Analysis Overview
SHA256
eabc658deece003f4e76ef76fd0932a0a2d91e63725bb11daf07dc7052689b76
Threat Level: Known bad
The file Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe was found to be: Known bad.
Malicious Activity Summary
R77 family
r77 rootkit payload
Downloads MZ/PE file
Executes dropped EXE
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-03 14:40
Signatures
R77 family
r77 rootkit payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-03 14:40
Reported
2023-08-03 14:45
Platform
win10v2004-20230703-es
Max time kernel
272s
Max time network
277s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe | N/A |
Enumerates physical storage devices
Program crash
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Sin confirmar 85798.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/tag/resident-evil-4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe275846f8,0x7ffe27584708,0x7ffe27584718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5784 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a8 0x418
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=6400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe
"C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 452 -p 384 -ip 384
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 384 -s 2636
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe
"C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 4920 -ip 4920
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4920 -s 2400
C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe
"C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 492 -p 3932 -ip 3932
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3932 -s 2476
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 /prefetch:2
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap9581:182:7zEvent14830
C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
"C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/tag/resident-evil-4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe275846f8,0x7ffe27584708,0x7ffe27584718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,8147163468357850979,7671805936562848729,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flingtrainer.com | udp |
| US | 104.26.1.11:443 | flingtrainer.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| NL | 23.222.33.142:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 11.1.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.33.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flingtrainer.com | udp |
| US | 104.26.1.11:443 | flingtrainer.com | tcp |
| US | 8.8.8.8:53 | 8.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.wemod.com | udp |
| US | 104.22.42.75:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | 75.42.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gravatar.com | udp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | 239.80.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| GB | 142.250.187.195:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | rr4---sn-4g5ednsd.googlevideo.com | udp |
| DE | 173.194.188.201:443 | rr4---sn-4g5ednsd.googlevideo.com | tcp |
| GB | 142.250.187.195:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.188.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.wemod.com | udp |
| US | 104.22.42.75:443 | api.wemod.com | tcp |
| US | 104.22.42.75:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
| US | 104.22.42.75:443 | api.wemod.com | tcp |
| US | 104.22.42.75:443 | api.wemod.com | tcp |
| US | 104.22.42.75:443 | api.wemod.com | tcp |
| US | 104.22.42.75:443 | api.wemod.com | tcp |
| US | 104.26.1.11:443 | flingtrainer.com | tcp |
| NL | 142.251.36.2:443 | partner.googleadservices.com | udp |
| GB | 142.250.187.195:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
Files
memory/3400-135-0x0000014B3FCE0000-0x0000014B3FD14000-memory.dmp
memory/3400-138-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
memory/3400-139-0x0000014B403D0000-0x0000014B403E0000-memory.dmp
memory/3400-140-0x0000014B403D0000-0x0000014B403E0000-memory.dmp
memory/3400-141-0x0000014B403D0000-0x0000014B403E0000-memory.dmp
memory/3400-142-0x0000014B403D0000-0x0000014B403E0000-memory.dmp
memory/3400-143-0x0000014B5E030000-0x0000014B5E050000-memory.dmp
memory/3400-144-0x0000014B5E020000-0x0000014B5E028000-memory.dmp
memory/3400-145-0x0000014B403D0000-0x0000014B403E0000-memory.dmp
memory/3400-146-0x0000014B5E0C0000-0x0000014B5E0F8000-memory.dmp
memory/3400-147-0x0000014B5E090000-0x0000014B5E09E000-memory.dmp
memory/3400-148-0x0000014B5F060000-0x0000014B5F162000-memory.dmp
memory/3400-152-0x0000014B5EFA0000-0x0000014B5EFE6000-memory.dmp
memory/3400-162-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
memory/3400-163-0x0000014B403D0000-0x0000014B403E0000-memory.dmp
memory/3400-164-0x0000014B403D0000-0x0000014B403E0000-memory.dmp
memory/3400-165-0x0000014B403D0000-0x0000014B403E0000-memory.dmp
memory/3400-166-0x0000014B403D0000-0x0000014B403E0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f6f47b83c67fe32ee32811d6611d269c |
| SHA1 | b32353d1d0ed26e0dd5b5f1f402ffd41a105d025 |
| SHA256 | ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc |
| SHA512 | 6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d |
\??\pipe\LOCAL\crashpad_4628_AFKIDPOYAVKZJZKU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8f8f6647fac9efbbc6c6ee8fec1f796 |
| SHA1 | 09975d4f9ae44cc086cb321cf3b2f9b5ec9e4d02 |
| SHA256 | 393ab3dd1d8f666d2e5aad59c0f873f4cb633fd1230ed797ea2daa2fc2efcef4 |
| SHA512 | 3d3d4d0705dfd548c1f16ace550c7326ca495ee26a14bc58d4bba7b64e504d4e14b0b6363659418baf5d4a3e9a934b270476869708e48634c9a09a41a335feb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | dec6bbe308eb44937f77160a25ee32db |
| SHA1 | 8f08a4b641b564b67205e00106ca6bd9ca46fc6e |
| SHA256 | 68a71de28f488586c2b169f4652347e0a1fd632d48a6d6725393607bfa18bc7e |
| SHA512 | 6c2d684af52588cfd34a682337749b829c2336b34d6add7e8bd6e0c641862c26889617b4d6e9f298fd177b89527deb696c493a205ea8490bb8aee60090a68475 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 7acd7edc16d9afd639f4e264f343912c |
| SHA1 | bfc72f463715132ece8f47361c516504e84b58ba |
| SHA256 | d9b6af93c3f75d5bb003a1c024b849bd4b780c17912d35f1578c6d3ec5d56b2f |
| SHA512 | e31009e11c9a3b7ccae3227d43b9299300c0aab64456d2391703cda3d05fcca8dfae5311617acd957ecf8c0b4618226bbd2dba922649a346376e4d5680eed8fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 5aba5b4e1d3a118908d847e7657a4664 |
| SHA1 | aa6c01d95569fc0223fa84e238ce38fbbca7d80e |
| SHA256 | 70d73672c03b91d8257603278eac4658fb0cb791e425d8258e77bebba8d741dd |
| SHA512 | aebbee2e6a3902cb9d47bdf5aff39e119fadf878c6a75ed867280159e285270a78e9a52b15204158b1bafaa6169bfea1e893cd3cc480e2aa8a5dd01c5d8986f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 27d16b41e51cbfb65e80f6c6be14d7f2 |
| SHA1 | 219ea75ee1e2fc78396779f3f04d188253f53be0 |
| SHA256 | d56fde9da42c8415ec1065f7dbebdf44216d601c0568c48ad1633163b7b75139 |
| SHA512 | d1107a3d3dfc23e80ab84cba39b304aeea3f19a945b3a79fce41425efba72bd98051acf4c3341ea655155e56ab03c625f99bb1e50fc7fb1b63739a7731ced595 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aec0dd5b2f758839db530854bde53cf9 |
| SHA1 | 53147e19206b41ceaecd537b2ac16b75fb3013f2 |
| SHA256 | 01da4a7cd2644564625cc552031e21f63ae666b1a8efd951815c733f4a08067d |
| SHA512 | 462cc5abaa4553b4b96985cc317c07765db171ef239391affb55807656c6c980b62378891a6178f4e9bc635bf64e13d50918fe717940bb3c06a7ef52d06bd11e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 683a6b5a1cd5ecfeda48255a5851a33e |
| SHA1 | 1b3dce2fdc852b0ad92c43d4fc57d24a4d36dcb9 |
| SHA256 | c11bcdc7b625da7de7a95ee0fcfea0818ce1330c5765f5680d32083e9498bc1c |
| SHA512 | 9daf9bc4d2c421f73545fae7792b0f7407f457c8a708dd91057c0fa973f780d317f0733aa0e62db38bb81c270422ad6cd38b24e18cf5cc2e00f4062ddaf6a3ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5544c64f2a8f49dabc19eb84267b1c9b |
| SHA1 | c5b78d63a8bab1c7b985f7ea2f268d0d7809071e |
| SHA256 | a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f |
| SHA512 | 38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | c15d33a9508923be839d315a999ab9c7 |
| SHA1 | d17f6e786a1464e13d4ec8e842f4eb121b103842 |
| SHA256 | 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98 |
| SHA512 | 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06 |
C:\Users\Admin\Downloads\0ef0b966-3668-4789-8cd9-63f75d917c04.tmp
| MD5 | 2d82b826eec6d56317e9ea66fc5b1845 |
| SHA1 | 101ea434c27f31c3794b860a533635f6eeaf1f2a |
| SHA256 | 59aa7ec252c7ed280b468ab516a970b1a4efb0736bf96ae5b7da8137a6c167f0 |
| SHA512 | 86ace1d528c66e8e7f02afe24a6a201c8acbf3618b2269c4641ebae28c505d90effae139b2c601c13a3af21674952213068215145b20ae9725e9d336c396faba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b668604315328494cb2d701424e635d3 |
| SHA1 | c14f5dfe6ccccbd95a0db63bc953eb743821bd1c |
| SHA256 | 36e374c285829efaad422c556a22f42d0369e5a06d42b23401ee16fca0bfa83f |
| SHA512 | fe9afb4f5f0e647a50658baa66b164f9c7a5244d269cd990173ffe451177a7651bc5c7f41a03a3f3f19c83e4d6539eccccf83441d938cb9f786d3f4a176a5111 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 700517ae9d1334f3b938007f062b5004 |
| SHA1 | a8cda021ad6f9b57b24a0fa1f41a35913691e1f3 |
| SHA256 | c9d948a86cc9f84dcfe945a160e941cc3cb2eb6ea2cd4e8498541385cd4e44ef |
| SHA512 | 35ed238a56c4ef36cb4e880bdcae0345f96d867809985557688f7dca7ed7bff1f80fcd187cc7405d76c77198a348e71740a5d9fd2117264cdd94746691ce1148 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dace23519a06810b241df3d58d4f67b7 |
| SHA1 | df38fa044d132fa0a042ccf38a39417b51020526 |
| SHA256 | dd8908faa10142f2ce9974fc11ce9e387a1d91c25277bd9f6a5ba248dbcecfe5 |
| SHA512 | d69ff5381e6be681a9fbff0c3a18d839dbc20252605869dd717d521da7d55f2a0ed33def066a32f25e60a4c5abb0891f03eacc3a9dbdcfcfc89a1de7a33d0cc2 |
C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe
| MD5 | 2d82b826eec6d56317e9ea66fc5b1845 |
| SHA1 | 101ea434c27f31c3794b860a533635f6eeaf1f2a |
| SHA256 | 59aa7ec252c7ed280b468ab516a970b1a4efb0736bf96ae5b7da8137a6c167f0 |
| SHA512 | 86ace1d528c66e8e7f02afe24a6a201c8acbf3618b2269c4641ebae28c505d90effae139b2c601c13a3af21674952213068215145b20ae9725e9d336c396faba |
C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe
| MD5 | 2d82b826eec6d56317e9ea66fc5b1845 |
| SHA1 | 101ea434c27f31c3794b860a533635f6eeaf1f2a |
| SHA256 | 59aa7ec252c7ed280b468ab516a970b1a4efb0736bf96ae5b7da8137a6c167f0 |
| SHA512 | 86ace1d528c66e8e7f02afe24a6a201c8acbf3618b2269c4641ebae28c505d90effae139b2c601c13a3af21674952213068215145b20ae9725e9d336c396faba |
memory/384-606-0x000001CEA5350000-0x000001CEA5376000-memory.dmp
memory/384-607-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
memory/384-608-0x000001CEA6F90000-0x000001CEA6FA0000-memory.dmp
memory/384-610-0x000001CEA6F90000-0x000001CEA6FA0000-memory.dmp
memory/384-611-0x000001CEA6F90000-0x000001CEA6FA0000-memory.dmp
memory/384-612-0x000001CEA6F90000-0x000001CEA6FA0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c2c30bc273818e277a4e6ea6a088de65 |
| SHA1 | c93e9dc8d4b776fb99dc52ae4dcfe0c6c4135d09 |
| SHA256 | 7cdef17e445725afd20cb01db30990e1be21a69570130fe1692a2b06a222c9f3 |
| SHA512 | 4d4f01964a17c9c50bf8cde7dc63460fb940f5e57c4f82b0ff38d61b9aab4bbe5cb971303952ac12a78de22239cf667f5a3fb6608cc35f77a3ebd3ebf11ff7e0 |
memory/384-631-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2ff7c906eab4bae666daa962aef48fc4 |
| SHA1 | 9e0b65484458f4458e569a09e50d22aa263e8aca |
| SHA256 | d07d4597f11d71e1c3bfee6f60ec8d3faa26b6e72ac5bea1f047cc98ca7c07af |
| SHA512 | fc98146c180804c9e6dc7fa69ad7e45668e45b50e86024ca95185f99f3379ceac81ef29d196761ea52d748828b0f84081868b906fcf96413ab688d992e03276f |
C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe
| MD5 | 2d82b826eec6d56317e9ea66fc5b1845 |
| SHA1 | 101ea434c27f31c3794b860a533635f6eeaf1f2a |
| SHA256 | 59aa7ec252c7ed280b468ab516a970b1a4efb0736bf96ae5b7da8137a6c167f0 |
| SHA512 | 86ace1d528c66e8e7f02afe24a6a201c8acbf3618b2269c4641ebae28c505d90effae139b2c601c13a3af21674952213068215145b20ae9725e9d336c396faba |
memory/4920-656-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
memory/4920-657-0x0000010EAAA80000-0x0000010EAAA90000-memory.dmp
memory/4920-658-0x0000010EAAA80000-0x0000010EAAA90000-memory.dmp
memory/4920-668-0x0000010EAAA80000-0x0000010EAAA90000-memory.dmp
memory/4920-669-0x0000010EAAA80000-0x0000010EAAA90000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E3D8ZC6J\setup[1].htm
| MD5 | 65622f3f1b170f5306d29661e2d84221 |
| SHA1 | b4566fb2d4a74ebe62b656d6d6fa2804fe486096 |
| SHA256 | 8482b72c8b64f506fd6150edad6d8297042553a883409f5c812d45bb182cc3a6 |
| SHA512 | 91f0a6979de09ab3307319c8b93c664ada9b8e0ec97bc17b04ee3cc76405a4dd78e8d49faf4e3241134ea0a9bd550e7415bd834672be0fc432316aab33c90b6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | c9e69d4200ad0d558e09229e48142166 |
| SHA1 | 8156e3e93e7379bd8d37e6c1bdebb8c01c83cc3c |
| SHA256 | 7e7f674891a26a25f3f67860f61a57696006da63ceb4b563949d4d92347ce812 |
| SHA512 | 2bf6be2d5950e551b4d46cac75c4497cb0fb0c0835d00b80eb0de15e1908239ed96f9f76542de0892b6fc11fba36d1363f4c2c9fc0484bbad9acf7065fcc6262 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | e239fec67cdb45aefc494c942d8e40e2 |
| SHA1 | 62a0288a4538f987e20ec0f3668fb8d6a70f70dc |
| SHA256 | 952ea13cdabbba3e59e3c6a58fac4d113c650e6e4fc773cbe540ec40d0a6e2da |
| SHA512 | fe798158e73871f9b14f892becd872b8b8af6e6c1af62ebda9177e36ff926d61c2acad9d829368cbbf49acefcc21a9b76baf122a9ccf66b66706839d0fef5b1f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\34SFYBWV\Inter-Thin-0f080c40c6[1].woff
| MD5 | 0f080c40c639962e1cad093aa58192dc |
| SHA1 | 100cad47b4b0ec58de2b2c27e21b19d8ad74cb85 |
| SHA256 | e9da5a64a6a8eb87a2c6d475327f072b5ca25731df07119f576c10c50aa9554d |
| SHA512 | 95ecae3dd09ec76fc0a90f6888592315b42d7a2775c4c6c56bc8df8b901f990c01111612908f4807225e61c68bdb1a1be90ea0db5cef7f2a822569e084a0330b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PQKW7621\Inter-Light-0f0118feb7[1].woff
| MD5 | 0f0118feb71664927ea7fb8015778795 |
| SHA1 | b6e20d630466c928cef017ee265cd373f53a3382 |
| SHA256 | cb671d0dbc9a61ec80bfc91d5879e8635a09b7f309f5ee57810d4c6b7a26ee0c |
| SHA512 | 7f02a5b07d0315bc6975d222b53b61aa9e0b50c3d1e8bb7cabe089aa4da3c8be5ac475875e33c2ae07668f526ed13e28e0ae9ef4384aad36c3fac47b81905143 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1Y0EG8YX\Inter-ExtraLight-7d759358c1[1].woff
| MD5 | 7d759358c1372fa6acae4cb22f93defa |
| SHA1 | de4313dfa90b143522a234dc2fb0374f82b5b836 |
| SHA256 | 07f5b5f734793f48613d8da246f4db2b564bfa7149f62526326be9cb8bb94841 |
| SHA512 | c8d3a8283caeb94abee32ff3bf07825c11751ec21381e40ac16ab281dc3608b3f6650cf5b6fc1f0329b9e1186efa4c90404d2efb7c43f03cff2625a05243a737 |
memory/4920-678-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
C:\Users\Admin\Downloads\Resident Evil 4 Trainer - FLiNG.exe
| MD5 | 2d82b826eec6d56317e9ea66fc5b1845 |
| SHA1 | 101ea434c27f31c3794b860a533635f6eeaf1f2a |
| SHA256 | 59aa7ec252c7ed280b468ab516a970b1a4efb0736bf96ae5b7da8137a6c167f0 |
| SHA512 | 86ace1d528c66e8e7f02afe24a6a201c8acbf3618b2269c4641ebae28c505d90effae139b2c601c13a3af21674952213068215145b20ae9725e9d336c396faba |
memory/3932-680-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
memory/3932-681-0x0000028D2BD80000-0x0000028D2BD90000-memory.dmp
memory/3932-682-0x0000028D2BD80000-0x0000028D2BD90000-memory.dmp
memory/3932-683-0x0000028D2BD80000-0x0000028D2BD90000-memory.dmp
memory/3932-684-0x0000028D2BD80000-0x0000028D2BD90000-memory.dmp
memory/3932-685-0x0000028D2BD80000-0x0000028D2BD90000-memory.dmp
memory/3932-688-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG.zip
| MD5 | a990778a507e2aeee90fbcbca6a15177 |
| SHA1 | 09a6b707cd93a808620d96b347775d68ce5075a9 |
| SHA256 | 6a47af2e953d82c3f8cb8b84a0c48405f661c9725fde003fcacf9ac93adde517 |
| SHA512 | 865046f6c35079f81be91efe9c7baa6e170b239287480c1ae3fe1e8f3eb036e1a43370c481b9317c26d578f8e5d98dc7979a9540e31bbe7c780ebc83cae1a9d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 50fc12a0a9e3cb193cc00b3acc1f1d78 |
| SHA1 | 249f74400ac71d780da7d233ede4e9da6068d786 |
| SHA256 | 62043ae620c387625af0fec7fed3bd0f01d3d25574e982bbe6fb33ddac1b7699 |
| SHA512 | 2d92c2cf79fbe55d81687c41fd68dbade45bac1d0a41e89551eb2116b8d1e6a01d5252bb1b4246b8c4a07e1686afa9bc95302f2c7754021302f8148053058fb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 31950fa90a587311c6e37be455b91ab5 |
| SHA1 | acfc1b3eb6893e267fc630dc12b81fa6ec653e25 |
| SHA256 | 8f86d4ceb3ac7986992bf3a40d34d53a332cea110602dc02be9c8eb46243f170 |
| SHA512 | d51f7133f57341ad936b6acdf531cf4bbd4aebedcb87ec070675619c4b402cc9b27a095e782826842cc90db633c2dfbff1bd447089bf52f829354d02e8734c53 |
C:\Users\Admin\Downloads\Resident.Evil.4.v1.0-v20230424.Plus.36.Trainer.Updated-FLiNG.zip
| MD5 | a990778a507e2aeee90fbcbca6a15177 |
| SHA1 | 09a6b707cd93a808620d96b347775d68ce5075a9 |
| SHA256 | 6a47af2e953d82c3f8cb8b84a0c48405f661c9725fde003fcacf9ac93adde517 |
| SHA512 | 865046f6c35079f81be91efe9c7baa6e170b239287480c1ae3fe1e8f3eb036e1a43370c481b9317c26d578f8e5d98dc7979a9540e31bbe7c780ebc83cae1a9d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6fda405b6ccf1d237be7fa0973dc0bbf |
| SHA1 | a2392ca7ffdf2cd4f0acda9e0565984a44b77d2c |
| SHA256 | 23a7c1c8b551ca7d6ee96dc38dc12e81f110798299a0966bedcedbbd87db8454 |
| SHA512 | d93b5aeb2b8b2913ef24ee82298ffbfe5ba000d8061ee71c210c593aaa23c007676e088af4c06e574fd902bc4a627e4cff53b8abe7ae36b3224fff0aed924ace |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 145bc3e6b0cc4e4df931d46fee5a2498 |
| SHA1 | 4c1002229dd2422e42b6ebe5d52e4516ffe11a68 |
| SHA256 | 54983e5640dfd28c87a1d00643aada436f197596851d3da09ba44a645791cc86 |
| SHA512 | e9311bab91e719106e68ea18ee7314fd818cc5e27b326831ebb314af8f406dc421475a42f6ced5c3f7657e99b1dc89d62a49fc810e7d07a1f61d09c8b3ff4a94 |
memory/3400-768-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FLiNGTrainer.tmp
| MD5 | c88587a6ac55f6f358e5058121a0dc11 |
| SHA1 | 557ac4a959d147779ce5085671818ce78a43d602 |
| SHA256 | c669f0121cb9c9cdadef5637402b993716b229e8cafb2d8eb2d5d4353f182226 |
| SHA512 | 83f81f1ba248914a71b5b30c997eda4296e5d4d369089698858dfad25b1c86718c69ecb2582706aebe36be1db942190659e1cec4cbfc53ead960934cc44487f0 |
C:\Users\Admin\AppData\Local\Temp\FLiNGTrainer.tmp
| MD5 | c88587a6ac55f6f358e5058121a0dc11 |
| SHA1 | 557ac4a959d147779ce5085671818ce78a43d602 |
| SHA256 | c669f0121cb9c9cdadef5637402b993716b229e8cafb2d8eb2d5d4353f182226 |
| SHA512 | 83f81f1ba248914a71b5b30c997eda4296e5d4d369089698858dfad25b1c86718c69ecb2582706aebe36be1db942190659e1cec4cbfc53ead960934cc44487f0 |
memory/4432-772-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
memory/4432-785-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp
memory/4432-775-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp
memory/4432-786-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp
memory/4432-787-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp
C:\Users\Admin\AppData\Local\FLiNGTrainer\TrainerSettings.ini
| MD5 | a733986b23235e9df2ed8652044f4718 |
| SHA1 | a6b37ab6584096eee4e0bb79013773eb752bfe83 |
| SHA256 | e34c9e06cdd656e5b901c1eedd6d28aa595ceebd80e3c585218980fbd5a9c473 |
| SHA512 | 635f58eed8f3af8e3b167b9b7825589e17f2aa638449961a11c4c54538c8d262fca7a35001dc3bd1a86aabe7030ddd03e66757aa6b3882ae7c8f99c8aa3389c6 |
C:\Users\Admin\AppData\Local\FLiNGTrainer\TrainerSettings.ini
| MD5 | a733986b23235e9df2ed8652044f4718 |
| SHA1 | a6b37ab6584096eee4e0bb79013773eb752bfe83 |
| SHA256 | e34c9e06cdd656e5b901c1eedd6d28aa595ceebd80e3c585218980fbd5a9c473 |
| SHA512 | 635f58eed8f3af8e3b167b9b7825589e17f2aa638449961a11c4c54538c8d262fca7a35001dc3bd1a86aabe7030ddd03e66757aa6b3882ae7c8f99c8aa3389c6 |
memory/4432-793-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp
memory/4432-794-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp
memory/4432-795-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp
memory/4432-796-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp
memory/4432-797-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f6f47b83c67fe32ee32811d6611d269c |
| SHA1 | b32353d1d0ed26e0dd5b5f1f402ffd41a105d025 |
| SHA256 | ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc |
| SHA512 | 6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d |
memory/4432-802-0x0000022FBFC90000-0x0000022FBFCA0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 8c91894fd272a1dfd4a217aaf99c563c |
| SHA1 | 040b39490edeb78d79d05731963c564642fa0b6f |
| SHA256 | ade54c249722b24c1b74b20616c656cb79f3932386e6da33d24331e4180cac23 |
| SHA512 | 223901cc562d36501f5c6fa3f44109f3ad46e70a5027a89f8fba32f0f2896d38b91fae981493a64ac454cb0f995a671ca95ea88236f20efeb884537d1e778d0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | e67fb5315c50fcf41657400642a51099 |
| SHA1 | 75a9b3a7f3b4baf5507ca0b466df44ab10dbff16 |
| SHA256 | 8cd0f519e39bc8ad522c9afc57a11d2505cd44dea4c59e4ecb31562e625cfb0c |
| SHA512 | 70e9dc82d0b51d1642eba97ad09c3a9f7b203db4fe3078672607e5b0ddaaa3835f27516a1e9cf12e24d5ca52a30168f088f9883d93a172e3d2ed98687a33b3af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 280d6091fe8e4c908d8a31364ab32b43 |
| SHA1 | 3db418e875e938514e58e03d0b5b7434f86a6689 |
| SHA256 | 90843da93a5ab791e8a694746478f7e22545b4ac1dfa6dbfeba4163c4cdd7927 |
| SHA512 | 4421f1328b4dd1e4878c141d353731c307aea34c9ca1102260679e2d076e1f829776f0fe16e220d725accfdc5932d4a0afd249a7b50866378a34846816229a33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 154f2fa7fda0994330e69a382b0534e2 |
| SHA1 | 6fa5d4f5c881359b2eb801a453d4bd4508d04074 |
| SHA256 | a875a3069e217f6832f1b457ff4f4a0e8362dbe7e58a69465f661432d9ab064a |
| SHA512 | 4a133f7301d5b0c341d216ea2aae62a782f8f5752e4474497fbb1ebe51285234a98e830450f5f99a239332bd9b4d12aa507e01ede333c14991fdf490d7bb88ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | a42c6333a13e5376af95f46fd9c7b627 |
| SHA1 | 57a98e519a44915e39a0cb6f23812adfa6611e67 |
| SHA256 | 62bff9dd0379da44f9d7f739af671bb6b243c016b49c7146b431ae9e6b9cb41b |
| SHA512 | 68e511708465c75662845c55169de20572adfb359e1f4fd037c169bda44d853fdc622794912406b1908b585c3965d4a8612c007af9ca2601dacd4a14283fc894 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f6f47b83c67fe32ee32811d6611d269c |
| SHA1 | b32353d1d0ed26e0dd5b5f1f402ffd41a105d025 |
| SHA256 | ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc |
| SHA512 | 6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 257dc5843b69b28661a05a2e086f0f57 |
| SHA1 | b36e20abec2a0b64c09b329ed30d485a447bc2c1 |
| SHA256 | 3d891b4e934e931dced06e054196474a093adcc8e636407fe551e08026a46b33 |
| SHA512 | 27078f8de04f42ccdaefc9f9baa3b32c4e655a2dea341eae164ccb66a712c8e6300dfc5dad1fbc7081df2633cb2534c3a3ab87d32992844408bd7b44decbae5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b82fb0e840dc616e3068919040597861 |
| SHA1 | bcbed48d5b890a775ae19503005323574b9664ff |
| SHA256 | d7ca8faa5931190d506195dbdf38cc10f1329943007400848372af1895d541c9 |
| SHA512 | dbd8fd7b6631aa574fa96d344c0c4e1c56a84f06eec93be9778cb93e8f03e1756d9b9720a5fb8d164117361620f0a8a52f926d36963ba66aa331a43d4b4d36c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0b3da0282cf0b61da67124b4a89ccb45 |
| SHA1 | a952f0887bdb3cd5a169ba17d64bc7ff8eaa3b08 |
| SHA256 | e438af18693f8efb65d4f1e5e8bb8ffbe62a6ef3318c69f26c97948e9c0b2f90 |
| SHA512 | cc9453857d8a2d25b58745092db6b1f0084578e63dea5dcb4968a86770b6720dc6419d8954d9d273d510c512610984b5367265fee29645835c765e9f8f741814 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a8dc74c10a026e41660aec34d1efc52 |
| SHA1 | 7a405b69867cb5338859a4a36ebd289b4b481623 |
| SHA256 | db3c980884e888e15a4ec5e18cb58079d57a8134d6f0b3a9d141158b82d4a9b1 |
| SHA512 | 20c442356260a2f76002395baf05dfdb38909f777c6786c4ad8e268c9756f9b95317a018b7dc65c5fafc3f52b98e52f2946b3f1d68292c90342480447435ad07 |
memory/4432-1032-0x00007FFE26110000-0x00007FFE26BD1000-memory.dmp