358654fd43202d39c342cc394f3dc88fcabe03
SHA256 91d6e2237a156e502c4f2041ca3ff38d769b2003384cdfaa51f227f3e9b5ab25
SHA512 32f45ee1217aef553b11584212e15b73fbe04a2aece882d1cd2b39b0232160ffd42958d7f0d4c7d6b8efeec41af550ac53d3c39a08f1af36ecd419d40dc521d4

\Users\Admin\AppData\Local\Temp\{637D76F9-D97E-49BE-8E80-F2DC687C8F44}\fpb.tmp

MD5 7805e5fd154a06c713fe9c6e3d4f02c9
SHA1 757b51d549a72a6157bcef7cbed38058c303c61c
SHA256 2d40a95b58ca7db3b11a7b73079e856074c3fd76c4e0f9d7c2741c5ecadd242e
SHA512 36201753349b94d5216bd56f2b2af240544654c4c3def195dfae74efe5b893cae25e6653d831be18c03b98a67f8413c3b607200ee9b4562a5f4d4ccaea7bbde4

C:\Users\Admin\AppData\Local\Temp\{4CA29277-1D70-452D-8A67-429B777C77B4}\InstallFlashPlayer.exe

MD5 734b50e3625e44791d0cb607422c2a85
SHA1 88ba4d5b9e5a01714ae85b82c3c6ec73833ccfbf
SHA256 3fd01a451c76e699b4e87dfd29d8fb84800eebddcd3c2976691193947fab9467
SHA512 8ccc2e973b88b4dbab531a59c1298b7ee49a78e1dac1aad6bb2f4b5489356fb3bc3d53ef779d4b22c97462e4e1af6f03d4d4e38b9a7738ead389920e5c62a77f

\Users\Admin\AppData\Local\Temp\{F10C18BE-B27C-4649-8923-83484684C875}\fpb.tmp

MD5 9d08e472e123b7701e90ca38168a8fb5
SHA1 3811ca63a36ea3128e50ab16edcf126f238b20a7
SHA256 c14c86a7b7b3b72644b9cd212ccc128e0a0a34dd20dc7d0a4d4fc8580dd36ade
SHA512 9341850fe1ba838dd54f4c985679f90dfd804c1149c85dce1a362dd7ebc8b336f448ca02d30bad4d91ba22f43b00e975e1d6551bf3329f27afc7dae571cf5e90

\Users\Admin\AppData\Local\Temp\{0E4E6BE9-507F-44C2-B4C5-E970B9676EF8}\fpb.tmp

MD5 69a24367f48f7984a5b343551a171072
SHA1 082182f7419175e62f28bf18f97210a1e0117fe1
SHA256 6ac3e542dfb2b06fcb7771211e9c392e72bbe690982cb4cbdd810949587b2c42
SHA512 ef8b50ba4fc402b92b4c14e1e259c861c8da26e0e2be61b3275fefb2cd6e66362cb81d8cd989bb41496e6641977da4c7c05031f2055ecffdba9eaa23c6203ed3

\Windows\System32\Macromed\Flash\Flash64_14_0_0_176.ocx

MD5 2d70c6bfe45293ad77679b597d48dc8f
SHA1 4179ce679fdc31ac4a1210f294b6c7b885b0764d
SHA256 88efae613403eb3979eb6eaa148bd50bd9b5f70a1b64f53625cb1c0917ad999a
SHA512 52f26b09485e97f305b5ad5707db5283cb3275ad0f8684b205995591e1e1ac5e6bf6edffa90d940da1938fd61621d815b3b8e6bb2e9debcdc73cebf5ab2a4cad

memory/3040-82-0x00000000718D0000-0x0000000073053000-memory.dmp

\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx

MD5 224abf3a6e87b978da13457246f3089b
SHA1 a3702389e1dba21ecc408c352feee32e2afa6deb
SHA256 89fac246784237bb1af6944883eefba6d9475fd824595bcde57743ddac918511
SHA512 10740e3a6b3343f6db89eda8d186afb54127bd7fcb8b4b0c750fecbb6fc7a05b466c358373ce80b0b135a6988fa431996abeff4ba792efe97c7013f9b40ed5f6

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

MD5 9e5197d65ba34a4db45b8befc3288c23
SHA1 e7a6227ee35d0e7a559bee8431ac9951526f7936
SHA256 ebbe6126b6b73616032f8e1731642e35c6cb6b395ef74bccb781cae076ee8434
SHA512 e3e350b973f18d711dd02c53cf10be6cff82b593c96d54809595ecfad6cbd080734e0f59144ee107115897c753c57010f13ecf175b73b5bbb3e711e924009216

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 180990e3ecf117281e5f270700ce9f07
SHA1 b6c27f55dd4b45f62d21db2030f5d5f1b78c89ba
SHA256 bb476cc25abd354478005d594c25ea61cf1f9b7dee977c9873aae0f128cd47da
SHA512 f2e5a8c3a763338be61b1f647410bcb68aa0be0c9e1e8546cca21153f2defe1b11baa650e129edf1649f47a8c3ebf3ecc9699591555971c92795323fa265d5c6

memory/2140-173-0x00000000033A0000-0x00000000033B0000-memory.dmp

memory/2140-182-0x00000000033A0000-0x00000000033B0000-memory.dmp

memory/2140-179-0x00000000033A0000-0x00000000033B0000-memory.dmp

memory/2140-196-0x0000000000400000-0x000000000052B000-memory.dmp

memory/1796-202-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1544-201-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1796-207-0x00000000032D0000-0x0000000003440000-memory.dmp

memory/1796-203-0x00000000032D0000-0x0000000003440000-memory.dmp

memory/1712-215-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2140-214-0x0000000000400000-0x000000000052B000-memory.dmp

memory/1796-218-0x0000000000400000-0x0000000001568000-memory.dmp

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\AutoUpdate.dll

MD5 b4715ca0f9f08fde8c82ffb89b455460
SHA1 c789d6a8f4b0dae97ebda5b99af7bf1a337882aa
SHA256 00b4e9748dfbdecca3bb3500768bb5e26d7de06ba81050ff0abec35e57517a45
SHA512 961dfd1652b828a7d2e6940908b237adc93559f6f2048026b62bcd46ca38cc0d8d06dacfdaffa381236ddc787a90ce0b5d7f82793474778f494c60b431b6b61f

memory/1796-222-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1796-221-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1796-219-0x0000000000400000-0x0000000001568000-memory.dmp

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avutil-50.dll

MD5 d7cfb561dc0170a3db0c9352b31a06f2
SHA1 84f0ee0f528fd2368951430a7ad63dc441963e45
SHA256 a23151c333250549de42b83c6aff06c0880ed829331c9cafa158d1b39a4c58ff
SHA512 eb541e663ed6ab9ee41ad7ea16997d63b1b586d3b78a7a9d4bc78f651dbdd5b5263f3b39c0dc85736cdd67d150739872a87511bfdd45ac120c9297bfffb3b6df

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avcodec-52.dll

MD5 7ce4c8d8c43dadebee3a83d9e4aa37b9
SHA1 9e8ee1a9be72dc03fce99316253ddb9e8b42f279
SHA256 0fb7a0e27e5b6aca0fb04d6161c43d8ffb9f3e7c0d9c416b308c1a58ef7ac0aa
SHA512 0b21cd8b7c3b92101ec11236d7e3f68ddccf23b317bca1854849d34e67469e349c8a75ecc6b978bc046fcd70270f3125c6eacdd12dea09c042edd536a4c8a123

memory/1796-233-0x0000000004F40000-0x0000000005509000-memory.dmp

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avformat-52.dll

MD5 5903c75593c744acd1c49d290bb24fe1
SHA1 13014411f3d6d16926c96fdd6e89253ed55ba250
SHA256 a974a051e8d26dbe0a672e710f9b3ab71d1407580301fa7d64d35eef96cd7056
SHA512 201e820fc80c8d2f44ac0483b91bb40383cef534a692c85872142b7b39ea29bf85151b13a41d5d97a10767facc8e9f8a49e333daee43a73a7d0f815b6362ee4b

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\lame_enc.dll

MD5 0a9b1ff3db39aeba0ba1ce1eca3bc62b
SHA1 3d21ec0d2ffe3a5b122cc165f34067c45ef5a126
SHA256 ca6af76acd53124c033648369d31268723398d5c3422113fc59e9dc630d17f91
SHA512 a4cd4f513db67c48e8eb1ade323302430a11285e8e3b90b0c4394bc63bd9957373ad0d64bca2458cec8a0c5edfcf57459fc378dcded2e22e9468c1e2d34d8a6d

memory/1796-240-0x00000000032D0000-0x0000000003440000-memory.dmp

memory/1796-243-0x0000000004F40000-0x0000000005509000-memory.dmp

memory/1796-239-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1796-238-0x0000000000400000-0x0000000001568000-memory.dmp

\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\swscale-0.dll

MD5 c9ea8c737889cd4f87b72b06239d4a4f
SHA1 b6dae6ac26725f3e23fd2f184c490a8dd489bc42
SHA256 513381fbbd4950c172699070af6a45c8c3193488e26202e33df4397f45816730
SHA512 bc999121aac043d445a21fe4d18d8122dc46ae9c672c647f773d9d9dfc10a00a2735616706c75363d0ec52a9731434221a695fc5b94e49b850d88112e6601489

memory/1796-246-0x00000000032D0000-0x0000000003440000-memory.dmp

memory/1796-245-0x0000000064940000-0x0000000064A16000-memory.dmp

memory/1544-269-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1796-270-0x0000000000400000-0x0000000001568000-memory.dmp

memory/1796-275-0x000000006D780000-0x000000006D7A6000-memory.dmp

memory/1796-277-0x0000000000400000-0x0000000001568000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-07 20:32

Reported

2024-12-07 20:35

Platform

win10v2004-20241007-en

Max time kernel

143s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_176_ActiveX.exe\DisableExceptionChainValidation = "0" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_176_ActiveX.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_176_ActiveX.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_176_ActiveX.exe C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
N/A N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A

Network Service Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\Macromed\Flash\FlashInstall.log C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\system32\Macromed\Flash\Flash64_14_0_0_176.ocx C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
File opened for modification C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
File opened for modification C:\Windows\SysWOW64\Macromed\Flash\FlashInstall.log C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
File created C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.dll C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.dll C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\activex.vch C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File opened for modification C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\system32\Macromed\Flash\activex.vch C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
File opened for modification C:\Windows\system32\Macromed\Flash\Flash64_14_0_0_176.ocx C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File created C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
File opened for modification C:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\swscale-0.dll C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-KV6NE.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-7UHEG.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-IGNEE.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-3CPOI.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-8ATVV.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-2OB6O.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\AutoUpdate.dll C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tutorials\is-CTFST.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-N9EBL.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-T3LCE.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-CPM2U.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-NTLJ8.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\lame_enc.dll C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-DIIP2.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-HHNPH.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tutorials\is-7I6RE.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-DT45L.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-F2PJC.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\unins000.msg C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-75C4U.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avformat-52.dll C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avcodec-52.dll C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-VR8U1.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-09RCI.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-N54L1.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-A9P75.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-9H0M8.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\is-47BTP.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-FFPJT.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avutil-50.dll C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-1DSSV.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-DH502.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\localizations\is-O96CS.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File opened for modification C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
File created C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\is-RVR8D.tmp C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/futuresplash C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags = "0" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000} C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\Policy = "3" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags = "65536" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\NAVIGATORPLUGINSLIST\SHOCKWAVE FLASH C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/x-shockwave-flash C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000} C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppPath = "C:\\Windows\\system32\\Macromed\\Flash" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\NAVIGATORPLUGINSLIST\SHOCKWAVE FLASH C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000} C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/futuresplash C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppName = "FlashUtil64_14_0_0_176_ActiveX.exe" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}\Compatibility Flags = "65536" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\NavigatorPluginsList\Shockwave Flash\application/x-shockwave-flash C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags = "0" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppPath = "C:\\Windows\\SysWOW64\\Macromed\\Flash" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}\AppName = "FlashUtil32_14_0_0_176_ActiveX.exe" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\ = "Shockwave Flash Object" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\TypeLib\ = "{D27CDB6B-AE6D-11CF-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\ = "IFlashObject" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID\ = "FlashFactory.FlashFactory.1" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.spl\ = "ShockwaveFlash.ShockwaveFlash" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/futuresplash\Extension = ".spl" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory\CurVer C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7 C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\CLSID C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID\ = "FlashFactory.FlashFactory.1" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\0 C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\TypeLib\ = "{57A0E746-3863-4D20-A811-950C84F1DB9B}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\TypeLib\Version = "1.1" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib\ = "{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\ = "Macromedia Flash Paper" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D62F405A-97CC-641B-93FE-D85298F2F3AF}\InProcServer32\ = "%SystemRoot%\\SysWow64\\windowscodecs.dll" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib\ = "{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.14 C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.13\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.swf\ = "ShockwaveFlash.ShockwaveFlash" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\ = "FlashBroker" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.spl\Content Type = "application/futuresplash" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\ = "C:\\Windows\\SysWow64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib\ = "{D27CDB6B-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.13\CLSID C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.14\CLSID C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32 C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/futuresplash\Extension = ".spl" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D62F405A-97CC-641B-93FE-D85298F2F3AF}\InProcServer32 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D} C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.1\0\win32 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32\ = "C:\\Windows\\system32\\Macromed\\Flash\\Flash64_14_0_0_176.ocx, 1" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ = "_IShockwaveFlashEvents" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\ = "Shockwave Flash Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\Shell\Open with Flash Decompiler\command C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9 C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory.1\ = "Macromedia Flash Factory Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5 C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000} C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib\ = "{D27CDB6B-AE6D-11CF-96B8-444553540000}" C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.1\0 C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory\ = "Macromedia Flash Factory Object" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID\ = "ShockwaveFlash.ShockwaveFlash" C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3644 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp
PID 3644 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp
PID 3644 wrote to memory of 3648 N/A C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp
PID 3648 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 3648 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 3648 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe
PID 1788 wrote to memory of 2108 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe
PID 1788 wrote to memory of 2108 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe
PID 1788 wrote to memory of 4404 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 1788 wrote to memory of 4404 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 1788 wrote to memory of 4404 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PID 3648 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 3648 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 3648 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 3160 wrote to memory of 4188 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 3160 wrote to memory of 4188 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 3160 wrote to memory of 4188 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 3160 wrote to memory of 4188 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe
PID 3160 wrote to memory of 4188 N/A C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

Processes

C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe

"C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp

"C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp" /SL5="$C006C,27643739,119296,C:\Users\Admin\AppData\Local\Temp\flash_decompiler.exe"

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe" /install

C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe

"C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe" -install -skipARPEntry -iv 1 -au 4294967295

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -install

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe"

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

"C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/3644-0-0x0000000000400000-0x0000000000428000-memory.dmp

memory/3644-2-0x0000000000401000-0x0000000000412000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-R21SM.tmp\flash_decompiler.tmp

MD5 c9cf73dd30f17a16fdc1c96aea79c75d
SHA1 73572ec70cc6dbe8096da804c1d1e7fb3cc0baab
SHA256 ba46791872b52dd5b8669c60e3b0ed77b3c9fac4c12c228130bad6db6c3380f9
SHA512 e1fd8a1d65c60dedcfdcb10cf028fab51e96a8dc6442f7af5073a86a1373dd30b6e35f4e6c64d590ca0131de5146500cde00f2b72927fd48e7b835a47fa0e942

memory/3648-7-0x0000000000400000-0x000000000052B000-memory.dmp

memory/3644-12-0x0000000000400000-0x0000000000428000-memory.dmp

memory/3648-13-0x0000000000400000-0x000000000052B000-memory.dmp

memory/3648-19-0x0000000000400000-0x000000000052B000-memory.dmp

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\tools\install_flash_player_14_active_x.exe

MD5 f84400792447ebf6adaa615bcf149eb5
SHA1 16231b509d8e689dc34ae36597d41c4fb1b3a67e
SHA256 cb3043490ce4bf1210098746af8be5a19e7a6d5ae153d34636efbe4bf9af3ef8
SHA512 edf5193b6058c949766d545e7fad87db03fd1eaed5e9d75caed4bbda13ec560a67957391930e582c82c9005023db73585e722b6bc31f9fb0d36cb903be8a7efe

C:\Users\Admin\AppData\Local\Temp\{93FCFA57-F480-412E-A435-5455739B407E}\fpb.tmp

MD5 7805e5fd154a06c713fe9c6e3d4f02c9
SHA1 757b51d549a72a6157bcef7cbed38058c303c61c
SHA256 2d40a95b58ca7db3b11a7b73079e856074c3fd76c4e0f9d7c2741c5ecadd242e
SHA512 36201753349b94d5216bd56f2b2af240544654c4c3def195dfae74efe5b893cae25e6653d831be18c03b98a67f8413c3b607200ee9b4562a5f4d4ccaea7bbde4

C:\Users\Admin\AppData\Local\Temp\{FAE51B55-9669-4FA6-B9CD-BCB746DBA432}\fpb.tmp

MD5 e23251f56bd9de8dd18a8d68885dab78
SHA1 84358654fd43202d39c342cc394f3dc88fcabe03
SHA256 91d6e2237a156e502c4f2041ca3ff38d769b2003384cdfaa51f227f3e9b5ab25
SHA512 32f45ee1217aef553b11584212e15b73fbe04a2aece882d1cd2b39b0232160ffd42958d7f0d4c7d6b8efeec41af550ac53d3c39a08f1af36ecd419d40dc521d4

C:\Users\Admin\AppData\Local\Temp\{6B1CEEE4-211D-4C28-B43C-62FED5E4094E}\InstallFlashPlayer.exe

MD5 734b50e3625e44791d0cb607422c2a85
SHA1 88ba4d5b9e5a01714ae85b82c3c6ec73833ccfbf
SHA256 3fd01a451c76e699b4e87dfd29d8fb84800eebddcd3c2976691193947fab9467
SHA512 8ccc2e973b88b4dbab531a59c1298b7ee49a78e1dac1aad6bb2f4b5489356fb3bc3d53ef779d4b22c97462e4e1af6f03d4d4e38b9a7738ead389920e5c62a77f

C:\Users\Admin\AppData\Local\Temp\{EEEF41B0-B423-4311-8EDB-49C0FD893E5D}\fpb.tmp

MD5 9d08e472e123b7701e90ca38168a8fb5
SHA1 3811ca63a36ea3128e50ab16edcf126f238b20a7
SHA256 c14c86a7b7b3b72644b9cd212ccc128e0a0a34dd20dc7d0a4d4fc8580dd36ade
SHA512 9341850fe1ba838dd54f4c985679f90dfd804c1149c85dce1a362dd7ebc8b336f448ca02d30bad4d91ba22f43b00e975e1d6551bf3329f27afc7dae571cf5e90

C:\Users\Admin\AppData\Local\Temp\{5071411A-F658-4094-B289-FC2737F47948}\fpb.tmp

MD5 69a24367f48f7984a5b343551a171072
SHA1 082182f7419175e62f28bf18f97210a1e0117fe1
SHA256 6ac3e542dfb2b06fcb7771211e9c392e72bbe690982cb4cbdd810949587b2c42
SHA512 ef8b50ba4fc402b92b4c14e1e259c861c8da26e0e2be61b3275fefb2cd6e66362cb81d8cd989bb41496e6641977da4c7c05031f2055ecffdba9eaa23c6203ed3

C:\Windows\System32\Macromed\Flash\Flash64_14_0_0_176.ocx

MD5 2d70c6bfe45293ad77679b597d48dc8f
SHA1 4179ce679fdc31ac4a1210f294b6c7b885b0764d
SHA256 88efae613403eb3979eb6eaa148bd50bd9b5f70a1b64f53625cb1c0917ad999a
SHA512 52f26b09485e97f305b5ad5707db5283cb3275ad0f8684b205995591e1e1ac5e6bf6edffa90d940da1938fd61621d815b3b8e6bb2e9debcdc73cebf5ab2a4cad

memory/2108-92-0x00000000760B0000-0x0000000077833000-memory.dmp

C:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_176.ocx

MD5 224abf3a6e87b978da13457246f3089b
SHA1 a3702389e1dba21ecc408c352feee32e2afa6deb
SHA256 89fac246784237bb1af6944883eefba6d9475fd824595bcde57743ddac918511
SHA512 10740e3a6b3343f6db89eda8d186afb54127bd7fcb8b4b0c750fecbb6fc7a05b466c358373ce80b0b135a6988fa431996abeff4ba792efe97c7013f9b40ed5f6

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

MD5 9e5197d65ba34a4db45b8befc3288c23
SHA1 e7a6227ee35d0e7a559bee8431ac9951526f7936
SHA256 ebbe6126b6b73616032f8e1731642e35c6cb6b395ef74bccb781cae076ee8434
SHA512 e3e350b973f18d711dd02c53cf10be6cff82b593c96d54809595ecfad6cbd080734e0f59144ee107115897c753c57010f13ecf175b73b5bbb3e711e924009216

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\FlashDecompiler.exe

MD5 180990e3ecf117281e5f270700ce9f07
SHA1 b6c27f55dd4b45f62d21db2030f5d5f1b78c89ba
SHA256 bb476cc25abd354478005d594c25ea61cf1f9b7dee977c9873aae0f128cd47da
SHA512 f2e5a8c3a763338be61b1f647410bcb68aa0be0c9e1e8546cca21153f2defe1b11baa650e129edf1649f47a8c3ebf3ecc9699591555971c92795323fa265d5c6

memory/3648-201-0x0000000000400000-0x000000000052B000-memory.dmp

memory/3160-205-0x0000000000400000-0x0000000001568000-memory.dmp

memory/4188-206-0x00000000037A0000-0x0000000003910000-memory.dmp

memory/4188-210-0x00000000037A0000-0x0000000003910000-memory.dmp

memory/4188-211-0x0000000000400000-0x0000000001568000-memory.dmp

memory/3648-215-0x0000000000400000-0x000000000052B000-memory.dmp

memory/3644-216-0x0000000000400000-0x0000000000428000-memory.dmp

memory/4188-221-0x0000000000400000-0x0000000001568000-memory.dmp

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\AutoUpdate.dll

MD5 b4715ca0f9f08fde8c82ffb89b455460
SHA1 c789d6a8f4b0dae97ebda5b99af7bf1a337882aa
SHA256 00b4e9748dfbdecca3bb3500768bb5e26d7de06ba81050ff0abec35e57517a45
SHA512 961dfd1652b828a7d2e6940908b237adc93559f6f2048026b62bcd46ca38cc0d8d06dacfdaffa381236ddc787a90ce0b5d7f82793474778f494c60b431b6b61f

memory/4188-224-0x0000000000400000-0x0000000001568000-memory.dmp

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\lame_enc.dll

MD5 0a9b1ff3db39aeba0ba1ce1eca3bc62b
SHA1 3d21ec0d2ffe3a5b122cc165f34067c45ef5a126
SHA256 ca6af76acd53124c033648369d31268723398d5c3422113fc59e9dc630d17f91
SHA512 a4cd4f513db67c48e8eb1ade323302430a11285e8e3b90b0c4394bc63bd9957373ad0d64bca2458cec8a0c5edfcf57459fc378dcded2e22e9468c1e2d34d8a6d

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avcodec-52.dll

MD5 7ce4c8d8c43dadebee3a83d9e4aa37b9
SHA1 9e8ee1a9be72dc03fce99316253ddb9e8b42f279
SHA256 0fb7a0e27e5b6aca0fb04d6161c43d8ffb9f3e7c0d9c416b308c1a58ef7ac0aa
SHA512 0b21cd8b7c3b92101ec11236d7e3f68ddccf23b317bca1854849d34e67469e349c8a75ecc6b978bc046fcd70270f3125c6eacdd12dea09c042edd536a4c8a123

memory/4188-239-0x0000000004A60000-0x0000000005029000-memory.dmp

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\swscale-0.dll

MD5 c9ea8c737889cd4f87b72b06239d4a4f
SHA1 b6dae6ac26725f3e23fd2f184c490a8dd489bc42
SHA256 513381fbbd4950c172699070af6a45c8c3193488e26202e33df4397f45816730
SHA512 bc999121aac043d445a21fe4d18d8122dc46ae9c672c647f773d9d9dfc10a00a2735616706c75363d0ec52a9731434221a695fc5b94e49b850d88112e6601489

memory/4188-241-0x0000000064940000-0x0000000064A16000-memory.dmp

memory/4188-245-0x0000000000400000-0x0000000001568000-memory.dmp

memory/4188-246-0x00000000037A0000-0x0000000003910000-memory.dmp

memory/4188-244-0x0000000000400000-0x0000000001568000-memory.dmp

memory/4188-240-0x0000000004A60000-0x0000000005029000-memory.dmp

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avformat-52.dll

MD5 5903c75593c744acd1c49d290bb24fe1
SHA1 13014411f3d6d16926c96fdd6e89253ed55ba250
SHA256 a974a051e8d26dbe0a672e710f9b3ab71d1407580301fa7d64d35eef96cd7056
SHA512 201e820fc80c8d2f44ac0483b91bb40383cef534a692c85872142b7b39ea29bf85151b13a41d5d97a10767facc8e9f8a49e333daee43a73a7d0f815b6362ee4b

memory/4188-236-0x0000000004A60000-0x0000000005029000-memory.dmp

C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\avutil-50.dll

MD5 d7cfb561dc0170a3db0c9352b31a06f2
SHA1 84f0ee0f528fd2368951430a7ad63dc441963e45
SHA256 a23151c333250549de42b83c6aff06c0880ed829331c9cafa158d1b39a4c58ff
SHA512 eb541e663ed6ab9ee41ad7ea16997d63b1b586d3b78a7a9d4bc78f651dbdd5b5263f3b39c0dc85736cdd67d150739872a87511bfdd45ac120c9297bfffb3b6df

memory/4188-223-0x0000000000400000-0x0000000001568000-memory.dmp

memory/4188-220-0x0000000000400000-0x0000000001568000-memory.dmp

memory/4188-249-0x00000000037A0000-0x0000000003910000-memory.dmp

memory/3160-265-0x0000000000400000-0x0000000001568000-memory.dmp

memory/4188-266-0x0000000000400000-0x0000000001568000-memory.dmp

memory/4188-271-0x000000006D780000-0x000000006D7A6000-memory.dmp

memory/2108-306-0x00000000760B0000-0x0000000077833000-memory.dmp