Malware Analysis Report

2024-11-30 05:10

Sample ID 240521-rww5lshd3x
Target https://mi-hack.com/cheat/fivem
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://mi-hack.com/cheat/fivem was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-21 14:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 14:33

Reported

2024-05-21 14:37

Platform

win10v2004-20240508-en

Max time kernel

230s

Max time network

231s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mi-hack.com/cheat/fivem

Signatures

Lumma Stealer

stealer lumma

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1988 set thread context of 7204 N/A C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
PID 7348 set thread context of 7812 N/A C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 972 wrote to memory of 4348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 972 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mi-hack.com/cheat/fivem

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4d6946f8,0x7ffc4d694708,0x7ffc4d694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,15713947542499547878,17655914619934138063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\KFlauncher\" -spe -an -ai#7zMap14482:82:7zEvent20263

C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe

"C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe

"C:\Users\Admin\Downloads\KFlauncher\KFlauncher.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 mi-hack.com udp
RU 31.31.196.157:443 mi-hack.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 157.196.31.31.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 yuqucheats.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
US 104.21.81.156:443 yuqucheats.com tcp
US 104.21.81.156:443 yuqucheats.com tcp
US 8.8.8.8:53 userstat.net udp
US 104.21.68.52:443 userstat.net tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 156.81.21.104.in-addr.arpa udp
US 8.8.8.8:53 52.68.21.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 172.67.170.144:443 www.ezojs.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
DK 18.173.5.82:443 cdn.amplitude.com tcp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
GB 142.250.187.238:443 translate.google.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.52.110:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
BE 74.125.133.156:443 stats.g.doubleclick.net tcp
GB 142.250.179.234:443 translate.googleapis.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 44.239.44.141:443 api.amplitude.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 g.ezodn.com udp
NL 23.63.101.171:80 apps.identrust.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 104.21.87.79:443 g.ezodn.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
BE 74.125.133.156:443 stats.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 82.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 31.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
US 8.8.8.8:53 173.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 156.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 171.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.44.239.44.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 188.114.96.2:443 bshr.ezodn.com tcp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 52.49.45.15:443 bcp.crwdcntrl.net tcp
IE 34.255.81.198:443 bcp.crwdcntrl.net tcp
DK 143.204.237.111:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 198.81.255.34.in-addr.arpa udp
US 8.8.8.8:53 111.237.204.143.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 script.4dex.io udp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ghb.adtelligent.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
DE 51.75.86.98:443 onetag-sys.com tcp
IE 54.228.103.145:443 ap.lijit.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 185.83.69.58:443 ghb.adtelligent.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
DK 143.204.247.175:443 cdn.prod.uidapi.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
DK 143.204.237.77:443 hb.yellowblue.io tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 id5-sync.com udp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
IE 54.228.103.145:443 ap.lijit.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 34.102.146.192:443 oa.openxcdn.net tcp
GB 142.250.187.196:443 www.google.com udp
DE 162.19.138.120:443 id5-sync.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
DE 51.75.86.98:443 onetag-sys.com udp
US 8.8.8.8:53 oajs.openx.net udp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 ghb1.adtelligent.com udp
US 23.227.151.242:443 ghb1.adtelligent.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 71431110aecf45281a2acfc1382481c6.safeframe.googlesyndication.com udp
US 34.120.135.53:443 oajs.openx.net udp
GB 172.217.169.65:443 71431110aecf45281a2acfc1382481c6.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 58.69.83.185.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 175.247.204.143.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 77.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 209.30.22.104.in-addr.arpa udp
US 8.8.8.8:53 145.103.228.54.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 242.151.227.23.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.70:443 gem.gbc.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
NL 185.235.87.62:443 ag.gbc.criteo.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 download2362.mediafire.com udp
US 199.91.155.103:443 download2362.mediafire.com tcp
US 199.91.155.103:443 download2362.mediafire.com tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 70.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 62.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 sys.ctrackapp.com udp
DK 143.204.237.69:443 sys.ctrackapp.com tcp
DK 143.204.237.69:443 sys.ctrackapp.com tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 track.donecperficiam.com udp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 hbx.media.net udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
IE 18.203.106.185:443 ce.lijit.com tcp
DK 18.173.5.96:443 track.donecperficiam.com tcp
US 8.8.8.8:53 c3.a-mo.net udp
US 104.18.38.76:443 js-sec.indexww.com tcp
DK 18.173.5.96:443 track.donecperficiam.com tcp
NL 79.127.227.46:443 c3.a-mo.net tcp
SE 104.73.92.198:443 ads.pubmatic.com tcp
SE 104.73.92.22:443 hbx.media.net tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
SE 104.73.92.198:443 ads.pubmatic.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 103.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 69.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 185.106.203.18.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
DE 37.252.171.21:443 ib.adnxs.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
DE 52.29.4.131:443 rtb.mfadsrvr.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
FR 91.134.110.132:443 ssbsync-global.smartadserver.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 b1sync.zemanta.com udp
GB 185.64.190.79:443 image8.pubmatic.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DK 143.204.237.52:443 api-2-0.spot.im tcp
IE 52.214.140.212:443 match.prod.bidr.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 50.31.142.223:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 104.17.43.93:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 2.17.251.37:443 player.aniview.com tcp
NL 81.17.55.122:443 ssbsync.smartadserver.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
GB 216.58.212.194:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 sync.adtelligent.com udp
US 8.8.8.8:53 96.5.173.18.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 198.92.73.104.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 22.92.73.104.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 131.4.29.52.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 132.110.134.91.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 212.140.214.52.in-addr.arpa udp
US 8.8.8.8:53 52.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 93.43.17.104.in-addr.arpa udp
US 8.8.8.8:53 223.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 122.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 37.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 171.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
GB 185.83.71.234:443 sync.adtelligent.com tcp
US 8.8.8.8:53 spl.zeotap.com udp
US 104.22.50.98:443 spl.zeotap.com tcp
US 50.31.142.223:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
BE 2.21.18.175:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 54.146.53.134:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
DE 52.29.4.131:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 54.90.213.12:443 cs-server-s2s.yellowblue.io tcp
IE 52.50.65.213:443 jadserve.postrelease.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 74.121.140.211:443 sync.mathtag.com tcp
US 8.8.8.8:53 bttrack.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
US 8.8.8.8:53 234.71.83.185.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 175.18.21.2.in-addr.arpa udp
US 8.8.8.8:53 134.53.146.54.in-addr.arpa udp
US 8.8.8.8:53 213.65.50.52.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 12.213.90.54.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 cdn.indexww.com udp
GB 216.58.212.194:443 cm.g.doubleclick.net udp
GB 185.64.190.84:443 ow.pubmatic.com tcp
US 8.8.8.8:53 static.smilewanted.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 sync.a-mo.net udp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
GB 142.250.179.234:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 84.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 sync.smartadserver.com udp
FR 5.196.111.72:443 sync.smartadserver.com tcp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 ice.360yield.com udp
IE 54.75.186.234:443 ice.360yield.com tcp
US 8.8.8.8:53 u.openx.net udp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 72.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 234.186.75.54.in-addr.arpa udp
US 8.8.8.8:53 cm.adform.net udp
DK 37.157.6.237:443 cm.adform.net tcp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.2.110.33:443 us.shb-sync.com tcp
US 8.8.8.8:53 s.ad.smaato.net udp
DK 143.204.237.61:443 s.ad.smaato.net tcp
US 8.8.8.8:53 237.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 61.237.204.143.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 corruptioncrackywosp.shop udp
US 104.21.92.10:443 corruptioncrackywosp.shop tcp
US 8.8.8.8:53 10.92.21.104.in-addr.arpa udp
US 8.8.8.8:53 museumtespaceorsp.shop udp
US 104.21.32.80:443 museumtespaceorsp.shop tcp
US 8.8.8.8:53 buttockdecarderwiso.shop udp
US 172.67.218.187:443 buttockdecarderwiso.shop tcp
US 8.8.8.8:53 80.32.21.104.in-addr.arpa udp
US 8.8.8.8:53 averageaattractiionsl.shop udp
US 172.67.220.163:443 averageaattractiionsl.shop tcp
US 8.8.8.8:53 femininiespywageg.shop udp
US 172.67.141.63:443 femininiespywageg.shop tcp
US 8.8.8.8:53 employhabragaomlsp.shop udp
US 104.21.85.81:443 employhabragaomlsp.shop tcp
US 8.8.8.8:53 stalfbaclcalorieeis.shop udp
US 188.114.97.2:443 stalfbaclcalorieeis.shop tcp
US 8.8.8.8:53 187.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 163.220.67.172.in-addr.arpa udp
US 8.8.8.8:53 63.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 81.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 civilianurinedtsraov.shop udp
US 172.67.197.146:443 civilianurinedtsraov.shop tcp
US 8.8.8.8:53 roomabolishsnifftwk.shop udp
US 104.21.55.87:443 roomabolishsnifftwk.shop tcp
US 8.8.8.8:53 146.197.67.172.in-addr.arpa udp
US 8.8.8.8:53 87.55.21.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 104.21.92.10:443 corruptioncrackywosp.shop tcp
US 104.21.32.80:443 museumtespaceorsp.shop tcp
US 172.67.218.187:443 buttockdecarderwiso.shop tcp
US 172.67.220.163:443 averageaattractiionsl.shop tcp
US 172.67.141.63:443 femininiespywageg.shop tcp
US 104.21.85.81:443 employhabragaomlsp.shop tcp
US 188.114.97.2:443 stalfbaclcalorieeis.shop tcp
US 172.67.197.146:443 civilianurinedtsraov.shop tcp
US 104.21.55.87:443 roomabolishsnifftwk.shop tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_972_YRJREVSEGFCHAJVA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 204fd9973154f3bb6905ba2b661699b1
SHA1 7b343f58d7656fee9423c6cb70e30af6b75f504a
SHA256 4def0ee733b9c33b9b3b01484f80627ee37d7bd50a641989b6bd514537cd4c81
SHA512 be26f1b9133e7eb50d73db96f5fa5b57377e04caa0790336ef3517f9a225fc1b7f7df78c4f7a1b0765f06b43c66e9e43ae69b63397d724e36e0566f3ee8c9c4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17a94559f6b948bed5ac6a320b5de7dc
SHA1 bdbc09c524ef2ec9f2890bafaa7a77967961435b
SHA256 3e99688c6bb5e188a818bcfe69dc01128046c20712870b941b976c52ca87d767
SHA512 216cfa464ea420e7184a93fb0f0ea95d3e89f55fbc66d3adce46ae4a0f8f517cfd49c09c23d1fffb122ebf9821b3f57158cfd085ebad9be920ff5f9822b384cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c45f5536604623aa168f537e5471c8e5
SHA1 f6e93a056e620f1cd22d2a23ecf9c5024adb8a55
SHA256 cc2d248b13884168702611847207c3a853a2373c86a565a400562d3343434e12
SHA512 49e58715f144b226f22c51dbf1067062f427bc6d744144eec04665c96f1216cb21b94be3a283254bd01b52d43447ad7c9f769e7515ed791befc9c497ccdf6022

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 253ef5bffedfea748ecda742d2389c18
SHA1 2ccb5e579777b83300984eb72ea88686a19b9ad8
SHA256 6738ea10b89214b2baf5af208fd310ea3b18685ef9769b1b470edb46dcf6beff
SHA512 67f2befcf08ba985b74430d28a043bfa731e9a863ae990ac1bf8453be3577ad4e5dc0a81841aa05e989d01ef244ea0a0977bf5892438572146fcc072a50c7145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6e36f77d46223f7a0272ca862a25ae95
SHA1 265b09ca27ef4da7eaa9c9cc95527b224a2d5348
SHA256 fbc47e9ba8ddb15e3be342bad234926bae1c9ed062b2dd2719d035b72d337101
SHA512 b6f21e34be70c91b48b3b7d870510faba1b0e50350606ae01e54386869351c595cee353414f921f5392042eb3e810099d30fbd41a0e1e7b7029feed917d3bdff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ba76.TMP

MD5 dbe30913924c14a05811b2ecc6f15ced
SHA1 f62e08f6713c785f666a3b8018203a1efa442364
SHA256 6ff9089ff1581050bfe0d9d21d4c9793bb76cabe2b3df622528edd369579de32
SHA512 32fd1542ac67e5369a27aeb3e78cd5bce5dd3a2fe4882f23b00b3cbf3b5498cfdb2ec08cfc0c7247b4b2bc9fbb8ad39262f353b088e6584902a08997c0aeaae8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 834b9ce2c2a431e40e86972bfd5a0077
SHA1 6088dbccd5bebcbf9876811cc07d0985cf25f820
SHA256 fde03a309bdee7d99bb034e4ec93bc3fe41d4913903d20888dc5821e1a0d6b8a
SHA512 fc5148667d1a25649e190e8a564ac3b0e2def2754f495306473638ef541507a759b372539bd606bc305a042c1ae5576a5e25ef78a36ac297b3e52d7c6d620d34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11ea5066be371a349e33c3c3830f39b7
SHA1 2f32b8e97b88c4d2e57a86ac230b37cb48115a78
SHA256 fa47ed10d6bb5e6ad781539f0085f664457973e12cf93940aee4996fda3c791a
SHA512 3dd8713402002c4bc5fdf55b6f54573225c2f8ef358d7e0ed7ac0e9ca90793ac7f275388648a58f61c4c0c78c2f073a543b1164c8900f2875d364a5fa5620f71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8c82b8eb6fe2ce1d404001a1073f4d26
SHA1 84b079ab03fe68fde241430d2c1552cce86b5240
SHA256 b3110fa49862351b58b6c7aa0668ec84c414fa0ecf49a9b6d88b4cf6f43b506b
SHA512 86f43bb8d6f24792fe520a69607a1e57e1ee362887f452d9b000637b161f276403f90a6ea2884d3388e462c780cb74ac3b32c3164640e5baefcc42b197a4e77b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0d48fdfb1783dae72616290d4a2bc536
SHA1 b65370376886cf4219f0bff47a012bd522d817ea
SHA256 63df4f3381fa668ea613c39e6994c6c313f581e5c3429e6a4b436b765c7e8748
SHA512 b2d0384b71f5e6fe89b63e82608bfbbc52c53583c00387c79530297c485b6c459de54f29c6dffadec741190c4ba467f341826f9ce3006684d2653a67c5b19df9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 29bf0766262e00432a203089c730c21d
SHA1 48fa01159ee8d6edc2af86b18d750161794f96fa
SHA256 424e34f016fd842b0ad16b6da29c9d8b33c12d254b1cff7de422614d25e2b137
SHA512 45bb38d80e5b1323f6796fdaf93390441b6504889be03684d100afe92f351fdc47f511e2fcdace6345b9851f569b021d2961d026ef5202eeb873ece0de700fd2

C:\Users\Admin\Downloads\KFlauncher\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

memory/1988-912-0x0000000000F90000-0x0000000001436000-memory.dmp

memory/1988-913-0x0000000005EF0000-0x0000000005F8C000-memory.dmp

memory/1988-914-0x00000000071C0000-0x000000000751A000-memory.dmp

memory/1988-915-0x0000000007520000-0x00000000076B2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

MD5 544cd51a596619b78e9b54b70088307d
SHA1 4769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256 dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
SHA512 f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719

memory/1988-921-0x0000000005D90000-0x0000000005DA0000-memory.dmp

memory/7204-922-0x0000000000400000-0x0000000000455000-memory.dmp

memory/7204-924-0x0000000000400000-0x0000000000455000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\KFlauncher.exe.log

MD5 8334a471a4b492ece225b471b8ad2fc8
SHA1 1cb24640f32d23e8f7800bd0511b7b9c3011d992
SHA256 5612afe347d8549cc95a0c710602bcc7d7b224361b613c0a6ba362092300c169
SHA512 56ae2e83355c331b00d782797f5664c2f373eac240e811aab978732503ae05eb20b08730d2427ed90efa5a706d71b42b57153596a45a6b5592e3dd9128b81c36