Analysis
-
max time kernel
149s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 04:27
Static task
static1
Behavioral task
behavioral1
Sample
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe
Resource
win10v2004-20220414-en
General
-
Target
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe
-
Size
4.5MB
-
MD5
6b9ca8364ec6156c290efee44fcdc00b
-
SHA1
e6423b1275e1e7d05235349acde61d0792497e3d
-
SHA256
35eac12914408c58b4985e3db398c6942546a3495bff5e20230736fee684e1a0
-
SHA512
db9e17b3c6a422a215bec89ce2ce0e3d8e4dae2417837cd232a7f48ef98ae0f68690fd0c398e56cbaa01dfaf2e994ce8b5eabcfa0f05b53878295ae78fb2e189
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exeDead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exepid process 1632 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe -
Loads dropped DLL 3 IoCs
Processes:
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exeDead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exeDead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exepid process 1808 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1632 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe -
Drops file in System32 directory 53 IoCs
Processes:
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exedescription ioc process File opened for modification C:\Windows\system32\msvcrt.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\wininet.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\shfolder.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\ole32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\imagehlp.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\CLBCatQ.DLL Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\propsys.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\RPCRT4.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\CFGMGR32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\MSCTF.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\opengl32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\GDI32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\DDRAW.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\SHLWAPI.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\DEVOBJ.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\NSI.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\winmm.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\kernel32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\oleaut32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\uxtheme.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\msimg32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\explorerframe.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\shell32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\normaliz.DLL Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\DUser.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\SYSTEM32\ntdll.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\hhctrl.ocx Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\imm32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\SETUPAPI.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\USP10.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\version.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\KERNELBASE.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\iertutil.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\comdlg32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\ws2_32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\advapi32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\psapi.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\DUI70.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\profapi.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\dwmapi.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\Dbghelp.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\SYSTEM32\sechost.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\LPK.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\DCIMAN32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\CRYPTBASE.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\USER32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\wsock32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe File opened for modification C:\Windows\system32\GLU32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe -
Drops file in Windows directory 1 IoCs
Processes:
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exedescription ioc process File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exepid process 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe -
Suspicious use of AdjustPrivilegeToken 16 IoCs
Processes:
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exedescription pid process Token: SeDebugPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeTcbPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeTcbPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeLoadDriverPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeCreateGlobalPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeLockMemoryPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: 33 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeSecurityPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeTakeOwnershipPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeManageVolumePrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeBackupPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeCreatePagefilePrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeShutdownPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeRestorePrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: 33 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Token: SeIncBasePriorityPrivilege 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exepid process 1948 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exeDead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exedescription pid process target process PID 1808 wrote to memory of 1632 1808 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe PID 1808 wrote to memory of 1632 1808 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe PID 1808 wrote to memory of 1632 1808 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe PID 1808 wrote to memory of 1632 1808 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe PID 1632 wrote to memory of 1948 1632 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe PID 1632 wrote to memory of 1948 1632 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe PID 1632 wrote to memory of 1948 1632 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe PID 1632 wrote to memory of 1948 1632 Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe"C:\Users\Admin\AppData\Local\Temp\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe"C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe" -ORIGIN:"C:\Users\Admin\AppData\Local\Temp\"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\extracted\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe"C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\extracted\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exe" "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\Users\Admin\AppData\Local\Temp\"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\CET_Archive.datFilesize
4.1MB
MD5142554e17d391eea418a6bdc30dde100
SHA16b0e905a9be00d4d21f448d36c64e6f44df895f9
SHA256438a2af264a67044d746fa3816af78474bf99e6a7e8577951524c6ef6f1447b3
SHA512c2b7cfe36e886ac7cdd80ac671bab286ec2c2ac328ab870129b44d19dd990213325c8cb0d569bcf215f313d68a503fffbc6007cad467d1522c4b71ddd5f77163
-
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exeFilesize
193KB
MD56852660b8cbb67ee3f1e31bf2f1e0afd
SHA1c1b790e062f3a13d3e2f90c58e92ded585abbe3b
SHA256cd86234cf14dfc0e66ae9e575326fd0cf74723a5a60337f7079c0540b6da5c8b
SHA5125722ebf6bef799721464094c6d6a81931bf8f78bdd1fbe12b153cf7b0e4e9e7307fa7a01e0cc16ce885c20c3a0a3cc95d6a7d86413f0c61cca3450fa565dd6a8
-
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\extracted\CET_TRAINER.CETRAINERFilesize
538KB
MD5ce32dae729492ab457da98b554d1a667
SHA1f9ae4453c57f15cf1a4180b8e26c3158de50583a
SHA25664000a034968bdf5b9432a53a339ee4b8113a510c943e8a1e9bedaf5b6f69fe1
SHA51285911f1378d32e7eb7bba9fe5913664c8ddef34cef66b1496b60f5f4001f1a7a6d8a1ea22a28195195310b04b04d569b77a3e58493e39ca0cc51d11c7e5c187a
-
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\extracted\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exeFilesize
10.4MB
MD545996e41a50873d5dd6d37901ca3d4c5
SHA1c851ee71e40ba498d76fb4a94ea514c7889a00ff
SHA256a2558b4f3bb16ecc13fe69a697b24d72ee2e893f8b692c09e9b38720ddef7301
SHA512f2fd316593fb08ae22ea1b2c5ca4a8ad58034bb41e613363c8c2cb318a551f858ec9502c45f7f30398bef5e9fcdf48a3b90982dce5c22c0f71cf80b7ccc36ad5
-
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\extracted\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exeFilesize
10.4MB
MD545996e41a50873d5dd6d37901ca3d4c5
SHA1c851ee71e40ba498d76fb4a94ea514c7889a00ff
SHA256a2558b4f3bb16ecc13fe69a697b24d72ee2e893f8b692c09e9b38720ddef7301
SHA512f2fd316593fb08ae22ea1b2c5ca4a8ad58034bb41e613363c8c2cb318a551f858ec9502c45f7f30398bef5e9fcdf48a3b90982dce5c22c0f71cf80b7ccc36ad5
-
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\extracted\defines.luaFilesize
5KB
MD51dc41a0a351e745085fcc98a3933d91f
SHA1bf1e7d333e6d7b3d4bfe5cdcada19af1931dbe15
SHA256a2e02dd32f0245ff31190288b368b3efbbe7c48a95dd22c321231c2f46597d9b
SHA51276f171411d028e72613859332f381f8f26e85d1844c143a8888e4937ca72d7b38ffe66ce617eee5e8155ba034dcc559a9417b5def056bb74227b9bae392d1440
-
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\extracted\lua53-64.dllFilesize
500KB
MD5476cbd8e116ef838a0b161100ff744be
SHA172a6b00754ff4a1a6f2bbb75fbce9d2fdd475e81
SHA256c33f2e8ba61e5517b2598d7920b672326ff117ed5a5bdcddc125c6a5a328886e
SHA512b12dee6fdc493bdc7e65d446433d942802c79564f6a1f56a1c1a7e2e3f76d270af9e3d162d368fa82d314a37d98fef1569bf90f275b0e059ca0eca49c56086d8
-
\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exeFilesize
193KB
MD56852660b8cbb67ee3f1e31bf2f1e0afd
SHA1c1b790e062f3a13d3e2f90c58e92ded585abbe3b
SHA256cd86234cf14dfc0e66ae9e575326fd0cf74723a5a60337f7079c0540b6da5c8b
SHA5125722ebf6bef799721464094c6d6a81931bf8f78bdd1fbe12b153cf7b0e4e9e7307fa7a01e0cc16ce885c20c3a0a3cc95d6a7d86413f0c61cca3450fa565dd6a8
-
\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\extracted\Dead Rising 4 V3.0.1.2 Trainer +10 MrAntiFun.exeFilesize
10.4MB
MD545996e41a50873d5dd6d37901ca3d4c5
SHA1c851ee71e40ba498d76fb4a94ea514c7889a00ff
SHA256a2558b4f3bb16ecc13fe69a697b24d72ee2e893f8b692c09e9b38720ddef7301
SHA512f2fd316593fb08ae22ea1b2c5ca4a8ad58034bb41e613363c8c2cb318a551f858ec9502c45f7f30398bef5e9fcdf48a3b90982dce5c22c0f71cf80b7ccc36ad5
-
\Users\Admin\AppData\Local\Temp\cetrainers\CET407.tmp\extracted\lua53-64.dllFilesize
500KB
MD5476cbd8e116ef838a0b161100ff744be
SHA172a6b00754ff4a1a6f2bbb75fbce9d2fdd475e81
SHA256c33f2e8ba61e5517b2598d7920b672326ff117ed5a5bdcddc125c6a5a328886e
SHA512b12dee6fdc493bdc7e65d446433d942802c79564f6a1f56a1c1a7e2e3f76d270af9e3d162d368fa82d314a37d98fef1569bf90f275b0e059ca0eca49c56086d8
-
memory/1632-55-0x0000000000000000-mapping.dmp
-
memory/1948-61-0x000007FEFB671000-0x000007FEFB673000-memory.dmpFilesize
8KB
-
memory/1948-59-0x0000000000000000-mapping.dmp