6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3

Analysis

max time kernel
149s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
23/09/2023, 05:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

CheatEngine74.exe
Size

3.2MB
MD5

32e0a8e898a4aef3abe2c5c26d2570fb
SHA1

0c56076f2d4d905a08dc2e8c85a6fd4d184a0846
SHA256

6d0e14d66da69c163f824f8fa7d87de3eea41cdbd48c0973de296cf6d2d0fed3
SHA512

1cec6e1dd8eaea6bfc00c48403d3263db6a54d4012b87666da5ac2f83748ef9102ed97c026e185d3c8cc0342c8feafd0a27442dfc19d6d37b69a9d91168ab97d
SSDEEP

98304:kSiH4opH4opH4opuE9vBuRes1EdKKBEXJhJj:EDBDBDlaezKKB2R

Score

8^/10

discovery evasion

Malware Config

Signatures

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Executes dropped EXE 8 IoCs

pid	Process
2160	CheatEngine74.tmp
1588	CheatEngine74.exe
524	CheatEngine74.tmp
2020	_setup64.tmp
1548	Kernelmoduleunloader.exe
752	windowsrepair.exe
1664	Cheat Engine.exe
1732	cheatengine-x86_64.exe

Loads dropped DLL 34 IoCs

pid	Process
1116	CheatEngine74.exe
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
1588	CheatEngine74.exe
524	CheatEngine74.tmp
2944	taskmgr.exe
524	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
1664	Cheat Engine.exe
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe
1232	Process not Found
1232	Process not Found
1232	Process not Found
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
968	icacls.exe
268	icacls.exe

Checks for any installed AV software in registry 1 TTPs 6 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	CheatEngine74.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	CheatEngine74.tmp
Key opened	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\SOFTWARE\AVAST Software\Avast	CheatEngine74.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV\Dir	CheatEngine74.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	CheatEngine74.tmp
Key opened	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\SOFTWARE\AVG\AV\Dir	CheatEngine74.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\CFGMGR32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\authui.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\ntmarta.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\FXSRESM.DLL	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\mf.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\advapi32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\DEVRTL.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\svchost.exe	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\urlmon.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\dhcpcsvc.DLL	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\USP10.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\msi.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\NSI.dll	cheatengine-x86_64.exe
File opened for modification	\??\c:\windows\system32\uxsms.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\CRYPT32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\msls31.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\AltTab.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\AVRT.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\CRYPTBASE.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\slc.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\wkscli.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\msutb.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\wpdshserviceobj.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\bthprops.cpl	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\ksuser.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\SyncCenter.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\MPRAPI.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\ntshrui.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\cscui.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\DEVOBJ.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\hhctrl.ocx	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll	cheatengine-x86_64.exe
File opened for modification	\??\c:\windows\system32\POWRPROF.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\IMM32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\provsvc.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\GDI32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\netcfgx.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\prnfldr.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\PortableDeviceTypes.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\GLU32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\rasman.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\hgcpl.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\MFPlat.DLL	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\SXS.DLL	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\opengl32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\wbem\wbemsvc.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\WindowsCodecs.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\pnidui.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\wevtapi.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\USERENV.dll	cheatengine-x86_64.exe
File opened for modification	\??\c:\windows\system32\netman.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\UIAnimation.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\wsock32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\explorerframe.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\profapi.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\gameux.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\XmlLite.dll	cheatengine-x86_64.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Cheat Engine 7.4\include\winapi\is-U0FKJ.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\winapi\is-KC6GS.tmp	CheatEngine74.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.4\lua53-32.dll	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\win32\is-0KIVI.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-A549O.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\languages\is-N1DB1.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\dlls\src\Mono\MonoDataCollector\is-TR8NQ.tmp	CheatEngine74.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.4\luaclient-x86_64.dll	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-TB46A.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-BTSKQ.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-V4TML.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-S3AMS.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\ceshare\is-VKR0G.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-04T3S.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-P6B4V.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-NTSSD.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-RVHLE.tmp	CheatEngine74.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.4\tcc64-64-linux.dll	CheatEngine74.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.4\Kernelmoduleunloader.exe	CheatEngine74.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.4\winhook-i386.dll	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\winapi\is-5NMVK.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-I07PI.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-EBRVG.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-0CG08.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\sys\is-F536P.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\ceshare\forms\is-UAQH7.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\win64\is-JGLN0.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-8OOBO.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-R1T55.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\ceshare\forms\is-1RI8R.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-BI10L.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\plugins\example-c\is-QODAJ.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\sec_api\is-BDF1P.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\languages\is-NHTO7.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\ceshare\is-7LB05.tmp	CheatEngine74.tmp
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll	cheatengine-x86_64.exe
File opened for modification	C:\Program Files\Cheat Engine 7.4\allochook-x86_64.dll	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-HLNDO.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-D417S.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\is-DJMC3.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\is-CEPIT.tmp	CheatEngine74.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.4\Tutorial-x86_64.exe	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\sys\is-R7S2A.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\languages\is-Q3JQV.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\plugins\example-c\is-KKO4V.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-B1MFT.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\forms\is-O42MB.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\plugins\is-QQ53M.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-KOQSC.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-O7GID.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\ceshare\forms\is-0TQ1O.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\dlls\64\is-C0FFR.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-DJDCF.tmp	CheatEngine74.tmp
File opened for modification	C:\Program Files\Cheat Engine 7.4\libipt-32.dll	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-41OOP.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-MK6V0.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\plugins\is-J9FD4.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-7I3VV.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-BME6V.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\plugins\c# template\CEPluginLibrary\is-KDC84.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-AL0PU.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-GQD4T.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\include\is-FOBLA.tmp	CheatEngine74.tmp
File created	C:\Program Files\Cheat Engine 7.4\is-8IC9T.tmp	CheatEngine74.tmp

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\Explorer.EXE	cheatengine-x86_64.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\gdiplus.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCP90.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.DLL	cheatengine-x86_64.exe
File opened for modification	C:\Windows\ehome\ehSSO.dll	cheatengine-x86_64.exe

Launches sc.exe 2 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
276	sc.exe
1644	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open	CheatEngine74.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER	CheatEngine74.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine"	CheatEngine74.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon\ = "C:\\Program Files\\Cheat Engine 7.4\\Cheat Engine.exe,0"	CheatEngine74.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command	CheatEngine74.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell	CheatEngine74.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.4\\Cheat Engine.exe\" \"%1\""	CheatEngine74.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine"	CheatEngine74.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CT	CheatEngine74.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine	CheatEngine74.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine"	CheatEngine74.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon	CheatEngine74.tmp

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	CheatEngine74.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	CheatEngine74.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	cheatengine-x86_64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	cheatengine-x86_64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	CheatEngine74.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	CheatEngine74.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	CheatEngine74.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	cheatengine-x86_64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	CheatEngine74.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	CheatEngine74.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	CheatEngine74.tmp

Runs net.exe

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	12	Cheat Engine 7.4 : luascript-ceshare

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
524	CheatEngine74.tmp
524	CheatEngine74.tmp
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe
1732	cheatengine-x86_64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1732	cheatengine-x86_64.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeDebugPrivilege	2944	taskmgr.exe
Token: SeDebugPrivilege	1732	cheatengine-x86_64.exe
Token: SeTcbPrivilege	1732	cheatengine-x86_64.exe
Token: SeTcbPrivilege	1732	cheatengine-x86_64.exe
Token: SeLoadDriverPrivilege	1732	cheatengine-x86_64.exe
Token: SeCreateGlobalPrivilege	1732	cheatengine-x86_64.exe
Token: SeLockMemoryPrivilege	1732	cheatengine-x86_64.exe
Token: 33	1732	cheatengine-x86_64.exe
Token: SeSecurityPrivilege	1732	cheatengine-x86_64.exe
Token: SeTakeOwnershipPrivilege	1732	cheatengine-x86_64.exe
Token: SeManageVolumePrivilege	1732	cheatengine-x86_64.exe
Token: SeBackupPrivilege	1732	cheatengine-x86_64.exe
Token: SeCreatePagefilePrivilege	1732	cheatengine-x86_64.exe
Token: SeShutdownPrivilege	1732	cheatengine-x86_64.exe
Token: SeRestorePrivilege	1732	cheatengine-x86_64.exe
Token: 33	1732	cheatengine-x86_64.exe
Token: SeIncBasePriorityPrivilege	1732	cheatengine-x86_64.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2160	CheatEngine74.tmp
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
524	CheatEngine74.tmp
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe
2944	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2160	CheatEngine74.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 2160	1116	CheatEngine74.exe	28
PID 1116 wrote to memory of 2160	1116	CheatEngine74.exe	28
PID 1116 wrote to memory of 2160	1116	CheatEngine74.exe	28
PID 1116 wrote to memory of 2160	1116	CheatEngine74.exe	28
PID 1116 wrote to memory of 2160	1116	CheatEngine74.exe	28
PID 1116 wrote to memory of 2160	1116	CheatEngine74.exe	28
PID 1116 wrote to memory of 2160	1116	CheatEngine74.exe	28
PID 2160 wrote to memory of 1588	2160	CheatEngine74.tmp	31
PID 2160 wrote to memory of 1588	2160	CheatEngine74.tmp	31
PID 2160 wrote to memory of 1588	2160	CheatEngine74.tmp	31
PID 2160 wrote to memory of 1588	2160	CheatEngine74.tmp	31
PID 2160 wrote to memory of 1588	2160	CheatEngine74.tmp	31
PID 2160 wrote to memory of 1588	2160	CheatEngine74.tmp	31
PID 2160 wrote to memory of 1588	2160	CheatEngine74.tmp	31
PID 1588 wrote to memory of 524	1588	CheatEngine74.exe	32
PID 1588 wrote to memory of 524	1588	CheatEngine74.exe	32
PID 1588 wrote to memory of 524	1588	CheatEngine74.exe	32
PID 1588 wrote to memory of 524	1588	CheatEngine74.exe	32
PID 1588 wrote to memory of 524	1588	CheatEngine74.exe	32
PID 1588 wrote to memory of 524	1588	CheatEngine74.exe	32
PID 1588 wrote to memory of 524	1588	CheatEngine74.exe	32
PID 524 wrote to memory of 268	524	CheatEngine74.tmp	34
PID 524 wrote to memory of 268	524	CheatEngine74.tmp	34
PID 524 wrote to memory of 268	524	CheatEngine74.tmp	34
PID 524 wrote to memory of 268	524	CheatEngine74.tmp	34
PID 268 wrote to memory of 1104	268	net.exe	35
PID 268 wrote to memory of 1104	268	net.exe	35
PID 268 wrote to memory of 1104	268	net.exe	35
PID 524 wrote to memory of 564	524	CheatEngine74.tmp	40
PID 524 wrote to memory of 564	524	CheatEngine74.tmp	40
PID 524 wrote to memory of 564	524	CheatEngine74.tmp	40
PID 524 wrote to memory of 564	524	CheatEngine74.tmp	40
PID 564 wrote to memory of 2832	564	net.exe	39
PID 564 wrote to memory of 2832	564	net.exe	39
PID 564 wrote to memory of 2832	564	net.exe	39
PID 524 wrote to memory of 1644	524	CheatEngine74.tmp	38
PID 524 wrote to memory of 1644	524	CheatEngine74.tmp	38
PID 524 wrote to memory of 1644	524	CheatEngine74.tmp	38
PID 524 wrote to memory of 1644	524	CheatEngine74.tmp	38
PID 524 wrote to memory of 276	524	CheatEngine74.tmp	41
PID 524 wrote to memory of 276	524	CheatEngine74.tmp	41
PID 524 wrote to memory of 276	524	CheatEngine74.tmp	41
PID 524 wrote to memory of 276	524	CheatEngine74.tmp	41
PID 524 wrote to memory of 2020	524	CheatEngine74.tmp	45
PID 524 wrote to memory of 2020	524	CheatEngine74.tmp	45
PID 524 wrote to memory of 2020	524	CheatEngine74.tmp	45
PID 524 wrote to memory of 2020	524	CheatEngine74.tmp	45
PID 524 wrote to memory of 968	524	CheatEngine74.tmp	47
PID 524 wrote to memory of 968	524	CheatEngine74.tmp	47
PID 524 wrote to memory of 968	524	CheatEngine74.tmp	47
PID 524 wrote to memory of 968	524	CheatEngine74.tmp	47
PID 524 wrote to memory of 1548	524	CheatEngine74.tmp	48
PID 524 wrote to memory of 1548	524	CheatEngine74.tmp	48
PID 524 wrote to memory of 1548	524	CheatEngine74.tmp	48
PID 524 wrote to memory of 1548	524	CheatEngine74.tmp	48
PID 524 wrote to memory of 752	524	CheatEngine74.tmp	49
PID 524 wrote to memory of 752	524	CheatEngine74.tmp	49
PID 524 wrote to memory of 752	524	CheatEngine74.tmp	49
PID 524 wrote to memory of 752	524	CheatEngine74.tmp	49
PID 524 wrote to memory of 268	524	CheatEngine74.tmp	52
PID 524 wrote to memory of 268	524	CheatEngine74.tmp	52
PID 524 wrote to memory of 268	524	CheatEngine74.tmp	52
PID 524 wrote to memory of 268	524	CheatEngine74.tmp	52
PID 2160 wrote to memory of 1664	2160	CheatEngine74.tmp	53

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
1⤵
PID:804

C:\Users\Admin\AppData\Local\Temp\CheatEngine74.exe
"C:\Users\Admin\AppData\Local\Temp\CheatEngine74.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Users\Admin\AppData\Local\Temp\is-LGI7G.tmp\CheatEngine74.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LGI7G.tmp\CheatEngine74.tmp" /SL5="$30156,2408085,845312,C:\Users\Admin\AppData\Local\Temp\CheatEngine74.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2160
- - C:\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\CheatEngine74.exe
    "C:\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\CheatEngine74.exe" /VERYSILENT /ZBDIST
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\is-VF4IS.tmp\CheatEngine74.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-VF4IS.tmp\CheatEngine74.tmp" /SL5="$201D6,23492458,780800,C:\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\CheatEngine74.exe" /VERYSILENT /ZBDIST
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:524
    - - C:\Windows\system32\net.exe
        
        "net" stop BadlionAntic
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:268
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop BadlionAntic
        6⤵
        
        PID:1104
    - - C:\Windows\system32\sc.exe
        
        "sc" delete BadlionAntic
        5⤵
        Launches sc.exe
        
        PID:1644
    - - C:\Windows\system32\net.exe
        
        "net" stop BadlionAnticheat
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:564
    - - C:\Windows\system32\sc.exe
        
        "sc" delete BadlionAnticheat
        5⤵
        Launches sc.exe
        
        PID:276
    - - C:\Users\Admin\AppData\Local\Temp\is-51B0E.tmp\_isetup\_setup64.tmp
        
        helper 105 0x208
        5⤵
        Executes dropped EXE
        
        PID:2020
    - - C:\Windows\system32\icacls.exe
        
        "icacls" "C:\Program Files\Cheat Engine 7.4" /grant *S-1-15-2-1:(OI)(CI)(RX)
        5⤵
        Modifies file permissions
        
        PID:968
    - - C:\Program Files\Cheat Engine 7.4\Kernelmoduleunloader.exe
        
        "C:\Program Files\Cheat Engine 7.4\Kernelmoduleunloader.exe" /SETUP
        5⤵
        Executes dropped EXE
        
        PID:1548
    - - C:\Program Files\Cheat Engine 7.4\windowsrepair.exe
        
        "C:\Program Files\Cheat Engine 7.4\windowsrepair.exe" /s
        5⤵
        Executes dropped EXE
        
        PID:752
    - - C:\Windows\system32\icacls.exe
        
        "icacls" "C:\Program Files\Cheat Engine 7.4" /grant *S-1-15-2-1:(OI)(CI)(RX)
        5⤵
        Modifies file permissions
        
        PID:268
- - C:\Program Files\Cheat Engine 7.4\Cheat Engine.exe
    "C:\Program Files\Cheat Engine 7.4\Cheat Engine.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1664
  - - C:\Program Files\Cheat Engine 7.4\cheatengine-x86_64.exe
      "C:\Program Files\Cheat Engine 7.4\cheatengine-x86_64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Drops file in Program Files directory
      Drops file in Windows directory
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      PID:1732

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop BadlionAnticheat
1⤵
PID:2832

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Cheat Engine 7.4\Cheat Engine.exe

Filesize
363KB

MD5
0fa859e1b115bb88ea35bf65077e97af

SHA1
75f2f3e46b059f5f4bfefb62970e6c6a9c91075f

SHA256
37bb7ba2590773884017988b6a0eb3ebb1a24f2add9781805af98699d3d0c50a

SHA512
31956e2c7bd08dd5804b3267f58336881fbdabe8b778c63d4a8d7a144b08465560d755838638ea46cd5378a1e97ca85ba3d56d5dafe0445c27dd97e8d26b4761

Download Submit
C:\Program Files\Cheat Engine 7.4\Cheat Engine.exe

Filesize
363KB

MD5
0fa859e1b115bb88ea35bf65077e97af

SHA1
75f2f3e46b059f5f4bfefb62970e6c6a9c91075f

SHA256
37bb7ba2590773884017988b6a0eb3ebb1a24f2add9781805af98699d3d0c50a

SHA512
31956e2c7bd08dd5804b3267f58336881fbdabe8b778c63d4a8d7a144b08465560d755838638ea46cd5378a1e97ca85ba3d56d5dafe0445c27dd97e8d26b4761

Download Submit
C:\Program Files\Cheat Engine 7.4\Kernelmoduleunloader.exe

Filesize
222KB

MD5
747e651d3ebb87e7dea87a2e7a9a9221

SHA1
2e35bb45f6e3275b3a4b7cf135cbba6c3ef6df68

SHA256
7f980a29a73510af39b199aebd6caa42e5b28ea781a7eb040d6d33e213267cfc

SHA512
311b3fd46155757fb8d1359e3a92bed40fa5b3868d0ee1e8db299bc565052a5e17e947ce9b9bce8357bb5449486d6ab34f0f9920a62a319fc21e9b7ec4e0f1bf

Download Submit
C:\Program Files\Cheat Engine 7.4\Kernelmoduleunloader.exe

Filesize
222KB

MD5
747e651d3ebb87e7dea87a2e7a9a9221

SHA1
2e35bb45f6e3275b3a4b7cf135cbba6c3ef6df68

SHA256
7f980a29a73510af39b199aebd6caa42e5b28ea781a7eb040d6d33e213267cfc

SHA512
311b3fd46155757fb8d1359e3a92bed40fa5b3868d0ee1e8db299bc565052a5e17e947ce9b9bce8357bb5449486d6ab34f0f9920a62a319fc21e9b7ec4e0f1bf

Download Submit
C:\Program Files\Cheat Engine 7.4\allochook-i386.dll

Filesize
328KB

MD5
19d52868c3e0b609dbeb68ef81f381a9

SHA1
ce365bd4cf627a3849d7277bafbf2f5f56f496dc

SHA256
b96469b310ba59d1db320a337b3a8104db232a4344a47a8e5ae72f16cc7b1ff4

SHA512
5fbd53d761695de1dd6f0afd0964b33863764c89692345cab013c0b1b6332c24dcf766028f305cc87d864d17229d7a52bf19a299ca136a799053c368f21c8926

Download Submit
C:\Program Files\Cheat Engine 7.4\allochook-x86_64.dll

Filesize
468KB

MD5
daa81711ad1f1b1f8d96dc926d502484

SHA1
7130b241e23bede2b1f812d95fdb4ed5eecadbfd

SHA256
8422be70e0ec59c962b35acf8ad80671bcc8330c9256e6e1ec5c07691388cd66

SHA512
9eaa8e04ad7359a30d5e2f9256f94c1643d4c3f3c0dff24d6cd9e31a6f88cb3b470dd98f01f8b0f57bb947adc3d45c35749ed4877c7cbbbcc181145f0c361065

Download Submit
C:\Program Files\Cheat Engine 7.4\badassets\is-6JD4P.tmp

Filesize
5KB

MD5
5cff22e5655d267b559261c37a423871

SHA1
b60ae22dfd7843dd1522663a3f46b3e505744b0f

SHA256
a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9

SHA512
e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50

Download Submit
C:\Program Files\Cheat Engine 7.4\ced3d10hook.dll

Filesize
128KB

MD5
43dac1f3ca6b48263029b348111e3255

SHA1
9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1

SHA256
148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066

SHA512
6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032

Download Submit
C:\Program Files\Cheat Engine 7.4\ced3d10hook64.dll

Filesize
140KB

MD5
0daf9f07847cceb0f0760bf5d770b8c1

SHA1
992cc461f67acea58a866a78b6eefb0cbcc3aaa1

SHA256
a2ac2ba27b0ed9acc3f0ea1bef9909a59169bc2eb16c979ef8e736a784bf2fa4

SHA512
b4dda28721de88a372af39d4dfba6e612ce06cc443d6a6d636334865a9f8ca555591fb36d9829b54bc0fb27f486d4f216d50f68e1c2df067439fe8ebbf203b6a

Download Submit
C:\Program Files\Cheat Engine 7.4\ced3d11hook.dll

Filesize
137KB

MD5
42e2bf4210f8126e3d655218bd2af2e4

SHA1
78efcb9138eb0c800451cf2bcc10e92a3adf5b72

SHA256
1e30126badfffb231a605c6764dd98895208779ef440ea20015ab560263dd288

SHA512
c985988d0832ce26337f774b160ac369f2957c306a1d82fbbffe87d9062ae5f3af3c1209768cd574182669cd4495dba26b6f1388814c0724a7812218b0b8dc74

Download Submit
C:\Program Files\Cheat Engine 7.4\ced3d11hook64.dll

Filesize
146KB

MD5
0eaac872aadc457c87ee995bbf45a9c1

SHA1
5e9e9b98f40424ad5397fc73c13b882d75499d27

SHA256
6f505cc5973687bbda1c2d9ac8a635d333f57c12067c54da7453d9448ab40b8f

SHA512
164d1e6ef537d44ac4c0fd90d3c708843a74ac2e08fa2b3f0fdd4a180401210847e0f7bb8ec3056f5dc1d5a54d3239c59fb37914ce7742a4c0eb81578657d24b

Download Submit
C:\Program Files\Cheat Engine 7.4\ced3d9hook.dll

Filesize
124KB

MD5
5f1a333671bf167730ed5f70c2c18008

SHA1
c8233bbc6178ba646252c6566789b82a3296cab5

SHA256
fd2a2b4fe4504c56347c35f24d566cc0510e81706175395d0a2ba26a013c4daf

SHA512
6986d93e680b3776eb5700143fc35d60ca9dbbdf83498f8731c673f9fd77c8699a24a4849db2a273aa991b8289e4d6c3142bbde77e11f2faf603df43e8fea105

Download Submit
C:\Program Files\Cheat Engine 7.4\ced3d9hook64.dll

Filesize
136KB

MD5
61ba5199c4e601fa6340e46bef0dff2d

SHA1
7c1a51d6d75b001ba1acde2acb0919b939b392c3

SHA256
8783f06f7b123e16042bb0af91ff196b698d3cd2aa930e3ea97cfc553d9fc0f4

SHA512
8ce180a622a5788bb66c5f3a4abfde62c858e86962f29091e9c157753088ddc826c67c51ff26567bfe2b75737897f14e6bb17ec89f52b525f6577097f1647d31

Download Submit
C:\Program Files\Cheat Engine 7.4\cheatengine-x86_64.exe

Filesize
14.7MB

MD5
f65d9c8718301221b5c856aa773bc1f3

SHA1
33f4b4fec1d363644a7d827664a2747aa5324ead

SHA256
394725de3465afbacbe15eed1e20f7ec2797793e49dae0cc781da3d1bb6b858c

SHA512
a5ac9382d3549e45ec0dcb7b36547c7fa0bfaf4d570be743953b273e90a12a2e84167f734774ae7c64693c7cd9c77462d4288d535f032c0b2b2baac5cd6c27bc

Download Submit
C:\Program Files\Cheat Engine 7.4\cheatengine-x86_64.exe

Filesize
14.7MB

MD5
f65d9c8718301221b5c856aa773bc1f3

SHA1
33f4b4fec1d363644a7d827664a2747aa5324ead

SHA256
394725de3465afbacbe15eed1e20f7ec2797793e49dae0cc781da3d1bb6b858c

SHA512
a5ac9382d3549e45ec0dcb7b36547c7fa0bfaf4d570be743953b273e90a12a2e84167f734774ae7c64693c7cd9c77462d4288d535f032c0b2b2baac5cd6c27bc

Download Submit
C:\Program Files\Cheat Engine 7.4\d3dhook.dll

Filesize
119KB

MD5
2a2ebe526ace7eea5d58e416783d9087

SHA1
5dabe0f7586f351addc8afc5585ee9f70c99e6c4

SHA256
e2a7df4c380667431f4443d5e5fc43964b76c8fcb9cf4c7db921c4140b225b42

SHA512
94ed0038068abddd108f880df23422e21f9808ce04a0d14299aacc5d573521f52626c0c2752b314cda976f64de52c4d5bcac0158b37d43afb9bc345f31fdbbc0

Download Submit
C:\Program Files\Cheat Engine 7.4\d3dhook64.dll

Filesize
131KB

MD5
2af7afe35ab4825e58f43434f5ae9a0f

SHA1
b67c51cad09b236ae859a77d0807669283d6342f

SHA256
7d82694094c1bbc586e554fa87a4b1ed6ebc9eb14902fd429824dcd501339722

SHA512
23b7c6db0cb9c918ad9f28fa0e4e683c7e2495e89a136b75b7e1be6380591da61b6fb4f7248191f28fd3d80c4a391744a96434b4ab96b9531b5ebb0ec970b9d0

Download Submit
C:\Program Files\Cheat Engine 7.4\languages\language.ini

Filesize
283B

MD5
af5ed8f4fe5370516403ae39200f5a4f

SHA1
9299e9998a0605182683a58a5a6ab01a9b9bc037

SHA256
4aa4f0b75548d45c81d8e876e2db1c74bddfd64091f102706d729b50a7af53a5

SHA512
f070049a2fae3223861424e7fe79cbae6601c9bee6a56fadde4485ad3c597dc1f3687e720177ab28564a1faab52b6679e9315f74327d02aa1fb31e7b8233a80f

Download Submit
C:\Program Files\Cheat Engine 7.4\libipt-32.dll

Filesize
157KB

MD5
df443813546abcef7f33dd9fc0c6070a

SHA1
635d2d453d48382824e44dd1e59d5c54d735ee2c

SHA256
d14911c838620251f7f64c190b04bb8f4e762318cc763d993c9179376228d8ca

SHA512
9f9bea9112d9db9bcecfc8e4800b7e8032efb240cbbddaf26c133b4ce12d27b47dc4e90bc339c561714bc972f6e809b2ec9c9e1facc6c223fbac66b089a14c25

Download Submit
C:\Program Files\Cheat Engine 7.4\libipt-64.dll

Filesize
182KB

MD5
4a3b7c52ef32d936e3167efc1e920ae6

SHA1
d5d8daa7a272547419132ddb6e666f7559dbac04

SHA256
26ede848dba071eb76c0c0ef8e9d8ad1c53dfab47ca9137abc9d683032f06ebb

SHA512
36d7f8a0a749de049a830cc8c8f0d3962d8dce57b445f5f3c771a86dd11aaa10da5f36f95e55d3dc90900e4dbddd0dcc21052c53aa11f939db691362c42e5312

Download Submit
C:\Program Files\Cheat Engine 7.4\lua53-64.dll

Filesize
528KB

MD5
b7c9f1e7e640f1a034be84af86970d45

SHA1
f795dc3d781b9578a96c92658b9f95806fc9bdde

SHA256
6d0a06b90213f082cb98950890518c0f08b9fc16dbfab34d400267cb6cdadeff

SHA512
da63992b68f1112c0d6b33e6004f38e85b3c3e251e0d5457cd63804a49c5aa05aa23249e0614dacad4fec28ca6efdb5ddee06da5bfbfa07e21942976201079f3

Download Submit
C:\Program Files\Cheat Engine 7.4\luaclient-i386.dll

Filesize
197KB

MD5
9f50134c8be9af59f371f607a6daa0b6

SHA1
6584b98172cbc4916a7e5ca8d5788493f85f24a7

SHA256
dd07117ed80546f23d37f8023e992de560a1f55a76d1eb6dfd9d55baa5e3dad6

SHA512
5ccafa2b0e2d20034168ee9a79e8efff64f12f5247f6772815ef4cb9ee56f245a06b088247222c5a3789ae2dcefadbc2c15df4ff5196028857f92b9992b094e0

Download Submit
C:\Program Files\Cheat Engine 7.4\luaclient-x86_64.dll

Filesize
260KB

MD5
dd71848b5bbd150e22e84238cf985af0

SHA1
35c7aa128d47710cfdb15bb6809a20dbd0f916d8

SHA256
253d18d0d835f482e6abbaf716855580eb8fe789292c937301e4d60ead29531d

SHA512
0cbf35c9d7b09fb57d8a9079eab726a3891393f12aee8b43e01d1d979509e755b74c0fb677f8f2dfab6b2e34a141f65d0cfbfe57bda0bf7482841ad31ace7790

Download Submit
C:\Program Files\Cheat Engine 7.4\overlay.fx

Filesize
2KB

MD5
650c02fc9f949d14d62e32dd7a894f5e

SHA1
fa5399b01aadd9f1a4a5632f8632711c186ec0de

SHA256
c4d23db8effb359b4aa4d1e1e480486fe3a4586ce8243397a94250627ba4f8cc

SHA512
f2caaf604c271283fc7af3aa9674b9d647c4ac53dffca031dbf1220d3ed2e867943f5409a95f41c61d716879bed7c888735f43a068f1cc1452b4196d611cb76d

Download Submit
C:\Program Files\Cheat Engine 7.4\speedhack-i386.dll

Filesize
200KB

MD5
6e00495955d4efaac2e1602eb47033ee

SHA1
95c2998d35adcf2814ec7c056bfbe0a0eb6a100c

SHA256
5e24a5fe17ec001cab7118328a4bff0f2577bd057206c6c886c3b7fb98e0d6d9

SHA512
2004d1def322b6dd7b129fe4fa7bbe5d42ab280b2e9e81de806f54313a7ed7231f71b62b6138ac767288fee796092f3397e5390e858e06e55a69b0d00f18b866

Download Submit
C:\Program Files\Cheat Engine 7.4\speedhack-x86_64.dll

Filesize
256KB

MD5
19b2050b660a4f9fcb71c93853f2e79c

SHA1
5ffa886fa019fcd20008e8820a0939c09a62407a

SHA256
5421b570fbc1165d7794c08279e311672dc4f42cb7ae1cbddcd7eea0b1136fff

SHA512
a93e47387ab0d327b71c3045b3964c7586d0e03dddb2e692f6671fb99659e829591d5f23ce7a95683d82d239ba7d11fb5a123834629a53de5ce5dba6aa714a9a

Download Submit
C:\Program Files\Cheat Engine 7.4\tcc64-32.dll

Filesize
409KB

MD5
bac12645722419165ce07b0a338259f1

SHA1
8ee779f88019a6e62160395b08464a5ed8a9ff08

SHA256
7884d50ccd8dbc179456e59284a9fe3fbc6618b49d2255a2a6c7114eaf38ff05

SHA512
97222a9cfdc3e29e2cb721cdea505f53ae0d8c4b6dda2bff0426262d26e3d258084788a1d6fbc53adec539e126d57a846cafb6e5e10c043489e519c11a312bd3

Download Submit
C:\Program Files\Cheat Engine 7.4\tcc64-64.dll

Filesize
418KB

MD5
a862133292f3b10381c9a939d0a9145c

SHA1
cf7edeb3989a7f2248b78603fbddd3540b03bf3f

SHA256
eb6a6c9f78dbdef787c4fdee3a2bf8ac8e5d77e7ece22401fea8563895905192

SHA512
b3539138877902cef2b78148d063d3301d5584dd37c56c5c3ca8efdbcb0033b9ba4f909559d6d37b0147ed54c9367a370ccae90afa107c2be358e1c55c81ff44

Download Submit
C:\Program Files\Cheat Engine 7.4\unins000.exe

Filesize
2.5MB

MD5
78eaf97510518dabca6bda558eb23d65

SHA1
e52fc6832e7471cd80b1c6ea9826302386daeab2

SHA256
280e83e09d1e6a0f751347dcfedcf49df293531b1e3847ca28363e52c569ad1a

SHA512
33c176eb987449fa7f8bc9ce50a813adb95013dcf3bfd7e3788fb2dd0d629c695aa7126dfa54e36c62534f18addeec503843e74fb1d448f441f7ceb92be379b7

Download Submit
C:\Program Files\Cheat Engine 7.4\vehdebug-i386.dll

Filesize
319KB

MD5
975965814c0a7ea194aeb1b0eeb7ec09

SHA1
d99e44da2016a48ceb5819330c7a57c3c8077841

SHA256
8f3ef35eb8e3ee61700868d0fc083155432ee0467da4c51d3b794dd7009dfd14

SHA512
02e7643594b3800c93eb7e991cb3dde70ca0d232a7e6b35c65b2f24d4bd8580d506e9f554411943b8a2354ad1e37b2e680a894f0080047c5319a64bfca221c9c

Download Submit
C:\Program Files\Cheat Engine 7.4\vehdebug-x86_64.dll

Filesize
406KB

MD5
2ffa8223b315687e5d30c7bef2100a71

SHA1
bf5d44fb44d5be2571e81000a6cbeb4844557e95

SHA256
8df1c44f2be15be95d83a975620c59f6a76a98e5343a08c15852a794859c4ffa

SHA512
587619b27d65fd7bd71c15ac59f1b73ef8a506dc478396169678035ab1dee485d56ea4cce1d52951bf71ab5865f1713d7f61952d460637830d5ea83ab303e33b

Download Submit
C:\Program Files\Cheat Engine 7.4\win64\dbghelp.dll

Filesize
1.4MB

MD5
893ec728b6fa9d7277963847bd408f4f

SHA1
99d461999f631457b38df82d849d81b8fad946aa

SHA256
21c398a2292f04652795c7d4ee7890bb62ac7039e58ac04ece91ff05ee0801ee

SHA512
44d6b3073e2363e0cf8a8aec7384a5a386d2a8eb21716640569a2eb00ad5dd75d1b6d159aa59cea9e60d5b4305573f206a85e54b40d2160d2d2416d2882b6a76

Download Submit
C:\Program Files\Cheat Engine 7.4\win64\symsrv.dll

Filesize
139KB

MD5
896ab17393ec4956d4dfded6a769bbbc

SHA1
4d32d29ff4c90c1607b4210875cbb8f91f3a4de8

SHA256
62e6e7efba96592e2e13af4c7f3ec7aaa0750f10e63984c26c7f26e11a0e528e

SHA512
96a10f0f3253f39e6424f80b0331984c1b1c380768ae67cfec96d7a1a8b862d25482aa5032ca826ee475a8d81bb8fa0f40876240c1edc2545417c75b2668455b

Download Submit
C:\Program Files\Cheat Engine 7.4\windowsrepair.exe

Filesize
261KB

MD5
604aeb519f602c31b7fb885646398fcb

SHA1
af72d7bdac187b85e34f3e92a2c14a0942061649

SHA256
22eb324a2a22f319b96619cf2d0be0bca7f503e776f1a4750c9c983f714c375c

SHA512
e26e196536bd7be8925b10d5b4e4c10e4aa4227a47ed87e5889078b16fe840712f7c3a84327924489b52ca3ca284a75a8e185dc75633874c6dc8f3e9f5d77dec

Download Submit
C:\Program Files\Cheat Engine 7.4\winhook-i386.dll

Filesize
201KB

MD5
de625af5cf4822db08035cc897f0b9f2

SHA1
4440b060c1fa070eb5d61ea9aadda11e4120d325

SHA256
3cdb85ee83ef12802efdfc9314e863d4696be70530b31e7958c185fc4d6a9b38

SHA512
19b22f43441e8bc72507be850a8154321c20b7351669d15af726145c0d34805c7df58f9dc64a29272a4811268308e503e9840f06e51ccdcb33afd61258339099

Download Submit
C:\Program Files\Cheat Engine 7.4\winhook-x86_64.dll

Filesize
264KB

MD5
f9c562b838a3c0620fb6ee46b20b554c

SHA1
5095f54be57622730698b5c92c61b124dfb3b944

SHA256
e08b035d0a894d8bea64e67b1ed0bce27567d417eaaa133e8b231f8a939e581d

SHA512
a20bc9a442c698c264fef82aa743d9f3873227d7d55cb908e282fa1f5dcff6b40c5b9ca7802576ef2f5a753fd1c534e9be69464b29af8efec8b019814b875296

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21b944dd878650f6aaeb7857b676a950

SHA1
b9b1e911cd8e73f0965cfc7eda195deaeb32550b

SHA256
032b535e838fc35809e55f9d9a7b6c6cdd681462edf45e1ffe090ba244d77dbd

SHA512
d5d9dc198c9b389cde15975c26f4c1ea1b2f0c1e97b05511201fc6a4ebc0a9b61c809cde16dc4e3b3e2c704762e7e9bda72b65ea3f46cbd7d72f77285c61ceee

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD329.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{391F066C-8EDB-4D20-8749-B2E4F2A87873}\ADDRESSES.TMP

Filesize
2KB

MD5
b9345d6ab0345fdb260f873fe133a574

SHA1
eb2fd2ebb8fe9c607cb7949ab6b176b06811d767

SHA256
8f921c4cd2771d494ba1b57bebc25ab773bd3e3f8da062ef1e7bf85e11f7e31e

SHA512
d658d8ce91f0fa8c84161eef7f4e0ec56268e2ae2cffccbf59b787aa254d0af52b34065d9310bebacb35b331d40030d6c46f06074b935652f317b5d65eb72031

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cheat Engine\{391F066C-8EDB-4D20-8749-B2E4F2A87873}\MEMORY.TMP

Filesize
1KB

MD5
62f325fdb6729ca1a8a186865f4ed0c0

SHA1
ab72d3021cae251d473c6046a54743e9f893397a

SHA256
38d0dd4bbefa62ca1098d380bb4d428e200a673a99749a44f64a6dd8731257dd

SHA512
dfe67e5cfde264d85d56d9952b8904eb05ebb9be035c89c02abe775f024dbf34c235077ceb5c7cc828a12f0dd86ab343c75a05d4de0c1958d0994e17e0f40921

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD3B8.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-51B0E.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-51B0E.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\AVG_AV.png

Filesize
118KB

MD5
7983518219b552c318e781006f7024fb

SHA1
dcc3d8afcc55da91bc020a3d53cbd0c573a36222

SHA256
5370dc4d4aede33622edd0ebce02a8c615fdd811188e03d62ada3b2c29c056cb

SHA512
be0ad823d04e7d79000449d4b45c06c35b82dfca5ca9ac03b886969375b28587875d4d1201e78f15d1dd51582ea81d22313fe8e19a343b47fa1df8699e1a4e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\CheatEngine74.exe

Filesize
23.1MB

MD5
8f210e8bd05d93667412b67c092619a9

SHA1
9cafdc5c862cb30d5b982f8b2055fe4613401296

SHA256
5e9e9499cbdc5e77474918d8a6f09629f5fdc5cb41b78cffb83da64129543689

SHA512
27c75d9f2169b50446fe4b33dd5514dba268f5e08beddc75ec22d1b8092df85dd87fba2af037b2528fcd7ef8c258ecfc3f20a046bf8db6b35e60a92fe454a1cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\CheatEngine74.exe

Filesize
23.1MB

MD5
8f210e8bd05d93667412b67c092619a9

SHA1
9cafdc5c862cb30d5b982f8b2055fe4613401296

SHA256
5e9e9499cbdc5e77474918d8a6f09629f5fdc5cb41b78cffb83da64129543689

SHA512
27c75d9f2169b50446fe4b33dd5514dba268f5e08beddc75ec22d1b8092df85dd87fba2af037b2528fcd7ef8c258ecfc3f20a046bf8db6b35e60a92fe454a1cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\CheatEngine74.exe

Filesize
23.1MB

MD5
8f210e8bd05d93667412b67c092619a9

SHA1
9cafdc5c862cb30d5b982f8b2055fe4613401296

SHA256
5e9e9499cbdc5e77474918d8a6f09629f5fdc5cb41b78cffb83da64129543689

SHA512
27c75d9f2169b50446fe4b33dd5514dba268f5e08beddc75ec22d1b8092df85dd87fba2af037b2528fcd7ef8c258ecfc3f20a046bf8db6b35e60a92fe454a1cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\WebAdvisor.png

Filesize
48KB

MD5
68dba223cf90bea8f73a12bf024498ae

SHA1
c047063530956e8294a6947946587be58d07e21f

SHA256
e54730e552186e2b59888a96a7b3784d759e7c8c6601f708d310f070abe89d5a

SHA512
8b69288da171dc853ffdd1dac925b7416498b5da9bc91db44ff2063ac7a991d814366eef74a04171f760a80b704e120e903f51b4595eb119c60f0bf78c398a51

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\loader.gif

Filesize
10KB

MD5
12d7fd91a06cee2d0e76abe0485036ee

SHA1
2bf1f86cc5f66401876d4e0e68af8181da9366ac

SHA256
a6192b9a3fa5db9917aef72d651b7ad8fd8ccb9b53f3ad99d7c46701d00c78cb

SHA512
17ab033d3518bd6d567f7185a3f1185410669062d5ec0a0b046a3a9e8a82ee8f8adb90b806542c5892fc1c01dd3397ea485ebc86e4d398f754c40daf3c333edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\logo.png

Filesize
258KB

MD5
6b7cb2a5a8b301c788c3792802696fe8

SHA1
da93950273b0c256dab64bb3bb755ac7c14f17f3

SHA256
3eed2e41bc6ca0ae9a5d5ee6d57ca727e5cba6ac8e8c5234ac661f9080cedadf

SHA512
4183dbb8fd7de5fd5526a79b62e77fc30b8d1ec34ebaa3793b4f28beb36124084533e08b595f77305522bc847edfed1f9388c0d2ece66e6ac8acb7049b48ee86

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LGI7G.tmp\CheatEngine74.tmp

Filesize
2.9MB

MD5
9858749c3a44de91503ba1124f98a4f0

SHA1
9e871a2a692fe7fa03cbd2b958a48eee9a694758

SHA256
058a000842e85dbf501d6fc76fa4a73e13b31102367d06d459c8ba8e7e91a201

SHA512
85c8f861cca5adee81d8707627ca008821993c19be35ed86372bd50457ed194d11138e9e34e3e527ef4253857eac372eedd0d7a511ae11927be36eefe39c5dc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LGI7G.tmp\CheatEngine74.tmp

Filesize
2.9MB

MD5
9858749c3a44de91503ba1124f98a4f0

SHA1
9e871a2a692fe7fa03cbd2b958a48eee9a694758

SHA256
058a000842e85dbf501d6fc76fa4a73e13b31102367d06d459c8ba8e7e91a201

SHA512
85c8f861cca5adee81d8707627ca008821993c19be35ed86372bd50457ed194d11138e9e34e3e527ef4253857eac372eedd0d7a511ae11927be36eefe39c5dc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VF4IS.tmp\CheatEngine74.tmp

Filesize
2.5MB

MD5
78eaf97510518dabca6bda558eb23d65

SHA1
e52fc6832e7471cd80b1c6ea9826302386daeab2

SHA256
280e83e09d1e6a0f751347dcfedcf49df293531b1e3847ca28363e52c569ad1a

SHA512
33c176eb987449fa7f8bc9ce50a813adb95013dcf3bfd7e3788fb2dd0d629c695aa7126dfa54e36c62534f18addeec503843e74fb1d448f441f7ceb92be379b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VF4IS.tmp\CheatEngine74.tmp

Filesize
2.5MB

MD5
78eaf97510518dabca6bda558eb23d65

SHA1
e52fc6832e7471cd80b1c6ea9826302386daeab2

SHA256
280e83e09d1e6a0f751347dcfedcf49df293531b1e3847ca28363e52c569ad1a

SHA512
33c176eb987449fa7f8bc9ce50a813adb95013dcf3bfd7e3788fb2dd0d629c695aa7126dfa54e36c62534f18addeec503843e74fb1d448f441f7ceb92be379b7

Download Submit
\Program Files\Cheat Engine 7.4\Cheat Engine.exe

Filesize
363KB

MD5
0fa859e1b115bb88ea35bf65077e97af

SHA1
75f2f3e46b059f5f4bfefb62970e6c6a9c91075f

SHA256
37bb7ba2590773884017988b6a0eb3ebb1a24f2add9781805af98699d3d0c50a

SHA512
31956e2c7bd08dd5804b3267f58336881fbdabe8b778c63d4a8d7a144b08465560d755838638ea46cd5378a1e97ca85ba3d56d5dafe0445c27dd97e8d26b4761

Download Submit
\Program Files\Cheat Engine 7.4\Cheat Engine.exe

Filesize
363KB

MD5
0fa859e1b115bb88ea35bf65077e97af

SHA1
75f2f3e46b059f5f4bfefb62970e6c6a9c91075f

SHA256
37bb7ba2590773884017988b6a0eb3ebb1a24f2add9781805af98699d3d0c50a

SHA512
31956e2c7bd08dd5804b3267f58336881fbdabe8b778c63d4a8d7a144b08465560d755838638ea46cd5378a1e97ca85ba3d56d5dafe0445c27dd97e8d26b4761

Download Submit
\Program Files\Cheat Engine 7.4\Kernelmoduleunloader.exe

Filesize
222KB

MD5
747e651d3ebb87e7dea87a2e7a9a9221

SHA1
2e35bb45f6e3275b3a4b7cf135cbba6c3ef6df68

SHA256
7f980a29a73510af39b199aebd6caa42e5b28ea781a7eb040d6d33e213267cfc

SHA512
311b3fd46155757fb8d1359e3a92bed40fa5b3868d0ee1e8db299bc565052a5e17e947ce9b9bce8357bb5449486d6ab34f0f9920a62a319fc21e9b7ec4e0f1bf

Download Submit
\Program Files\Cheat Engine 7.4\Kernelmoduleunloader.exe

Filesize
222KB

MD5
747e651d3ebb87e7dea87a2e7a9a9221

SHA1
2e35bb45f6e3275b3a4b7cf135cbba6c3ef6df68

SHA256
7f980a29a73510af39b199aebd6caa42e5b28ea781a7eb040d6d33e213267cfc

SHA512
311b3fd46155757fb8d1359e3a92bed40fa5b3868d0ee1e8db299bc565052a5e17e947ce9b9bce8357bb5449486d6ab34f0f9920a62a319fc21e9b7ec4e0f1bf

Download Submit
\Program Files\Cheat Engine 7.4\Tutorial-i386.exe

Filesize
2.4MB

MD5
b39161f5603f36ce96678211761a35f0

SHA1
32041d96d6a693f5eaa04fc6ac863aaca9c33962

SHA256
f5c3473e0b2ae0ec575be1e9cd60e41e7853c7f9e597eed293e964c3f4a6a140

SHA512
8caf44db43fd71130269d9aea3dbf97d58ec9608d95e199982ec94d452e1ff767f699071340c1e65027b1f86450f7bcd72abdce3886c49f1e61e39f5548e39aa

Download Submit
\Program Files\Cheat Engine 7.4\Tutorial-x86_64.exe

Filesize
3.2MB

MD5
0d23cb5c9731dceebe31cfdf6d7cc4f7

SHA1
28580c3c7c8ae173e2411760842b55a4ed6738fc

SHA256
f4bbfe37ebf026c43af159bd300dfb5606b4d26faea7fe7dfcf6ff2806e194fb

SHA512
ced380f90881b35122229a9a55e052a3c441dbf428e9db4c796ed602e6843f9ea84f293f06973e3ea001e66de1be42fa8ca3978563b69ab918e635b7f4dbbbb8

Download Submit
\Program Files\Cheat Engine 7.4\ceregreset.exe

Filesize
203KB

MD5
323e883fe792732691af363989916c17

SHA1
15dea73dd6c0c454f70f176f3d9bd627c0929f07

SHA256
0f6c5f4affb87424d5c7146497384927b08bf9a3e5aad522dccc42a3a87905fa

SHA512
198c99871189f0a4b899840a3db81d251988b1b89b4424ab62c9785eef64ef90c1392621dbc4beff5d2c9e4790e963aff1119ff8bb0fafee69d1cdf9fd6544a0

Download Submit
\Program Files\Cheat Engine 7.4\cheatengine-i386.exe

Filesize
11.5MB

MD5
f3c64c15a30ffd7b43f82a3789f66b48

SHA1
9a9b32c84eb1eb0363041ea2c5d8417f02fba864

SHA256
e9c834d9eb78be87b91c6a001ebc0fc2d9230ec03e210306d54228e2983d4629

SHA512
a41e27323ad7bde4618997a20c2cf9beef3e14313cafdc9348a5bfd4669e322c62ed30c07026c55a96fb04d6c823bd616af7b7d44ea3a3b18aa648f98755a269

Download Submit
\Program Files\Cheat Engine 7.4\cheatengine-x86_64-SSE4-AVX2.exe

Filesize
14.7MB

MD5
936624b79d78716f21229360ba282ac9

SHA1
e85b17173eeba3b3690d8f1b0dd1054f6ac82f5f

SHA256
e24a40144ba937fd55264fd6be02f0ac7e3756757ad879451245f819e6e386b0

SHA512
e1f1d8f5e4d82dbcf40d1a29ece83d2cf07e958f07b71e18ba45158f0cab6b37b19b7603a51c300d0590e065489d25becc593e7998f133e031ded99faec43a7a

Download Submit
\Program Files\Cheat Engine 7.4\cheatengine-x86_64.exe

Filesize
14.7MB

MD5
f65d9c8718301221b5c856aa773bc1f3

SHA1
33f4b4fec1d363644a7d827664a2747aa5324ead

SHA256
394725de3465afbacbe15eed1e20f7ec2797793e49dae0cc781da3d1bb6b858c

SHA512
a5ac9382d3549e45ec0dcb7b36547c7fa0bfaf4d570be743953b273e90a12a2e84167f734774ae7c64693c7cd9c77462d4288d535f032c0b2b2baac5cd6c27bc

Download Submit
\Program Files\Cheat Engine 7.4\cheatengine-x86_64.exe

Filesize
14.7MB

MD5
f65d9c8718301221b5c856aa773bc1f3

SHA1
33f4b4fec1d363644a7d827664a2747aa5324ead

SHA256
394725de3465afbacbe15eed1e20f7ec2797793e49dae0cc781da3d1bb6b858c

SHA512
a5ac9382d3549e45ec0dcb7b36547c7fa0bfaf4d570be743953b273e90a12a2e84167f734774ae7c64693c7cd9c77462d4288d535f032c0b2b2baac5cd6c27bc

Download Submit
\Program Files\Cheat Engine 7.4\lua53-64.dll

Filesize
528KB

MD5
b7c9f1e7e640f1a034be84af86970d45

SHA1
f795dc3d781b9578a96c92658b9f95806fc9bdde

SHA256
6d0a06b90213f082cb98950890518c0f08b9fc16dbfab34d400267cb6cdadeff

SHA512
da63992b68f1112c0d6b33e6004f38e85b3c3e251e0d5457cd63804a49c5aa05aa23249e0614dacad4fec28ca6efdb5ddee06da5bfbfa07e21942976201079f3

Download Submit
\Program Files\Cheat Engine 7.4\tcc64-32.dll

Filesize
409KB

MD5
bac12645722419165ce07b0a338259f1

SHA1
8ee779f88019a6e62160395b08464a5ed8a9ff08

SHA256
7884d50ccd8dbc179456e59284a9fe3fbc6618b49d2255a2a6c7114eaf38ff05

SHA512
97222a9cfdc3e29e2cb721cdea505f53ae0d8c4b6dda2bff0426262d26e3d258084788a1d6fbc53adec539e126d57a846cafb6e5e10c043489e519c11a312bd3

Download Submit
\Program Files\Cheat Engine 7.4\tcc64-64.dll

Filesize
418KB

MD5
a862133292f3b10381c9a939d0a9145c

SHA1
cf7edeb3989a7f2248b78603fbddd3540b03bf3f

SHA256
eb6a6c9f78dbdef787c4fdee3a2bf8ac8e5d77e7ece22401fea8563895905192

SHA512
b3539138877902cef2b78148d063d3301d5584dd37c56c5c3ca8efdbcb0033b9ba4f909559d6d37b0147ed54c9367a370ccae90afa107c2be358e1c55c81ff44

Download Submit
\Program Files\Cheat Engine 7.4\unins000.exe

Filesize
2.5MB

MD5
78eaf97510518dabca6bda558eb23d65

SHA1
e52fc6832e7471cd80b1c6ea9826302386daeab2

SHA256
280e83e09d1e6a0f751347dcfedcf49df293531b1e3847ca28363e52c569ad1a

SHA512
33c176eb987449fa7f8bc9ce50a813adb95013dcf3bfd7e3788fb2dd0d629c695aa7126dfa54e36c62534f18addeec503843e74fb1d448f441f7ceb92be379b7

Download Submit
\Program Files\Cheat Engine 7.4\win64\dbghelp.dll

Filesize
1.4MB

MD5
893ec728b6fa9d7277963847bd408f4f

SHA1
99d461999f631457b38df82d849d81b8fad946aa

SHA256
21c398a2292f04652795c7d4ee7890bb62ac7039e58ac04ece91ff05ee0801ee

SHA512
44d6b3073e2363e0cf8a8aec7384a5a386d2a8eb21716640569a2eb00ad5dd75d1b6d159aa59cea9e60d5b4305573f206a85e54b40d2160d2d2416d2882b6a76

Download Submit
\Program Files\Cheat Engine 7.4\windowsrepair.exe

Filesize
261KB

MD5
604aeb519f602c31b7fb885646398fcb

SHA1
af72d7bdac187b85e34f3e92a2c14a0942061649

SHA256
22eb324a2a22f319b96619cf2d0be0bca7f503e776f1a4750c9c983f714c375c

SHA512
e26e196536bd7be8925b10d5b4e4c10e4aa4227a47ed87e5889078b16fe840712f7c3a84327924489b52ca3ca284a75a8e185dc75633874c6dc8f3e9f5d77dec

Download Submit
\Users\Admin\AppData\Local\Temp\is-51B0E.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
\Users\Admin\AppData\Local\Temp\is-51B0E.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\CheatEngine74.exe

Filesize
23.1MB

MD5
8f210e8bd05d93667412b67c092619a9

SHA1
9cafdc5c862cb30d5b982f8b2055fe4613401296

SHA256
5e9e9499cbdc5e77474918d8a6f09629f5fdc5cb41b78cffb83da64129543689

SHA512
27c75d9f2169b50446fe4b33dd5514dba268f5e08beddc75ec22d1b8092df85dd87fba2af037b2528fcd7ef8c258ecfc3f20a046bf8db6b35e60a92fe454a1cc

Download Submit
\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-F6HBK.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
e1f18a22199c6f6aa5d87b24e5b39ef1

SHA1
0dcd8f90b575f6f1d10d6789fe769fa26daafd0e

SHA256
62c56c8cf2ac6521ce047b73aa99b6d3952ca53f11d34b00e98d17674a2fc10d

SHA512
5a10a2f096adce6e7db3a40bc3ea3fd44d602966e606706ee5a780703f211de7f77656c79c296390baee1e008dc3ce327eaaf5d78bbae20108670c5bc809a190

Download Submit
\Users\Admin\AppData\Local\Temp\is-LGI7G.tmp\CheatEngine74.tmp

Filesize
2.9MB

MD5
9858749c3a44de91503ba1124f98a4f0

SHA1
9e871a2a692fe7fa03cbd2b958a48eee9a694758

SHA256
058a000842e85dbf501d6fc76fa4a73e13b31102367d06d459c8ba8e7e91a201

SHA512
85c8f861cca5adee81d8707627ca008821993c19be35ed86372bd50457ed194d11138e9e34e3e527ef4253857eac372eedd0d7a511ae11927be36eefe39c5dc4

Download Submit
\Users\Admin\AppData\Local\Temp\is-VF4IS.tmp\CheatEngine74.tmp

Filesize
2.5MB

MD5
78eaf97510518dabca6bda558eb23d65

SHA1
e52fc6832e7471cd80b1c6ea9826302386daeab2

SHA256
280e83e09d1e6a0f751347dcfedcf49df293531b1e3847ca28363e52c569ad1a

SHA512
33c176eb987449fa7f8bc9ce50a813adb95013dcf3bfd7e3788fb2dd0d629c695aa7126dfa54e36c62534f18addeec503843e74fb1d448f441f7ceb92be379b7

Download Submit
memory/524-855-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/524-191-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/524-296-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/524-217-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/804-1108-0x0000000000210000-0x0000000000310000-memory.dmp

Filesize
1024KB

Download
memory/804-1105-0x0000000000210000-0x0000000000310000-memory.dmp

Filesize
1024KB

Download
memory/1116-160-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/1116-890-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/1116-1-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/1116-9-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/1588-856-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1588-183-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1588-213-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1732-950-0x0000000007AC0000-0x0000000007AC1000-memory.dmp

Filesize
4KB

Download
memory/1732-941-0x0000000007AC0000-0x0000000007AC1000-memory.dmp

Filesize
4KB

Download
memory/2160-194-0x0000000000400000-0x00000000006FE000-memory.dmp

Filesize
3.0MB

Download
memory/2160-12-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2160-11-0x0000000000400000-0x00000000006FE000-memory.dmp

Filesize
3.0MB

Download
memory/2160-154-0x00000000033A0000-0x00000000033AF000-memory.dmp

Filesize
60KB

Download
memory/2160-878-0x0000000000400000-0x00000000006FE000-memory.dmp

Filesize
3.0MB

Download
memory/2160-161-0x0000000000400000-0x00000000006FE000-memory.dmp

Filesize
3.0MB

Download
memory/2160-8-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2160-162-0x00000000033A0000-0x00000000033AF000-memory.dmp

Filesize
60KB

Download
memory/2160-174-0x0000000000400000-0x00000000006FE000-memory.dmp

Filesize
3.0MB

Download
memory/2160-175-0x00000000033A0000-0x00000000033AF000-memory.dmp

Filesize
60KB

Download
memory/2944-208-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2944-207-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download