Analysis Overview
Threat Level: Likely malicious
The file https://cdn-149.anonfiles.com/1cGdF404z5/29fac58e-1688694036/CheatoSpoofer+%281%29.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Obfuscated with Agile.Net obfuscator
Modifies registry class
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-07-07 01:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-07 01:32
Reported
2023-07-07 01:34
Platform
win10v2004-20230703-en
Max time kernel
31s
Max time network
121s
Command Line
Signatures
Downloads MZ/PE file
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\CheatoSpoofer (1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://cdn-149.anonfiles.com/1cGdF404z5/29fac58e-1688694036/CheatoSpoofer+%281%29.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://cdn-149.anonfiles.com/1cGdF404z5/29fac58e-1688694036/CheatoSpoofer+%281%29.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.0.1153886493\262154526" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {217cdb80-25f9-4c37-96fc-355ba446a8e4} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 1900 2aa7e1f4558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.1.2023154776\617311605" -parentBuildID 20221007134813 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a41f6a0a-e23e-467b-9bbf-63e2cc97e0a1} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 2324 2aa7dfef858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.2.651907342\1235248079" -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8890e3a8-39fd-4d41-9136-9e99d70d4ffe} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 3208 2aa0515b258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.3.1305506267\1852570394" -childID 2 -isForBrowser -prefsHandle 3736 -prefMapHandle 3732 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a85d04ab-d598-41ab-8927-0b1ef7319a9c} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 3744 2aa74062b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.5.645304820\1776970994" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 5084 -prefsLen 26792 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fbe81d9-5dfc-4a6e-9977-854082062f38} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 5112 2aa07cfa458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.6.1714641526\1000667650" -childID 5 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 26792 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90e350b9-87af-4a1e-950b-8c948a8015f1} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 5392 2aa07cfc858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2148.4.139759688\1050545560" -childID 3 -isForBrowser -prefsHandle 4988 -prefMapHandle 4944 -prefsLen 26792 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {220cfade-72b4-4320-804f-53ccc1781a30} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" 4984 2aa06fce658 tab
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
"C:\Users\Admin\Downloads\CheatoSpoofer (1).exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
"C:\Users\Admin\Downloads\CheatoSpoofer (1).exe"
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
"C:\Users\Admin\Downloads\CheatoSpoofer (1).exe"
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
"C:\Users\Admin\Downloads\CheatoSpoofer (1).exe"
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
"C:\Users\Admin\Downloads\CheatoSpoofer (1).exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:60456 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | cdn-149.anonfiles.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| SE | 195.96.151.42:443 | cdn-149.anonfiles.com | tcp |
| US | 44.232.91.10:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | cdn-149.anonfiles.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | cdn-149.anonfiles.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 42.151.96.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.91.232.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:60462 | tcp | |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 95.101.143.105:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.chea.to | udp |
| US | 104.26.8.75:443 | sentry.chea.to | tcp |
| US | 8.8.8.8:53 | 75.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dev.virtualearth.net | udp |
| IE | 52.156.193.145:443 | dev.virtualearth.net | tcp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| NL | 142.251.36.42:443 | maps.googleapis.com | tcp |
| US | 8.8.8.8:53 | 145.193.156.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| US | 104.26.8.75:443 | sentry.chea.to | tcp |
| US | 8.8.8.8:53 | dev.virtualearth.net | udp |
| IE | 52.156.193.145:443 | dev.virtualearth.net | tcp |
| NL | 142.251.36.42:443 | maps.googleapis.com | tcp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 31b7c3fb6361d88e435e376adda1817a |
| SHA1 | 556ce5c0743c217b419b07991fb548b4e954fda6 |
| SHA256 | 08643c35769145def3d9103fb2353006a219eaa38b5645e486afd75ba276add2 |
| SHA512 | 41b707819a4c70bdab8ccd44923307db6c009dc050f45334171af119ed69d757cb0df0290dec78bb116e9e7827ae111b25d3a43429a19f7975ce163377b51fe5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5873cb1a1ce86b2417b6bc3fa82f9ee7 |
| SHA1 | 7a65a2c8e866deba6434685b330e9c569d7eea62 |
| SHA256 | 560cad195cffbb88fb19fdc7f40568eb6e7399400247c7822b6b939eec0332b5 |
| SHA512 | a287bbae6167daab2698a0d0791eca92e8b289ec6ef95f7c2d6dae7565a179db8b8ad4fd0f1ad29eebc79910e8658aeea1e1bc1ba0b8339a2c24c567a6c83ca9 |
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
| MD5 | 7a8f3ff6b456e153499088a103d51145 |
| SHA1 | 30f1fc37c25cd368594c0b8c9e416b3c5ed31d6f |
| SHA256 | 93d8134fa11201cecedac89d6c6af96afa83783aebf347ea3f6aefc925df8ceb |
| SHA512 | e295568d314d88355ca1d681602ea00ac3419d3f583e6773eae74d6fd1eaa16789b01af8e35d4af9941ff57055d688d153bf9b2c14ffb8961c5359f2a11e31f0 |
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
| MD5 | 7a8f3ff6b456e153499088a103d51145 |
| SHA1 | 30f1fc37c25cd368594c0b8c9e416b3c5ed31d6f |
| SHA256 | 93d8134fa11201cecedac89d6c6af96afa83783aebf347ea3f6aefc925df8ceb |
| SHA512 | e295568d314d88355ca1d681602ea00ac3419d3f583e6773eae74d6fd1eaa16789b01af8e35d4af9941ff57055d688d153bf9b2c14ffb8961c5359f2a11e31f0 |
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
| MD5 | 7a8f3ff6b456e153499088a103d51145 |
| SHA1 | 30f1fc37c25cd368594c0b8c9e416b3c5ed31d6f |
| SHA256 | 93d8134fa11201cecedac89d6c6af96afa83783aebf347ea3f6aefc925df8ceb |
| SHA512 | e295568d314d88355ca1d681602ea00ac3419d3f583e6773eae74d6fd1eaa16789b01af8e35d4af9941ff57055d688d153bf9b2c14ffb8961c5359f2a11e31f0 |
memory/1936-224-0x00007FF430310000-0x00007FF4306E1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs-1.js
| MD5 | 55569f0b3622a2080c20c49aca1c4b50 |
| SHA1 | f7e5d8361a4903bde0cb98299a8e83eee1d6c2a1 |
| SHA256 | e62fbab5e0ff02b0e881bfd57edfa76ec58fab8593dcec81b78a66e633adeeab |
| SHA512 | ba49428ffbc582092296bbff9ac426e1460bd5a1d1f3472c99c470faecf6c1acd6299383759c0df5b5d9bc49ab9afe057884370049f0b1efb5beb29cd277a7a6 |
memory/1936-234-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/1936-235-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/1936-236-0x00007FFC48A20000-0x00007FFC48A30000-memory.dmp
memory/1936-237-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/1936-238-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/1936-239-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/1936-240-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/1936-241-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/1936-242-0x00007FF430310000-0x00007FF4306E1000-memory.dmp
memory/1936-243-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp
memory/1936-244-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp
memory/1936-245-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp
memory/1936-246-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\5B2255609A942D3203015BC01089042A\64\user64.dll
| MD5 | c204468635ab30602dea443c445e1821 |
| SHA1 | c1fa917a4604f956ef15bb53655d368c6b19d042 |
| SHA256 | 7bdc755921404ec6bca532790460523873c3169091020f117ad3ee79d395b6f7 |
| SHA512 | d1558e916f31f19ab5a86f3b07aab951cb0fa2df14d5ec4f8f704b146a6e2b117c108bc68afce17859a2c81048cabb1b0510b0c43b45839dc4d82d3aea61dc5b |
memory/1936-252-0x000002CFBB090000-0x000002CFBB098000-memory.dmp
memory/1936-253-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp
memory/1936-255-0x000002CFD3DB0000-0x000002CFD3DB8000-memory.dmp
memory/1936-256-0x000002CFD3F00000-0x000002CFD3F1A000-memory.dmp
memory/1936-257-0x000002CFD3F50000-0x000002CFD3F72000-memory.dmp
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
| MD5 | 7a8f3ff6b456e153499088a103d51145 |
| SHA1 | 30f1fc37c25cd368594c0b8c9e416b3c5ed31d6f |
| SHA256 | 93d8134fa11201cecedac89d6c6af96afa83783aebf347ea3f6aefc925df8ceb |
| SHA512 | e295568d314d88355ca1d681602ea00ac3419d3f583e6773eae74d6fd1eaa16789b01af8e35d4af9941ff57055d688d153bf9b2c14ffb8961c5359f2a11e31f0 |
memory/1936-258-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/4784-260-0x00007FF4E63D0000-0x00007FF4E67A1000-memory.dmp
memory/1936-261-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp
memory/4784-262-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/4784-263-0x00007FF4E63D0000-0x00007FF4E67A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qr3zx4hz.5eu.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
| MD5 | 7a8f3ff6b456e153499088a103d51145 |
| SHA1 | 30f1fc37c25cd368594c0b8c9e416b3c5ed31d6f |
| SHA256 | 93d8134fa11201cecedac89d6c6af96afa83783aebf347ea3f6aefc925df8ceb |
| SHA512 | e295568d314d88355ca1d681602ea00ac3419d3f583e6773eae74d6fd1eaa16789b01af8e35d4af9941ff57055d688d153bf9b2c14ffb8961c5359f2a11e31f0 |
memory/1936-279-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp
memory/1936-278-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp
memory/1936-280-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp
memory/1936-281-0x000002CFBA060000-0x000002CFBA07A000-memory.dmp
memory/1936-282-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp
memory/4076-283-0x00007FF4BB290000-0x00007FF4BB661000-memory.dmp
memory/4076-288-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/4076-298-0x00007FF4BB290000-0x00007FF4BB661000-memory.dmp
memory/1936-295-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/1936-300-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp
memory/1936-299-0x000002CFD4B10000-0x000002CFD4C25000-memory.dmp
memory/1936-302-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp
memory/1936-303-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp
memory/1936-304-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp
memory/1936-305-0x000002CFD3C60000-0x000002CFD3C70000-memory.dmp
memory/1936-306-0x000002CFD7CD0000-0x000002CFD7DD0000-memory.dmp
memory/1936-307-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/1936-308-0x000002CFD4B10000-0x000002CFD4C25000-memory.dmp
memory/1936-309-0x000002CFD82F0000-0x000002CFD82F1000-memory.dmp
memory/1936-310-0x000002CFD7CD0000-0x000002CFD7DD0000-memory.dmp
memory/1936-312-0x000002CFD4B10000-0x000002CFD4C25000-memory.dmp
memory/1936-311-0x0000000000020000-0x0000000004AB8000-memory.dmp
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
| MD5 | 0692448466594d10f84490009e73a706 |
| SHA1 | 6bfe4505000415101d0b18493e838a5d49c71c12 |
| SHA256 | a798a83c8ae0be8ab97bf0d8b2506e601e097e0000da7d0c5ef2a37fbeeb3f59 |
| SHA512 | 71b30e432db9a3ce23c9dc271612f3a4c7ea979da2ea33590eb14e5ce4c3aa33d12950b53ea0f3a4bbe4e88b7001ca2c89fb4834f7b77899e37c2dddec2a92e6 |
memory/3192-315-0x00007FF4E7DB0000-0x00007FF4E8181000-memory.dmp
C:\Users\Admin\Downloads\CheatoSpoofer (1).exe
| MD5 | 5bc93051f48078c9907df4b93acaf02b |
| SHA1 | e27737a3f96c400d7f36eeb6fa4a6a4db5d7d1ca |
| SHA256 | 300d54dd518702822828f3b026c24cf02d5c40ba7901288737f38a4b1f434701 |
| SHA512 | 7950900af78ba782ad7319e8c9e1129c9d7009b051386bdbdd52e7d506cf15a8d886102383321376ea2d9100ccad7f52040e163e292a1577a4bb7915ca48feea |
memory/4040-317-0x00007FF46BD90000-0x00007FF46C161000-memory.dmp
memory/3192-318-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/3192-319-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/4040-321-0x00007FF46BD90000-0x00007FF46C161000-memory.dmp
memory/4040-320-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/3192-322-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/3192-323-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/3192-324-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/3192-325-0x00007FF4E7DB0000-0x00007FF4E8181000-memory.dmp
memory/3192-326-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/3192-328-0x0000000000020000-0x0000000004AB8000-memory.dmp
memory/3192-330-0x00000234EDE30000-0x00000234EDE4A000-memory.dmp
memory/3192-331-0x00000234EDE30000-0x00000234EDE4A000-memory.dmp
memory/3192-332-0x00000234EDE30000-0x00000234EDE4A000-memory.dmp
memory/3192-329-0x00000234EFAB0000-0x00000234EFAC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\5B2255609A942D3203015BC01089042A\64\user64.dll
| MD5 | c204468635ab30602dea443c445e1821 |
| SHA1 | c1fa917a4604f956ef15bb53655d368c6b19d042 |
| SHA256 | 7bdc755921404ec6bca532790460523873c3169091020f117ad3ee79d395b6f7 |
| SHA512 | d1558e916f31f19ab5a86f3b07aab951cb0fa2df14d5ec4f8f704b146a6e2b117c108bc68afce17859a2c81048cabb1b0510b0c43b45839dc4d82d3aea61dc5b |
C:\Users\Admin\AppData\Local\Temp\Costura\5B2255609A942D3203015BC01089042A\64\user64.dll
| MD5 | c204468635ab30602dea443c445e1821 |
| SHA1 | c1fa917a4604f956ef15bb53655d368c6b19d042 |
| SHA256 | 7bdc755921404ec6bca532790460523873c3169091020f117ad3ee79d395b6f7 |
| SHA512 | d1558e916f31f19ab5a86f3b07aab951cb0fa2df14d5ec4f8f704b146a6e2b117c108bc68afce17859a2c81048cabb1b0510b0c43b45839dc4d82d3aea61dc5b |
C:\Users\Admin\AppData\Local\Sentry\9588CF3ABD7EF58A0A76612B90AB4AC3D3B45E66\.installation
| MD5 | 29845d59cd3662e6c326388537faa1b6 |
| SHA1 | 8de70e64a6d92e675ac02fc2b1821bd8b0bee293 |
| SHA256 | f9fdd4b9d2cd039da33f86197714c8367fb7c3ed8c4703bd54d9249d45cf0cfb |
| SHA512 | a9ba7076a906f8d4a9d90b6ba0c45e58f63f4834dbccc023a0b31a46a99c5551a857e8c1fd95dcf0c3c2c6147cd596083f782eb71b5abc49c645546e8bb98d33 |
memory/3192-336-0x00000234EFAB0000-0x00000234EFAC0000-memory.dmp