Malware Analysis Report

2024-12-08 02:30

Sample ID 230803-r1y5rseg51
Target Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe
SHA256 eabc658deece003f4e76ef76fd0932a0a2d91e63725bb11daf07dc7052689b76
Tags
r77
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

eabc658deece003f4e76ef76fd0932a0a2d91e63725bb11daf07dc7052689b76

Threat Level: Known bad

The file Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe was found to be: Known bad.

Malicious Activity Summary

r77

R77 family

r77 rootkit payload

Downloads MZ/PE file

Executes dropped EXE

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-03 14:40

Signatures

R77 family

r77

r77 rootkit payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-03 14:40

Reported

2023-08-03 14:45

Platform

win10v2004-20230703-es

Max time kernel

272s

Max time network

277s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe"

Signatures

Downloads MZ/PE file

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Sin confirmar 85798.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3400 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3400 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 3452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe

"C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/tag/resident-evil-4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe275846f8,0x7ffe27584708,0x7ffe27584718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5784 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3a8 0x418

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=6400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8

C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe

"C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 452 -p 384 -ip 384

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 384 -s 2636

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe

"C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 544 -p 4920 -ip 4920

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4920 -s 2400

C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe

"C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 492 -p 3932 -ip 3932

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3932 -s 2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 /prefetch:2

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap9581:182:7zEvent14830

C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe

"C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/tag/resident-evil-4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe275846f8,0x7ffe27584708,0x7ffe27584718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 flingtrainer.com udp
US 104.26.1.11:443 flingtrainer.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
NL 23.222.33.142:80 x2.c.lencr.org tcp
US 8.8.8.8:53 11.1.26.104.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 142.33.222.23.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 161.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 flingtrainer.com udp
US 104.26.1.11:443 flingtrainer.com tcp
US 8.8.8.8:53 8.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 api.wemod.com udp
US 104.22.42.75:443 api.wemod.com tcp
US 8.8.8.8:53 75.42.22.104.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 gravatar.com udp
US 192.0.80.239:443 gravatar.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 239.80.0.192.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 160.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
GB 142.250.187.195:443 csi.gstatic.com tcp
US 8.8.8.8:53 rr4---sn-4g5ednsd.googlevideo.com udp
DE 173.194.188.201:443 rr4---sn-4g5ednsd.googlevideo.com tcp
GB 142.250.187.195:443 csi.gstatic.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 201.188.194.173.in-addr.arpa udp
US 8.8.8.8:53 api.wemod.com udp
US 104.22.42.75:443 api.wemod.com tcp
US 104.22.42.75:443 api.wemod.com tcp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp
US 104.22.42.75:443 api.wemod.com tcp
US 104.22.42.75:443 api.wemod.com tcp
US 104.22.42.75:443 api.wemod.com tcp
US 104.22.42.75:443 api.wemod.com tcp
US 104.26.1.11:443 flingtrainer.com tcp
NL 142.251.36.2:443 partner.googleadservices.com udp
GB 142.250.187.195:443 csi.gstatic.com udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp

Files

memory/3400-135-0x0000014B3FCE0000-0x0000014B3FD14000-memory.dmp

memory/3400-138-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

memory/3400-139-0x0000014B403D0000-0x0000014B403E0000-memory.dmp

memory/3400-140-0x0000014B403D0000-0x0000014B403E0000-memory.dmp

memory/3400-141-0x0000014B403D0000-0x0000014B403E0000-memory.dmp

memory/3400-142-0x0000014B403D0000-0x0000014B403E0000-memory.dmp

memory/3400-143-0x0000014B5E030000-0x0000014B5E050000-memory.dmp

memory/3400-144-0x0000014B5E020000-0x0000014B5E028000-memory.dmp

memory/3400-145-0x0000014B403D0000-0x0000014B403E0000-memory.dmp

memory/3400-146-0x0000014B5E0C0000-0x0000014B5E0F8000-memory.dmp

memory/3400-147-0x0000014B5E090000-0x0000014B5E09E000-memory.dmp

memory/3400-148-0x0000014B5F060000-0x0000014B5F162000-memory.dmp

memory/3400-152-0x0000014B5EFA0000-0x0000014B5EFE6000-memory.dmp

memory/3400-162-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

memory/3400-163-0x0000014B403D0000-0x0000014B403E0000-memory.dmp

memory/3400-164-0x0000014B403D0000-0x0000014B403E0000-memory.dmp

memory/3400-165-0x0000014B403D0000-0x0000014B403E0000-memory.dmp

memory/3400-166-0x0000014B403D0000-0x0000014B403E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f6f47b83c67fe32ee32811d6611d269c
SHA1 b32353d1d0ed26e0dd5b5f1f402ffd41a105d025
SHA256 ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc
SHA512 6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

\??\pipe\LOCAL\crashpad_4628_AFKIDPOYAVKZJZKU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8f8f6647fac9efbbc6c6ee8fec1f796
SHA1 09975d4f9ae44cc086cb321cf3b2f9b5ec9e4d02
SHA256 393ab3dd1d8f666d2e5aad59c0f873f4cb633fd1230ed797ea2daa2fc2efcef4
SHA512 3d3d4d0705dfd548c1f16ace550c7326ca495ee26a14bc58d4bba7b64e504d4e14b0b6363659418baf5d4a3e9a934b270476869708e48634c9a09a41a335feb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 60fe01df86be2e5331b0cdbe86165686
SHA1 2a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256 c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512 ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

MD5 dec6bbe308eb44937f77160a25ee32db
SHA1 8f08a4b641b564b67205e00106ca6bd9ca46fc6e
SHA256 68a71de28f488586c2b169f4652347e0a1fd632d48a6d6725393607bfa18bc7e
SHA512 6c2d684af52588cfd34a682337749b829c2336b34d6add7e8bd6e0c641862c26889617b4d6e9f298fd177b89527deb696c493a205ea8490bb8aee60090a68475

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

MD5 7acd7edc16d9afd639f4e264f343912c
SHA1 bfc72f463715132ece8f47361c516504e84b58ba
SHA256 d9b6af93c3f75d5bb003a1c024b849bd4b780c17912d35f1578c6d3ec5d56b2f
SHA512 e31009e11c9a3b7ccae3227d43b9299300c0aab64456d2391703cda3d05fcca8dfae5311617acd957ecf8c0b4618226bbd2dba922649a346376e4d5680eed8fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 5aba5b4e1d3a118908d847e7657a4664
SHA1 aa6c01d95569fc0223fa84e238ce38fbbca7d80e
SHA256 70d73672c03b91d8257603278eac4658fb0cb791e425d8258e77bebba8d741dd
SHA512 aebbee2e6a3902cb9d47bdf5aff39e119fadf878c6a75ed867280159e285270a78e9a52b15204158b1bafaa6169bfea1e893cd3cc480e2aa8a5dd01c5d8986f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 27d16b41e51cbfb65e80f6c6be14d7f2
SHA1 219ea75ee1e2fc78396779f3f04d188253f53be0
SHA256 d56fde9da42c8415ec1065f7dbebdf44216d601c0568c48ad1633163b7b75139
SHA512 d1107a3d3dfc23e80ab84cba39b304aeea3f19a945b3a79fce41425efba72bd98051acf4c3341ea655155e56ab03c625f99bb1e50fc7fb1b63739a7731ced595

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aec0dd5b2f758839db530854bde53cf9
SHA1 53147e19206b41ceaecd537b2ac16b75fb3013f2
SHA256 01da4a7cd2644564625cc552031e21f63ae666b1a8efd951815c733f4a08067d
SHA512 462cc5abaa4553b4b96985cc317c07765db171ef239391affb55807656c6c980b62378891a6178f4e9bc635bf64e13d50918fe717940bb3c06a7ef52d06bd11e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 683a6b5a1cd5ecfeda48255a5851a33e
SHA1 1b3dce2fdc852b0ad92c43d4fc57d24a4d36dcb9
SHA256 c11bcdc7b625da7de7a95ee0fcfea0818ce1330c5765f5680d32083e9498bc1c
SHA512 9daf9bc4d2c421f73545fae7792b0f7407f457c8a708dd91057c0fa973f780d317f0733aa0e62db38bb81c270422ad6cd38b24e18cf5cc2e00f4062ddaf6a3ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5544c64f2a8f49dabc19eb84267b1c9b
SHA1 c5b78d63a8bab1c7b985f7ea2f268d0d7809071e
SHA256 a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f
SHA512 38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 c15d33a9508923be839d315a999ab9c7
SHA1 d17f6e786a1464e13d4ec8e842f4eb121b103842
SHA256 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
SHA512 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

C:\Users\Admin\Downloads\0ef0b966-3668-4789-8cd9-63f75d917c04.tmp

MD5 2d82b826eec6d56317e9ea66fc5b1845
SHA1 101ea434c27f31c3794b860a533635f6eeaf1f2a
SHA256 59aa7ec252c7ed280b468ab516a970b1a4efb0736bf96ae5b7da8137a6c167f0
SHA512 86ace1d528c66e8e7f02afe24a6a201c8acbf3618b2269c4641ebae28c505d90effae139b2c601c13a3af21674952213068215145b20ae9725e9d336c396faba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b668604315328494cb2d701424e635d3
SHA1 c14f5dfe6ccccbd95a0db63bc953eb743821bd1c
SHA256 36e374c285829efaad422c556a22f42d0369e5a06d42b23401ee16fca0bfa83f
SHA512 fe9afb4f5f0e647a50658baa66b164f9c7a5244d269cd990173ffe451177a7651bc5c7f41a03a3f3f19c83e4d6539eccccf83441d938cb9f786d3f4a176a5111

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 700517ae9d1334f3b938007f062b5004
SHA1 a8cda021ad6f9b57b24a0fa1f41a35913691e1f3
SHA256 c9d948a86cc9f84dcfe945a160e941cc3cb2eb6ea2cd4e8498541385cd4e44ef
SHA512 35ed238a56c4ef36cb4e880bdcae0345f96d867809985557688f7dca7ed7bff1f80fcd187cc7405d76c77198a348e71740a5d9fd2117264cdd94746691ce1148

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dace23519a06810b241df3d58d4f67b7
SHA1 df38fa044d132fa0a042ccf38a39417b51020526
SHA256 dd8908faa10142f2ce9974fc11ce9e387a1d91c25277bd9f6a5ba248dbcecfe5
SHA512 d69ff5381e6be681a9fbff0c3a18d839dbc20252605869dd717d521da7d55f2a0ed33def066a32f25e60a4c5abb0891f03eacc3a9dbdcfcfc89a1de7a33d0cc2

C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe

MD5 2d82b826eec6d56317e9ea66fc5b1845
SHA1 101ea434c27f31c3794b860a533635f6eeaf1f2a
SHA256 59aa7ec252c7ed280b468ab516a970b1a4efb0736bf96ae5b7da8137a6c167f0
SHA512 86ace1d528c66e8e7f02afe24a6a201c8acbf3618b2269c4641ebae28c505d90effae139b2c601c13a3af21674952213068215145b20ae9725e9d336c396faba

C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe

MD5 2d82b826eec6d56317e9ea66fc5b1845
SHA1 101ea434c27f31c3794b860a533635f6eeaf1f2a
SHA256 59aa7ec252c7ed280b468ab516a970b1a4efb0736bf96ae5b7da8137a6c167f0
SHA512 86ace1d528c66e8e7f02afe24a6a201c8acbf3618b2269c4641ebae28c505d90effae139b2c601c13a3af21674952213068215145b20ae9725e9d336c396faba

memory/384-606-0x000001CEA5350000-0x000001CEA5376000-memory.dmp

memory/384-607-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

memory/384-608-0x000001CEA6F90000-0x000001CEA6FA0000-memory.dmp

memory/384-610-0x000001CEA6F90000-0x000001CEA6FA0000-memory.dmp

memory/384-611-0x000001CEA6F90000-0x000001CEA6FA0000-memory.dmp

memory/384-612-0x000001CEA6F90000-0x000001CEA6FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c2c30bc273818e277a4e6ea6a088de65
SHA1 c93e9dc8d4b776fb99dc52ae4dcfe0c6c4135d09
SHA256 7cdef17e445725afd20cb01db30990e1be21a69570130fe1692a2b06a222c9f3
SHA512 4d4f01964a17c9c50bf8cde7dc63460fb940f5e57c4f82b0ff38d61b9aab4bbe5cb971303952ac12a78de22239cf667f5a3fb6608cc35f77a3ebd3ebf11ff7e0

memory/384-631-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2ff7c906eab4bae666daa962aef48fc4
SHA1 9e0b65484458f4458e569a09e50d22aa263e8aca
SHA256 d07d4597f11d71e1c3bfee6f60ec8d3faa26b6e72ac5bea1f047cc98ca7c07af
SHA512 fc98146c180804c9e6dc7fa69ad7e45668e45b50e86024ca95185f99f3379ceac81ef29d196761ea52d748828b0f84081868b906fcf96413ab688d992e03276f

C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe

MD5 2d82b826eec6d56317e9ea66fc5b1845
SHA1 101ea434c27f31c3794b860a533635f6eeaf1f2a
SHA256 59aa7ec252c7ed280b468ab516a970b1a4efb0736bf96ae5b7da8137a6c167f0
SHA512 86ace1d528c66e8e7f02afe24a6a201c8acbf3618b2269c4641ebae28c505d90effae139b2c601c13a3af21674952213068215145b20ae9725e9d336c396faba

memory/4920-656-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

memory/4920-657-0x0000010EAAA80000-0x0000010EAAA90000-memory.dmp

memory/4920-658-0x0000010EAAA80000-0x0000010EAAA90000-memory.dmp

memory/4920-668-0x0000010EAAA80000-0x0000010EAAA90000-memory.dmp

memory/4920-669-0x0000010EAAA80000-0x0000010EAAA90000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E3D8ZC6J\setup[1].htm

MD5 65622f3f1b170f5306d29661e2d84221
SHA1 b4566fb2d4a74ebe62b656d6d6fa2804fe486096
SHA256 8482b72c8b64f506fd6150edad6d8297042553a883409f5c812d45bb182cc3a6
SHA512 91f0a6979de09ab3307319c8b93c664ada9b8e0ec97bc17b04ee3cc76405a4dd78e8d49faf4e3241134ea0a9bd550e7415bd834672be0fc432316aab33c90b6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 c9e69d4200ad0d558e09229e48142166
SHA1 8156e3e93e7379bd8d37e6c1bdebb8c01c83cc3c
SHA256 7e7f674891a26a25f3f67860f61a57696006da63ceb4b563949d4d92347ce812
SHA512 2bf6be2d5950e551b4d46cac75c4497cb0fb0c0835d00b80eb0de15e1908239ed96f9f76542de0892b6fc11fba36d1363f4c2c9fc0484bbad9acf7065fcc6262

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 e239fec67cdb45aefc494c942d8e40e2
SHA1 62a0288a4538f987e20ec0f3668fb8d6a70f70dc
SHA256 952ea13cdabbba3e59e3c6a58fac4d113c650e6e4fc773cbe540ec40d0a6e2da
SHA512 fe798158e73871f9b14f892becd872b8b8af6e6c1af62ebda9177e36ff926d61c2acad9d829368cbbf49acefcc21a9b76baf122a9ccf66b66706839d0fef5b1f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\34SFYBWV\Inter-Thin-0f080c40c6[1].woff

MD5 0f080c40c639962e1cad093aa58192dc
SHA1 100cad47b4b0ec58de2b2c27e21b19d8ad74cb85
SHA256 e9da5a64a6a8eb87a2c6d475327f072b5ca25731df07119f576c10c50aa9554d
SHA512 95ecae3dd09ec76fc0a90f6888592315b42d7a2775c4c6c56bc8df8b901f990c01111612908f4807225e61c68bdb1a1be90ea0db5cef7f2a822569e084a0330b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PQKW7621\Inter-Light-0f0118feb7[1].woff

MD5 0f0118feb71664927ea7fb8015778795
SHA1 b6e20d630466c928cef017ee265cd373f53a3382
SHA256 cb671d0dbc9a61ec80bfc91d5879e8635a09b7f309f5ee57810d4c6b7a26ee0c
SHA512 7f02a5b07d0315bc6975d222b53b61aa9e0b50c3d1e8bb7cabe089aa4da3c8be5ac475875e33c2ae07668f526ed13e28e0ae9ef4384aad36c3fac47b81905143

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1Y0EG8YX\Inter-ExtraLight-7d759358c1[1].woff

MD5 7d759358c1372fa6acae4cb22f93defa
SHA1 de4313dfa90b143522a234dc2fb0374f82b5b836
SHA256 07f5b5f734793f48613d8da246f4db2b564bfa7149f62526326be9cb8bb94841
SHA512 c8d3a8283caeb94abee32ff3bf07825c11751ec21381e40ac16ab281dc3608b3f6650cf5b6fc1f0329b9e1186efa4c90404d2efb7c43f03cff2625a05243a737

memory/4920-678-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe

MD5 2d82b826eec6d56317e9ea66fc5b1845
SHA1 101ea434c27f31c3794b860a533635f6eeaf1f2a
SHA256 59aa7ec252c7ed280b468ab516a970b1a4efb0736bf96ae5b7da8137a6c167f0
SHA512 86ace1d528c66e8e7f02afe24a6a201c8acbf3618b2269c4641ebae28c505d90effae139b2c601c13a3af21674952213068215145b20ae9725e9d336c396faba

memory/3932-680-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

memory/3932-681-0x0000028D2BD80000-0x0000028D2BD90000-memory.dmp

memory/3932-682-0x0000028D2BD80000-0x0000028D2BD90000-memory.dmp

memory/3932-683-0x0000028D2BD80000-0x0000028D2BD90000-memory.dmp

memory/3932-684-0x0000028D2BD80000-0x0000028D2BD90000-memory.dmp

memory/3932-685-0x0000028D2BD80000-0x0000028D2BD90000-memory.dmp

memory/3932-688-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG.zip

MD5 a990778a507e2aeee90fbcbca6a15177
SHA1 09a6b707cd93a808620d96b347775d68ce5075a9
SHA256 6a47af2e953d82c3f8cb8b84a0c48405f661c9725fde003fcacf9ac93adde517
SHA512 865046f6c35079f81be91efe9c7baa6e170b239287480c1ae3fe1e8f3eb036e1a43370c481b9317c26d578f8e5d98dc7979a9540e31bbe7c780ebc83cae1a9d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 50fc12a0a9e3cb193cc00b3acc1f1d78
SHA1 249f74400ac71d780da7d233ede4e9da6068d786
SHA256 62043ae620c387625af0fec7fed3bd0f01d3d25574e982bbe6fb33ddac1b7699
SHA512 2d92c2cf79fbe55d81687c41fd68dbade45bac1d0a41e89551eb2116b8d1e6a01d5252bb1b4246b8c4a07e1686afa9bc95302f2c7754021302f8148053058fb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 31950fa90a587311c6e37be455b91ab5
SHA1 acfc1b3eb6893e267fc630dc12b81fa6ec653e25
SHA256 8f86d4ceb3ac7986992bf3a40d34d53a332cea110602dc02be9c8eb46243f170
SHA512 d51f7133f57341ad936b6acdf531cf4bbd4aebedcb87ec070675619c4b402cc9b27a095e782826842cc90db633c2dfbff1bd447089bf52f829354d02e8734c53

C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG.zip

MD5 a990778a507e2aeee90fbcbca6a15177
SHA1 09a6b707cd93a808620d96b347775d68ce5075a9
SHA256 6a47af2e953d82c3f8cb8b84a0c48405f661c9725fde003fcacf9ac93adde517
SHA512 865046f6c35079f81be91efe9c7baa6e170b239287480c1ae3fe1e8f3eb036e1a43370c481b9317c26d578f8e5d98dc7979a9540e31bbe7c780ebc83cae1a9d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6fda405b6ccf1d237be7fa0973dc0bbf
SHA1 a2392ca7ffdf2cd4f0acda9e0565984a44b77d2c
SHA256 23a7c1c8b551ca7d6ee96dc38dc12e81f110798299a0966bedcedbbd87db8454
SHA512 d93b5aeb2b8b2913ef24ee82298ffbfe5ba000d8061ee71c210c593aaa23c007676e088af4c06e574fd902bc4a627e4cff53b8abe7ae36b3224fff0aed924ace

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 145bc3e6b0cc4e4df931d46fee5a2498
SHA1 4c1002229dd2422e42b6ebe5d52e4516ffe11a68
SHA256 54983e5640dfd28c87a1d00643aada436f197596851d3da09ba44a645791cc86
SHA512 e9311bab91e719106e68ea18ee7314fd818cc5e27b326831ebb314af8f406dc421475a42f6ced5c3f7657e99b1dc89d62a49fc810e7d07a1f61d09c8b3ff4a94

memory/3400-768-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FLiNGTrainer.tmp

MD5 c88587a6ac55f6f358e5058121a0dc11
SHA1 557ac4a959d147779ce5085671818ce78a43d602
SHA256 c669f0121cb9c9cdadef5637402b993716b229e8cafb2d8eb2d5d4353f182226
SHA512 83f81f1ba248914a71b5b30c997eda4296e5d4d369089698858dfad25b1c86718c69ecb2582706aebe36be1db942190659e1cec4cbfc53ead960934cc44487f0

C:\Users\Admin\AppData\Local\Temp\FLiNGTrainer.tmp

MD5 c88587a6ac55f6f358e5058121a0dc11
SHA1 557ac4a959d147779ce5085671818ce78a43d602
SHA256 c669f0121cb9c9cdadef5637402b993716b229e8cafb2d8eb2d5d4353f182226
SHA512 83f81f1ba248914a71b5b30c997eda4296e5d4d369089698858dfad25b1c86718c69ecb2582706aebe36be1db942190659e1cec4cbfc53ead960934cc44487f0

memory/4432-772-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

memory/4432-785-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp

memory/4432-775-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp

memory/4432-786-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp

memory/4432-787-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp

C:\Users\Admin\AppData\Local\FLiNGTrainer\TrainerSettings.ini

MD5 a733986b23235e9df2ed8652044f4718
SHA1 a6b37ab6584096eee4e0bb79013773eb752bfe83
SHA256 e34c9e06cdd656e5b901c1eedd6d28aa595ceebd80e3c585218980fbd5a9c473
SHA512 635f58eed8f3af8e3b167b9b7825589e17f2aa638449961a11c4c54538c8d262fca7a35001dc3bd1a86aabe7030ddd03e66757aa6b3882ae7c8f99c8aa3389c6

C:\Users\Admin\AppData\Local\FLiNGTrainer\TrainerSettings.ini

MD5 a733986b23235e9df2ed8652044f4718
SHA1 a6b37ab6584096eee4e0bb79013773eb752bfe83
SHA256 e34c9e06cdd656e5b901c1eedd6d28aa595ceebd80e3c585218980fbd5a9c473
SHA512 635f58eed8f3af8e3b167b9b7825589e17f2aa638449961a11c4c54538c8d262fca7a35001dc3bd1a86aabe7030ddd03e66757aa6b3882ae7c8f99c8aa3389c6

memory/4432-793-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp

memory/4432-794-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp

memory/4432-795-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp

memory/4432-796-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp

memory/4432-797-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f6f47b83c67fe32ee32811d6611d269c
SHA1 b32353d1d0ed26e0dd5b5f1f402ffd41a105d025
SHA256 ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc
SHA512 6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

memory/4432-802-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 8c91894fd272a1dfd4a217aaf99c563c
SHA1 040b39490edeb78d79d05731963c564642fa0b6f
SHA256 ade54c249722b24c1b74b20616c656cb79f3932386e6da33d24331e4180cac23
SHA512 223901cc562d36501f5c6fa3f44109f3ad46e70a5027a89f8fba32f0f2896d38b91fae981493a64ac454cb0f995a671ca95ea88236f20efeb884537d1e778d0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 e67fb5315c50fcf41657400642a51099
SHA1 75a9b3a7f3b4baf5507ca0b466df44ab10dbff16
SHA256 8cd0f519e39bc8ad522c9afc57a11d2505cd44dea4c59e4ecb31562e625cfb0c
SHA512 70e9dc82d0b51d1642eba97ad09c3a9f7b203db4fe3078672607e5b0ddaaa3835f27516a1e9cf12e24d5ca52a30168f088f9883d93a172e3d2ed98687a33b3af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 280d6091fe8e4c908d8a31364ab32b43
SHA1 3db418e875e938514e58e03d0b5b7434f86a6689
SHA256 90843da93a5ab791e8a694746478f7e22545b4ac1dfa6dbfeba4163c4cdd7927
SHA512 4421f1328b4dd1e4878c141d353731c307aea34c9ca1102260679e2d076e1f829776f0fe16e220d725accfdc5932d4a0afd249a7b50866378a34846816229a33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 154f2fa7fda0994330e69a382b0534e2
SHA1 6fa5d4f5c881359b2eb801a453d4bd4508d04074
SHA256 a875a3069e217f6832f1b457ff4f4a0e8362dbe7e58a69465f661432d9ab064a
SHA512 4a133f7301d5b0c341d216ea2aae62a782f8f5752e4474497fbb1ebe51285234a98e830450f5f99a239332bd9b4d12aa507e01ede333c14991fdf490d7bb88ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 a42c6333a13e5376af95f46fd9c7b627
SHA1 57a98e519a44915e39a0cb6f23812adfa6611e67
SHA256 62bff9dd0379da44f9d7f739af671bb6b243c016b49c7146b431ae9e6b9cb41b
SHA512 68e511708465c75662845c55169de20572adfb359e1f4fd037c169bda44d853fdc622794912406b1908b585c3965d4a8612c007af9ca2601dacd4a14283fc894

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f6f47b83c67fe32ee32811d6611d269c
SHA1 b32353d1d0ed26e0dd5b5f1f402ffd41a105d025
SHA256 ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc
SHA512 6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 257dc5843b69b28661a05a2e086f0f57
SHA1 b36e20abec2a0b64c09b329ed30d485a447bc2c1
SHA256 3d891b4e934e931dced06e054196474a093adcc8e636407fe551e08026a46b33
SHA512 27078f8de04f42ccdaefc9f9baa3b32c4e655a2dea341eae164ccb66a712c8e6300dfc5dad1fbc7081df2633cb2534c3a3ab87d32992844408bd7b44decbae5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b82fb0e840dc616e3068919040597861
SHA1 bcbed48d5b890a775ae19503005323574b9664ff
SHA256 d7ca8faa5931190d506195dbdf38cc10f1329943007400848372af1895d541c9
SHA512 dbd8fd7b6631aa574fa96d344c0c4e1c56a84f06eec93be9778cb93e8f03e1756d9b9720a5fb8d164117361620f0a8a52f926d36963ba66aa331a43d4b4d36c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0b3da0282cf0b61da67124b4a89ccb45
SHA1 a952f0887bdb3cd5a169ba17d64bc7ff8eaa3b08
SHA256 e438af18693f8efb65d4f1e5e8bb8ffbe62a6ef3318c69f26c97948e9c0b2f90
SHA512 cc9453857d8a2d25b58745092db6b1f0084578e63dea5dcb4968a86770b6720dc6419d8954d9d273d510c512610984b5367265fee29645835c765e9f8f741814

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a8dc74c10a026e41660aec34d1efc52
SHA1 7a405b69867cb5338859a4a36ebd289b4b481623
SHA256 db3c980884e888e15a4ec5e18cb58079d57a8134d6f0b3a9d141158b82d4a9b1
SHA512 20c442356260a2f76002395baf05dfdb38909f777c6786c4ad8e268c9756f9b95317a018b7dc65c5fafc3f52b98e52f2946b3f1d68292c90342480447435ad07

memory/4432-1032-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp