784b79f853fff5a87d72b98765f952334403d18a9c2322fdb4ab1eb5665f50cf

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Size

4.0MB
MD5

d408e8a8056bdcf9e1d569cd211f6efc
SHA1

99fd4ff079ed73573848492504cb5712f2067040
SHA256

587e14af969e26467c73d7b4e74bb02e39e4750127a56601cdbf9060d3728b9a
SHA512

d6100d61f788e2d94560c6ca7931d4bf919c20ed6de1ea4140cbfe1d444004fa64f71cbcd502b44398d157f0120f578ce653834ea04555d4c549cb07f68bcd21
SSDEEP

98304:+vEFsNsvGS7+3PCbPROeIZ0Ap0mYZBsv8NGfhIB7oWlmfWQ6RTbG5/AEcoUfS:O4sWvGBPCbPUTavNGfhIZbm+m5jct

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exeFarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

pid process

3400 FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884 FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Loads dropped DLL 2 IoCs

Processes:

FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

pid process

4884 FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884 FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

pid	process
3400	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

Drops file in System32 directory 44 IoCs

Processes:

FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\combase.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\ws2_32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\bcryptPrimitives.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\windows.storage.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\MSCTF.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\Wldp.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\advapi32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\hhctrl.ocx	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\wsock32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\kernel.appcore.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\shfolder.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\SHLWAPI.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\imagehlp.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\ole32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\KERNEL32.DLL	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\KERNELBASE.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\GDI32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\USER32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\gdi32full.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\profapi.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\psapi.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\TextShaping.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\sechost.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\comdlg32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\win32u.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\uxtheme.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\explorerframe.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\apphelp.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\oleaut32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\version.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\winmm.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\ntdll.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\SHELL32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\GLU32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\clbcatq.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\PROPSYS.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\ucrtbase.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\shcore.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\msimg32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\msvcrt.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\RPCRT4.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\msvcp_win.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\imm32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
File opened for modification	C:\Windows\SysWOW64\opengl32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

Drops file in Windows directory 1 IoCs

Processes:

FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

description	ioc	process
File opened for modification	C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
2216	msedge.exe
2216	msedge.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
2276	msedge.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
2276	msedge.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
1272	identity_helper.exe
1272	identity_helper.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2276 msedge.exe
2276 msedge.exe
2276 msedge.exe
2276 msedge.exe
2276 msedge.exe
2276 msedge.exe
2276 msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes:

FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

description	pid	process
Token: SeDebugPrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: SeLoadDriverPrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: SeCreateGlobalPrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: 33	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: SeSecurityPrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: SeTakeOwnershipPrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: SeManageVolumePrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: SeBackupPrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: SeCreatePagefilePrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: SeShutdownPrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: SeRestorePrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: 33	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
Token: SeIncBasePriorityPrivilege	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exemsedge.exe

pid	process
4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exeFarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exeFarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.execmd.exemsedge.exe

description	pid	process	target process
PID 3592 wrote to memory of 3400	3592	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
PID 3592 wrote to memory of 3400	3592	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
PID 3592 wrote to memory of 3400	3592	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
PID 3400 wrote to memory of 4884	3400	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
PID 3400 wrote to memory of 4884	3400	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
PID 3400 wrote to memory of 4884	3400	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
PID 4884 wrote to memory of 3608	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe	cmd.exe
PID 4884 wrote to memory of 3608	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe	cmd.exe
PID 4884 wrote to memory of 3608	4884	FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe	cmd.exe
PID 3608 wrote to memory of 2276	3608	cmd.exe	msedge.exe
PID 3608 wrote to memory of 2276	3608	cmd.exe	msedge.exe
PID 2276 wrote to memory of 4772	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 4772	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1352	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 2216	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 2216	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1584	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1584	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1584	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1584	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1584	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1584	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1584	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1584	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 1584	2276	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
"C:\Users\Admin\AppData\Local\Temp\FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
  "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe" -ORIGIN:"C:\Users\Admin\AppData\Local\Temp\"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3400
- - C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\extracted\FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe
    "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\extracted\FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe" "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\Users\Admin\AppData\Local\Temp\"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4884
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c start http://mrantifun.net
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mrantifun.net/
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2276
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8863646f8,0x7ff886364708,0x7ff886364718
        6⤵
        
        PID:4772
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        6⤵
        
        PID:1352
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2216
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
        6⤵
        
        PID:1584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
        6⤵
        
        PID:5012
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        6⤵
        
        PID:3872
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
        6⤵
        
        PID:1044
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
        6⤵
        
        PID:1548
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1272
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
        6⤵
        
        PID:3672
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
        6⤵
        
        PID:5068
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
        6⤵
        
        PID:5224
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
        6⤵
        
        PID:5232
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10239755447635234398,3878103502866045829,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
        6⤵
        
        PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
3495af2ff56d95eff63723549fdfdf54

SHA1
f0710edec5f7a387552ed3df71ddf5727f5c6939

SHA256
b1f65524ed8b5d9e248af5d99336da54e8299f9bbfe75792a65599901fab56a9

SHA512
ea43a7743bc344658089141344647e79cfb5f62114e0bb7d79a7169feee9e8c3a9de40e048fdd7fa1cde46282753215645ca7b28e52cf2d1e95f5269f76bbe9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
668B

MD5
74c1defb62b28694d70d0599308d3e88

SHA1
1a1a372ab1b78ecb84d7c100f5690fb21763390a

SHA256
132fae606695c27b67205243168d2c955ef42d961f038eecd47a2ee49d5b97c5

SHA512
4321e3213fc48a027719e743a0eb23d8992307b234cfd9ed130518895ab3563b409c64a08e80fa1c4570184adfb923aeaf8a5b15c67fa0a0499f258d946d2c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e03a86f7cd9deec0d046008ed380e96

SHA1
9fd37b5f53720254f541bb7fc0a2c9e3580426af

SHA256
28aca9ecced6c1612c1880ac1f603e1b2a56d90ba08bb5da5aa2e8dbd49868b6

SHA512
37fdbe28ca795fb93664e41f4a102b0a9cf428814791b977149fb5c2341f884a51762f04e6412d5c9b6a86a2221c170c6e680df87962809598990e0c99c5292a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f6fdb18888729fc925d5483421b5e797

SHA1
047e239a126b7fa6d9a828d5273d37dd68644fc0

SHA256
f669a14fe6549d5548aca5f7f9bd810262eb341d6752cb8aee82933b8af0f117

SHA512
475ef4a387b7755485dc62d89e2fcd63141788c1a243c7082bd9810be204e8e41e802200716e8bf83c772daf51544906a061a9590d59dcfea51e0c89506b46b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a3d7833f108992ee05ac47ddc9f1b240200bcf4a\fee831bf-5a83-43a3-902c-fa3ce02bfe52\index-dir\the-real-index

Filesize
72B

MD5
d52c96642eb9052977fc2eeceb9ab930

SHA1
1e3e6a2ebe68f3c6df74f2f19da9afb798bc9d7f

SHA256
344fcc0e375de5105be658c30245daa9c2cbd7468bef4fd35a99c4e1688eb11f

SHA512
8e1df20f8299318a11e13d3d24b7ece6c237b9fa2f7cbe297191152f5172e0e5ed418d89dd4c6b2d93d985ef79244ce762621f3d0dda02241dc08bc0942c9ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a3d7833f108992ee05ac47ddc9f1b240200bcf4a\fee831bf-5a83-43a3-902c-fa3ce02bfe52\index-dir\the-real-index~RFe578f6f.TMP

Filesize
48B

MD5
136484a3a729d68c3a02960fd3b7fa2b

SHA1
5b0d31bb47bf47ad3360ca50c75e77693291a58a

SHA256
7383ec86c1bd42288acebbecaa2195a3c45a0645fd1d5f74e8157904c61d4119

SHA512
209407312a06bb287e2d23bdff63acdc939489272d3c1f49f76f8c5c466b30d0d0cf29388744c669b4324d0984e3ae6e28abd91d6e1a66c1591f786aa2d7ccf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a3d7833f108992ee05ac47ddc9f1b240200bcf4a\index.txt

Filesize
89B

MD5
6c85bb393f60884d27c4767af61baad0

SHA1
96dc936eaf3028c36fa68e32cb4c413af5e9ce20

SHA256
7ed914efc294613de8c31184ee7aec5ab4640b0c2c01175a4fca7f0d43a54b56

SHA512
85a0fe8b86b95174c3be71fc6266fb22917e409dc73207e3a7eb962b6ad0ceb171c204db9d1579245c8c9899ad02654f3c19677267ac4b244f3d7e807b4f7192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a3d7833f108992ee05ac47ddc9f1b240200bcf4a\index.txt

Filesize
83B

MD5
72453519ff510511eb5351fb58dbca73

SHA1
99764d334f6fa7f1492d9320287fc182e0b46fee

SHA256
1aff5746ce4d3099c5eb08b2381834d0b634e0b164fc11d2f85ffda81a677d5b

SHA512
4598505ed849b5e65854feec5ab1651d8bb646ed4aca63f0159e512df96cc1113239d1ff12257e2e33ae3a4d2f83a0fcd3080f49c2d3267689461f78cb9717d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
059e815062731e10054c78e0646a4ed2

SHA1
67329509fdecdae3758a84164a7d4e26d85338f8

SHA256
70507d805db0d2deda471a5be929838b6d63151c7dcbd92ce466c1f8d4438fe5

SHA512
80b7a6f96e8aac02c8401aae1413d09469ee9438d46367cc24c1bb28925fc818a5a7b217152547135003c5888fd23b2debec09932ba20470b67685a2f8e2a31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578e26.TMP

Filesize
48B

MD5
05d9d707d873dcbe66b7afb350c570aa

SHA1
d37e732f563f10805f86ea85c2be27fec1e8e48c

SHA256
db5c5f01bee26d8100699ad0617ddb41a3c152bd2b15c2a055e2f63155db37cb

SHA512
259409f37581d74e9f367a92a99a4036e03e3b5807a28d8fe7e38c95bd443673ed9e4c080eb139308ac0c1dc8169472b0bf3186b710a174c99d4402afa9250e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8b278b528b15a45a72565e2020cebaf8

SHA1
b141a40b013869c04a39b810f74cd22842d4c322

SHA256
7ba5ebf5a5d447750542dc1407dcbe71991d7fdeb4b7f0f2be6aa5e68ebf4022

SHA512
7b47b9745d4fed82c4d176e1792989ec2e314e8d98f8694510b451c2f0e0bc64d8242b315ac637f1fba548b0e3190253c58553a818f8d6179f242057247f1c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\CET_Archive.dat

Filesize
3.8MB

MD5
18c8cd69b4864a5a1cfbd2a821ec497b

SHA1
6e922bda9a311c9abef40af9623da948ad490572

SHA256
e0c0e073a7db8150b29046e414d6424ddbe834d130bcf56ff6a82e4f4b86e81f

SHA512
b0dfb1b2114baf6eb079c7075b28086f4397557f4d7bf1b71e869b00a9e0f27c8ae0d0be8d05c17eed8bbe6681fee3f7574def618290844d9f4f79f77bbc745a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

Filesize
196KB

MD5
808de473370ef6b5d98ab752f245a3ca

SHA1
800bd4ad10c17471829693fac3cee4502b14f029

SHA256
65cbed2e8db313b8966638e40eb27f94156c294eb060b28a02c130d146518c39

SHA512
fafaff03ad502523b3627e59e1026b8af4217a80215782a90667bc4f4c330871d8c3d890f2601b68ec9a42c0171d12b9e5b87067c95dcad1132b0a8979c56a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\extracted\CET_TRAINER.CETRAINER

Filesize
221KB

MD5
bdfae0c7601c5fe3b1fefbb2c485c02d

SHA1
ee532f617c1d29cc2dc0ce26f6e1f7077d54b61c

SHA256
5b2508a471842b8e88dcaf0844889565075b3eaad7b8646eb07a3b8eec43011c

SHA512
9e4877dd3bff34c894f0843f1f491c295c2710617b0557ddaf8d6863d512c3af6fbf43035d3658dc248b82295ce2c59d2d365937004e5837a4e144aa7006609d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\extracted\FarCry 3 V1.05 DX11 Trainer +10 MrAntiFun.exe

Filesize
7.4MB

MD5
7be0f90c526a7dcbe40c2b6d5db884cc

SHA1
afaf6106f912f9ca8703fe8be2114c1d47121fdb

SHA256
c53cd508cdf0c218876e6ff23ffa496d51bd7a231e5a64f86ca3af46b0402fbb

SHA512
698011935a3e5a83dd69689c48b0414e85625d4b1e502517854d435e3af81e84aca1112232a0943c123e7a81d0d141781ce30612f64ec90ffc7d93c75d6f93e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\extracted\defines.lua

Filesize
5KB

MD5
d8f9b4a10a48ebd8936255f6215c8a43

SHA1
7d8ff0012fa9d9dcf189c6df963f1c627f2ccb76

SHA256
d4347332b232622283e7dd3781f64966bd1097d06cca7052b467cf99e62898f2

SHA512
67db5dc65fef66fe3a1920c5f406091d17eeae27266039af392a166d63686b8fc61b94684f2b97762995aefa42d2d15148213ecef64cc0df04de19320abba97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\extracted\lua5.1-32.dll

Filesize
329KB

MD5
2730ff589ae86ef10d94952769f9404f

SHA1
8010834297a6aa488e6bf90eceaaf9e60bb60c6e

SHA256
faf0850051ba175347e40481da9e2cc3a122a09d428925042932be555db06e6b

SHA512
5fb35eb364603568b67ce0d19371016a382bc62500de807a12492ceacd5d2b765e0908e2e7e9798446b6c005c0e48c0da74c1a0f9d55c49a8ef4eb3c3d1307e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3047.tmp\extracted\win32\dbghelp.dll

Filesize
1.2MB

MD5
9139604740814e53298a5e8428ba29d7

SHA1
c7bf8947e9276a311c4807ea4a57b504f95703c9

SHA256
150782fca5e188762a41603e2d5c7aad6b6419926bcadf350ebf84328e50948f

SHA512
0b99259e9c0ee566d55cc53c4a7eabf025ed95973edc80ded594023a33f8273cd5d3f3053993f771f9db8a9d234e988cba73845c19ddc6e629e15a243c54cd5d

Download Submit
\??\pipe\LOCAL\crashpad_2276_NGYTMXSLHFFBSFTL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4884-161-0x00000000084D0000-0x00000000084D1000-memory.dmp

Filesize
4KB

Download
memory/4884-20-0x00000000084D0000-0x00000000084D1000-memory.dmp

Filesize
4KB

Download