Malware Analysis Report

2025-08-10 12:06

Sample ID 240222-zgd99afd38
Target https://www.cheatengine.org/downloads.php
Tags
discovery evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.cheatengine.org/downloads.php was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion

Downloads MZ/PE file

Stops running service(s)

Checks computer location settings

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Checks for any installed AV software in registry

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Launches sc.exe

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Modifies data under HKEY_USERS

Checks processor information in registry

Script User-Agent

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: LoadsDriver

Runs net.exe

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 20:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 20:41

Reported

2024-02-22 20:46

Platform

win10v2004-20240221-uk

Max time kernel

258s

Max time network

211s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.cheatengine.org/downloads.php

Signatures

Downloads MZ/PE file

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\SOFTWARE\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SYSTEM32\GLU32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\KERNEL32.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\KERNELBASE.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\win32u.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\advapi32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\shell32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\comdlg32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\bcryptPrimitives.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\ntdll.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ole32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\shcore.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\SHLWAPI.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\opengl32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\msimg32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\version.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\kernel.appcore.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\apphelp.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\oleaut32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ucrtbase.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\RPCRT4.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\msvcrt.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\psapi.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\clbcatq.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\MSCTF.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\user32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\sechost.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\PROPSYS.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\GDI32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\hhctrl.ocx C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\Wldp.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\msvcp_win.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ws2_32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\uxtheme.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\gdi32full.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\imm32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\wininet.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\combase.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\wsock32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\winmm.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\explorerframe.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\windows.storage.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\sechost.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-V85GM.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\sec_api\is-GA2O2.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\languages\is-6B6N5.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-EOIQ6.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\is-VC4KD.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-5HT9K.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\kernelbase.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\libipt-32.dll C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-AT83Q.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-N989P.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\sys\is-KDLNV.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\plugins\is-MQAEI.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\badassets\is-4LCTT.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\ntmarta.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-OEAUD.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-5JMJO.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-8DL0M.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\oleaut32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\ucrtbase.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\Kernel.Appcore.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\Windows.Storage.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\winapi\is-G3ED3.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-DAAS2.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\plugins\is-RUFQV.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-MEGF1.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\shlwapi.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\is-C9NL5.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\webio.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\plugins\is-35TR2.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\wsock32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-LUH11.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-P3FDL.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\ole32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\propsys.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\crypt32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\webio.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\sys\is-ML91V.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-M1JNQ.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\is-R55LK.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-TQS4U.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\lua53-64.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\include\sec_api\is-8ULEE.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-DEEEI.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\is-FEJED.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\devobj.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dhcpcsvc.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\d3dhook.dll C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-J7TQR.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\winapi\is-QOKFR.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-4F27Q.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\combase.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-EJH6E.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-OCL66.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\is-G2QGD.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\is-TL9TM.tmp C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\rpcrt4.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\DLL\dhcpcsvc.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "97" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531081112625001" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine" C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine" C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine" C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon\ = "C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe,0" C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.CT C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp N/A

Runs net.exe

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Cheat Engine 7.5 : luascript-ceshare N/A N/A
HTTP User-Agent header Cheat Engine 7.5 : luascript-CEVersionCheck N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2500 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 2336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 3144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 3144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2500 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.cheatengine.org/downloads.php

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91a0b9758,0x7ff91a0b9768,0x7ff91a0b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4788 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4852 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3748 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3904 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5764 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5032 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6260 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6776 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6812 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Users\Admin\Downloads\CheatEngine75.exe

"C:\Users\Admin\Downloads\CheatEngine75.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6484 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3780 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp

"C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp" /SL5="$50240,29019897,780800,C:\Users\Admin\Downloads\CheatEngine75.exe"

C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe

"C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST

C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp

"C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp" /SL5="$10270,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST

C:\Windows\SYSTEM32\net.exe

"net" stop BadlionAntic

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop BadlionAntic

C:\Windows\SYSTEM32\net.exe

"net" stop BadlionAnticheat

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop BadlionAnticheat

C:\Windows\SYSTEM32\sc.exe

"sc" delete BadlionAntic

C:\Windows\SYSTEM32\sc.exe

"sc" delete BadlionAnticheat

C:\Users\Admin\AppData\Local\Temp\is-L1HQA.tmp\_isetup\_setup64.tmp

helper 105 0x480

C:\Windows\system32\icacls.exe

"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)

C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe

"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP

C:\Program Files\Cheat Engine 7.5\windowsrepair.exe

"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s

C:\Windows\system32\icacls.exe

"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"

C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Cheat Engine 7.5\unins000.exe

"C:\Program Files\Cheat Engine 7.5\unins000.exe"

C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp

"C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp" /SECONDPHASE="C:\Program Files\Cheat Engine 7.5\unins000.exe" /FIRSTPHASEWND=$2031E

C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe

"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2828 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:2

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa396f055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.cheatengine.org udp
US 104.20.175.30:443 www.cheatengine.org tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 c6.patreon.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.freeware.de udp
US 204.79.197.200:443 bat.bing.com tcp
US 104.16.6.49:443 c6.patreon.com tcp
DE 89.31.143.90:443 www.freeware.de tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.175.20.104.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.patreon.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 c5.patreon.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 49.6.16.104.in-addr.arpa udp
US 8.8.8.8:53 90.143.31.89.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 104.16.6.49:443 c5.patreon.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 d1vdn3r1396bak.cloudfront.net udp
DE 52.222.190.142:443 d1vdn3r1396bak.cloudfront.net tcp
DE 52.222.190.142:443 d1vdn3r1396bak.cloudfront.net tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 142.190.222.52.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 64.92.85.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 d1zlukw2pqueen.cloudfront.net udp
DE 54.230.55.64:443 d1zlukw2pqueen.cloudfront.net tcp
DE 54.230.55.64:443 d1zlukw2pqueen.cloudfront.net tcp
US 8.8.8.8:53 64.55.230.54.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 cheatengine.org udp
US 104.20.175.30:443 cheatengine.org tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 172.217.168.227:443 beacons.gcp.gvt2.com tcp
NL 172.217.168.227:443 beacons.gcp.gvt2.com tcp
NL 172.217.168.227:443 beacons.gcp.gvt2.com tcp
NL 172.217.168.227:443 beacons.gcp.gvt2.com tcp
NL 172.217.168.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.214.133.66:443 cxcs.microsoft.net tcp
GB 92.123.128.152:443 www.bing.com tcp
US 8.8.8.8:53 66.133.214.23.in-addr.arpa udp
US 8.8.8.8:53 152.128.123.92.in-addr.arpa udp
NL 172.217.168.227:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_2500_CZRHUCGZFMQIZPFA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9209224a5e97b6a5da5ffa4555646118
SHA1 9307155a661b69c23c134d52e74139c9388349eb
SHA256 6e6d0f9c62a7bb7d6e6f67558c65d5dbfeab98c29b13e5c3477b67676f246822
SHA512 b375dc2d4db1d12ac0ea96b392dfe9c0441b69225b25ab65225960368620321cf909203e78906e50b0a911408de8a47eeeb8dfb9738ea8abeb2b7114a7da88dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4412cbdb00bbeda05892e773bfc497da
SHA1 2bb667a9d37b6f70c01046f5f715b9e5dc8eaa8f
SHA256 eaebdaa975ccb747799d934754765a20bb472cce64a0c4d9ff7da862ee4a0952
SHA512 7c6e5b8bbe4359140c83a8513897f05c0dd77e13f290b30d0de07ffbb2f4791de6f6868216a453b915a84136955e0ec6ad01568911668c3b586a7cb09ccf23d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 abf4c15d886059e167efa067ebf40b0d
SHA1 2fa6d89ee9f7308ac8d0bb9042760b321cea443c
SHA256 9f316d52519c6adf1e5ba6280765396e69e8798b8f23d54de94141638a80650f
SHA512 51c13b021118f17ad3dc65a4408c709c62523adb332c9ef9c17345047cded6cee5f6743dcd61a7d52c90cc921ab9171c9ce8b9dd50ed6a5e308e5d938e47a543

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3d7556432e72d6f4fddac54f18947d59
SHA1 3a54e008a2445217f246876e039656416e892108
SHA256 9773923a8ddeabeb1091dd47d6067b902b654922ef41a72b59fc7ad554704fd8
SHA512 aa4be71b406b8a01ebb6ea201613548202416639fb9c57f3f9dbeb6f8392f0e9cd01eef82bce4116ae45067e181e8b87f64f19639acfcf1300a747e4882c3812

C:\Users\Admin\Downloads\CheatEngine75.exe

MD5 bd08f41ab8c972b822c4168146cc7f85
SHA1 f5b6eb541c01378bb3aa2876d5e4152aede74c07
SHA256 f4caa29bfbd76c368bfc5ec0aec9624050e76a3e03605489720f73969311ae21
SHA512 09a0c48dc891e7bba81d99a50d65c9e5badfc69dfc52f7b093d1d98e32f03df1a43623ae2147062ace3fc8c10863131de201d19a23ba47bc9cb394c025799fdc

C:\Users\Admin\Downloads\CheatEngine75.exe

MD5 9e0d0f2143ab1dba54a864c3b408bc4a
SHA1 9c988770379cfa30fea4229cf3d5057ea6e494ca
SHA256 c811ab0b546f4123c335aadc9d95fad5ce73bbe173dfe6b98375851c982f0414
SHA512 bbd48c38166e3124506f3c544fc956e558a103d3accaabb3fe1f1d0a97f36e410c2fbe37391ce54c0463cbec223c7bd834737a2e1512170eafa1ef5e60725347

C:\Users\Admin\Downloads\CheatEngine75.exe

MD5 81a9fc0754871ed63b5ff2a89f1522a4
SHA1 f9c84b3ea5473a35b4bc295fd3c9f4f6d0753199
SHA256 82821b67081fab74fcd73627481768309f1f0858fcd606cebc935cf3a0529012
SHA512 615d05b0d6c7e9399e4c00f72aa2f8344dd89d9c6642a7af80c60cf701a7c39c0638e4f1ff9a1618005319f5dbe4f739c7b8f372a94c0717a2d499898bc9294d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 df7cb5a22eb491d7cd6a4bff1e1a0d60
SHA1 98b5296d8aa8a561fbcb58673b562b04f5a8c2ec
SHA256 ec8a60be6a7e67096534cd376b48f7b6e813449027da667791d86907db10beda
SHA512 6e8c7f7e5851f6b6ddf10033c0d4429346ad9d3ae899f1adaaeb665195a412b63166dc0ca28149dfb23a935f837dd03232bfa0ada7b7aecd3c68a52c4394698d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 98004270a5a7c38161ec03e9cacdf879
SHA1 145ebcacc42fbaa549d82a6dd764d13342c30c88
SHA256 91fa104efcf12d92b2ba8b7aa6b26d4ead3c20bb2169878db91e7ec30d2a775b
SHA512 e01eb769b96c4a0cc6b31ad64605fced9a8e725c1105c79649076733055a044be722f255a05fa119f155faf01b6e9e4fff1da189aeeede2a7bf3bed04a6cfae0

memory/5100-180-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp

MD5 7129f8621edfe8fadf493a03b8a5184b
SHA1 70b0680e4774f385d73a62364607c007cbe7ca79
SHA256 73321d725a8fba21f3a80a03eb672835292d35a615372abed503ae7eae7b6ea4
SHA512 a288a887c21dd84868a74e50f086f6e75a593cafee96b4e3856e3a62c21c685f8762dd55c9a9fb586c4158e4ad7e7dcc6ec8d04d0b99b81d8401ee6261534ff8

C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp

MD5 655998981d3bda8f12790eb94b17b20e
SHA1 987b0deea8b5d8d248c013efb21d60a1b3d7a8d3
SHA256 1ceec8e5f022913c2106aabbe22bbe07f627cef9df69fcea2b6b9702426d7c90
SHA512 cf8f81f118932a7baf9288a1d20a6aed2ba346ca6e0c0891d442398ed82371beedc2d19fb236fe341fa0e469be8ba43493dadefb4a8510b04696112f1743c8d2

memory/2912-186-0x00000000026F0000-0x00000000026F1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 14addf3155d24666005275efe7cd0a57
SHA1 c048cd20bee6170130241a308e52f0450c9a2249
SHA256 182f28e5ef92b5fbd1bdf44b9ce2484ff45edaaae7a7276b5f6e9f21d4f244ce
SHA512 11c30804bfcf7cc0fa5152f5e8475b0e3dbcebd7fb0fd8687e13e8a836f5025c1f6e9e362fa6d0ea6f614e57a47ab5cfddee9822d06b9e8a13f2d258336c39d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57efde.TMP

MD5 da983df3b7a0752e45701120f804217a
SHA1 081c6f5c1945c1f8429c1126ee694af0d7401a32
SHA256 afb2f4921b48ec9fcc3abe3e25cfbac4fd0b43cff104d70808fb09efae4a3ba8
SHA512 bdb673a93e7361d34e5b0d3a81b76590cdb583be66cbddf29229304e5e9c4aa6246b2ad4656b73071f65da2b8cdcf07119fdb6481c87ffa519b9a3b69388ca80

memory/5100-198-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\zbShieldUtils.dll

MD5 b83f5833e96c2eb13f14dcca805d51a1
SHA1 9976b0a6ef3dabeab064b188d77d870dcdaf086d
SHA256 00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401
SHA512 8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb

C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\logo.png

MD5 1df360d73bf8108041d31d9875888436
SHA1 c866e8855d62f56a411641ece0552e54cbd0f2fb
SHA256 c1b1d7b4806955fe39a8bc6ce5574ab6ac5b93ad640cecfebe0961360c496d43
SHA512 3991b89927d89effca30cc584d5907998c217cf00ca441f2525ef8627ffff2032d104536f8b6ab79b83f4e32a7aab993f45d3930d5943cbfb5e449c5832abe14

memory/2912-227-0x0000000003630000-0x0000000003770000-memory.dmp

memory/2912-228-0x0000000003630000-0x0000000003770000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\RAV_Cross.png

MD5 5521662b178569ab52d6880a1faa8e95
SHA1 62a6bad33b1bbd84aeb252be0680a07e6f93175d
SHA256 0232788928f14e3452016edb1af8a9decf37c0e6004f26cea3300b76dee645d3
SHA512 cbb9b36d09121d3e7948567b72ab4335fd6c8f0d4b2063878beadc8d3f5025fcb56d04e62386f6ed698153b9249131d986a826786981def1bb9e2fc01948c36c

memory/2912-232-0x0000000003630000-0x0000000003770000-memory.dmp

memory/2912-233-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/2912-234-0x0000000003630000-0x0000000003770000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\WebAdvisor.png

MD5 68dba223cf90bea8f73a12bf024498ae
SHA1 c047063530956e8294a6947946587be58d07e21f
SHA256 e54730e552186e2b59888a96a7b3784d759e7c8c6601f708d310f070abe89d5a
SHA512 8b69288da171dc853ffdd1dac925b7416498b5da9bc91db44ff2063ac7a991d814366eef74a04171f760a80b704e120e903f51b4595eb119c60f0bf78c398a51

memory/2912-238-0x0000000003630000-0x0000000003770000-memory.dmp

memory/2912-239-0x0000000003630000-0x0000000003770000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\Opera_new.png

MD5 df3a8146855b69ff6b41cb17a70ec306
SHA1 7180aed1bce08399f086aca0996a7da807431552
SHA256 ed7ef8a251494d3e39ff3d1632bc01a90ecc723d5e838dbaa7a3612580cef321
SHA512 9f5c907fab39f5564efa2774e8a4f317835a35f64b6a2e03ba380803604529a17d80f89279490a8ce2752ecd2f42709835791ee23ca6d45dbb9c768ccb26bc3c

memory/2912-243-0x0000000003630000-0x0000000003770000-memory.dmp

memory/2912-245-0x0000000003630000-0x0000000003770000-memory.dmp

memory/2912-246-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe

MD5 ae696147a3f0e72bff1b029b00cf1459
SHA1 3093a57f2c22bb915d63f31be012621e558ba7be
SHA256 97a2003401bdcd8b7e6984af092708af9a0eb7844345ceeaf2415c96645905b9
SHA512 13926a592c8dc7d17cb19b6b0affb5c6a9a22dfe52b10cb2fb0632cb8875cb8dfbae3a61fd90c7e5744e8e703aa86a26a85e16c1ad62a1ab4da175741020d451

C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe

MD5 52da770a0f3d6daae1fa6eff9cbdfef4
SHA1 de2843595ce02d87d9950d72c3cfb7a220f357ef
SHA256 55408a1a7f71207c4f08dc54ae2f165939ba5c333a2dd98643de6409e897fc12
SHA512 82f7af6f6da85dd0e1ddc106a19c440cbf8ec4ab94342d3f15f13e821fe15e0a597f20ba2cadf581af0365a9ea26f50fcd5c8f36eaaf85d09e01d7d2c4a0ce8b

memory/2912-253-0x00000000026F0000-0x00000000026F1000-memory.dmp

memory/3592-252-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp

MD5 0add6967280653b9ba99d2ea45b3055a
SHA1 9d7488cf8b7ee223ea4421fd2360f6341d236352
SHA256 b886aaedcac83a2b8abc1a23061bcb07ec35b8baf30317811741866f7d804686
SHA512 ce972f98878e8c14ed3332309eb40974b25e33042173557617325ecb26cf5ab469dcd1a2a1c38844f7637a5fb5255663b18e267798333b4883e621f32bd403ac

C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp

MD5 9aa2acd4c96f8ba03bb6c3ea806d806f
SHA1 9752f38cc51314bfd6d9acb9fb773e90f8ea0e15
SHA256 1b81562fdaeaa1bc22cbaa15c92bab90a12080519916cfa30c843796021153bb
SHA512 b0a00082c1e37efbfc2058887db60dabf6e9606713045f53db450f16ebae0296abfd73a025ffa6a8f2dcb730c69dd407f7889037182ce46c68367f54f4b1dc8d

memory/1592-261-0x00000000008F0000-0x00000000008F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-L1HQA.tmp\_isetup\_setup64.tmp

MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA512 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

C:\Program Files\Cheat Engine 7.5\windowsrepair.exe

MD5 9a4d1b5154194ea0c42efebeb73f318f
SHA1 220f8af8b91d3c7b64140cbb5d9337d7ed277edb
SHA256 2f3214f799b0f0a2f3955dbdc64c7e7c0e216f1a09d2c1ad5d0a99921782e363
SHA512 6eef3254fc24079751fc8c38dda9a8e44840e5a4df1ff5adf076e4be87127075a7fea59ba7ef9b901aaf10eb64f881fc8fb306c2625140169665dd3991e5c25b

C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll

MD5 6e00495955d4efaac2e1602eb47033ee
SHA1 95c2998d35adcf2814ec7c056bfbe0a0eb6a100c
SHA256 5e24a5fe17ec001cab7118328a4bff0f2577bd057206c6c886c3b7fb98e0d6d9
SHA512 2004d1def322b6dd7b129fe4fa7bbe5d42ab280b2e9e81de806f54313a7ed7231f71b62b6138ac767288fee796092f3397e5390e858e06e55a69b0d00f18b866

C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll

MD5 19b2050b660a4f9fcb71c93853f2e79c
SHA1 5ffa886fa019fcd20008e8820a0939c09a62407a
SHA256 5421b570fbc1165d7794c08279e311672dc4f42cb7ae1cbddcd7eea0b1136fff
SHA512 a93e47387ab0d327b71c3045b3964c7586d0e03dddb2e692f6671fb99659e829591d5f23ce7a95683d82d239ba7d11fb5a123834629a53de5ce5dba6aa714a9a

C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll

MD5 e9b5905d495a88adbc12c811785e72ec
SHA1 ca0546646986aab770c7cf2e723c736777802880
SHA256 3eb9cd27035d4193e32e271778643f3acb2ba73341d87fd8bb18d99af3dffdea
SHA512 4124180b118149c25f8ea8dbbb2912b4bd56b43f695bf0ff9c6ccc95ade388f1be7d440a791d49e4d5c9c350ea113cf65f839a3c47d705533716acc53dd038f8

C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll

MD5 8d487547f1664995e8c47ec2ca6d71fe
SHA1 d29255653ae831f298a54c6fa142fb64e984e802
SHA256 f50baf9dc3cd6b925758077ec85708db2712999b9027cc632f57d1e6c588df21
SHA512 79c230cfe8907df9da92607a2c1ace0523a36c3a13296cb0265329208edc453e293d7fbedbd5410decf81d20a7fe361fdebddadbc1dc63c96130b0bedf5b1d8a

C:\Program Files\Cheat Engine 7.5\allochook-i386.dll

MD5 19d52868c3e0b609dbeb68ef81f381a9
SHA1 ce365bd4cf627a3849d7277bafbf2f5f56f496dc
SHA256 b96469b310ba59d1db320a337b3a8104db232a4344a47a8e5ae72f16cc7b1ff4
SHA512 5fbd53d761695de1dd6f0afd0964b33863764c89692345cab013c0b1b6332c24dcf766028f305cc87d864d17229d7a52bf19a299ca136a799053c368f21c8926

C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll

MD5 daa81711ad1f1b1f8d96dc926d502484
SHA1 7130b241e23bede2b1f812d95fdb4ed5eecadbfd
SHA256 8422be70e0ec59c962b35acf8ad80671bcc8330c9256e6e1ec5c07691388cd66
SHA512 9eaa8e04ad7359a30d5e2f9256f94c1643d4c3f3c0dff24d6cd9e31a6f88cb3b470dd98f01f8b0f57bb947adc3d45c35749ed4877c7cbbbcc181145f0c361065

C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll

MD5 9f50134c8be9af59f371f607a6daa0b6
SHA1 6584b98172cbc4916a7e5ca8d5788493f85f24a7
SHA256 dd07117ed80546f23d37f8023e992de560a1f55a76d1eb6dfd9d55baa5e3dad6
SHA512 5ccafa2b0e2d20034168ee9a79e8efff64f12f5247f6772815ef4cb9ee56f245a06b088247222c5a3789ae2dcefadbc2c15df4ff5196028857f92b9992b094e0

C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll

MD5 dd71848b5bbd150e22e84238cf985af0
SHA1 35c7aa128d47710cfdb15bb6809a20dbd0f916d8
SHA256 253d18d0d835f482e6abbaf716855580eb8fe789292c937301e4d60ead29531d
SHA512 0cbf35c9d7b09fb57d8a9079eab726a3891393f12aee8b43e01d1d979509e755b74c0fb677f8f2dfab6b2e34a141f65d0cfbfe57bda0bf7482841ad31ace7790

C:\Program Files\Cheat Engine 7.5\winhook-i386.dll

MD5 de625af5cf4822db08035cc897f0b9f2
SHA1 4440b060c1fa070eb5d61ea9aadda11e4120d325
SHA256 3cdb85ee83ef12802efdfc9314e863d4696be70530b31e7958c185fc4d6a9b38
SHA512 19b22f43441e8bc72507be850a8154321c20b7351669d15af726145c0d34805c7df58f9dc64a29272a4811268308e503e9840f06e51ccdcb33afd61258339099

C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll

MD5 f9c562b838a3c0620fb6ee46b20b554c
SHA1 5095f54be57622730698b5c92c61b124dfb3b944
SHA256 e08b035d0a894d8bea64e67b1ed0bce27567d417eaaa133e8b231f8a939e581d
SHA512 a20bc9a442c698c264fef82aa743d9f3873227d7d55cb908e282fa1f5dcff6b40c5b9ca7802576ef2f5a753fd1c534e9be69464b29af8efec8b019814b875296

C:\Program Files\Cheat Engine 7.5\libipt-32.dll

MD5 df443813546abcef7f33dd9fc0c6070a
SHA1 635d2d453d48382824e44dd1e59d5c54d735ee2c
SHA256 d14911c838620251f7f64c190b04bb8f4e762318cc763d993c9179376228d8ca
SHA512 9f9bea9112d9db9bcecfc8e4800b7e8032efb240cbbddaf26c133b4ce12d27b47dc4e90bc339c561714bc972f6e809b2ec9c9e1facc6c223fbac66b089a14c25

C:\Program Files\Cheat Engine 7.5\libipt-64.dll

MD5 4a3b7c52ef32d936e3167efc1e920ae6
SHA1 d5d8daa7a272547419132ddb6e666f7559dbac04
SHA256 26ede848dba071eb76c0c0ef8e9d8ad1c53dfab47ca9137abc9d683032f06ebb
SHA512 36d7f8a0a749de049a830cc8c8f0d3962d8dce57b445f5f3c771a86dd11aaa10da5f36f95e55d3dc90900e4dbddd0dcc21052c53aa11f939db691362c42e5312

C:\Program Files\Cheat Engine 7.5\d3dhook.dll

MD5 2a2ebe526ace7eea5d58e416783d9087
SHA1 5dabe0f7586f351addc8afc5585ee9f70c99e6c4
SHA256 e2a7df4c380667431f4443d5e5fc43964b76c8fcb9cf4c7db921c4140b225b42
SHA512 94ed0038068abddd108f880df23422e21f9808ce04a0d14299aacc5d573521f52626c0c2752b314cda976f64de52c4d5bcac0158b37d43afb9bc345f31fdbbc0

C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll

MD5 5f1a333671bf167730ed5f70c2c18008
SHA1 c8233bbc6178ba646252c6566789b82a3296cab5
SHA256 fd2a2b4fe4504c56347c35f24d566cc0510e81706175395d0a2ba26a013c4daf
SHA512 6986d93e680b3776eb5700143fc35d60ca9dbbdf83498f8731c673f9fd77c8699a24a4849db2a273aa991b8289e4d6c3142bbde77e11f2faf603df43e8fea105

C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll

MD5 43dac1f3ca6b48263029b348111e3255
SHA1 9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1
SHA256 148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066
SHA512 6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032

C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll

MD5 42e2bf4210f8126e3d655218bd2af2e4
SHA1 78efcb9138eb0c800451cf2bcc10e92a3adf5b72
SHA256 1e30126badfffb231a605c6764dd98895208779ef440ea20015ab560263dd288
SHA512 c985988d0832ce26337f774b160ac369f2957c306a1d82fbbffe87d9062ae5f3af3c1209768cd574182669cd4495dba26b6f1388814c0724a7812218b0b8dc74

C:\Program Files\Cheat Engine 7.5\d3dhook64.dll

MD5 2af7afe35ab4825e58f43434f5ae9a0f
SHA1 b67c51cad09b236ae859a77d0807669283d6342f
SHA256 7d82694094c1bbc586e554fa87a4b1ed6ebc9eb14902fd429824dcd501339722
SHA512 23b7c6db0cb9c918ad9f28fa0e4e683c7e2495e89a136b75b7e1be6380591da61b6fb4f7248191f28fd3d80c4a391744a96434b4ab96b9531b5ebb0ec970b9d0

C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll

MD5 61ba5199c4e601fa6340e46bef0dff2d
SHA1 7c1a51d6d75b001ba1acde2acb0919b939b392c3
SHA256 8783f06f7b123e16042bb0af91ff196b698d3cd2aa930e3ea97cfc553d9fc0f4
SHA512 8ce180a622a5788bb66c5f3a4abfde62c858e86962f29091e9c157753088ddc826c67c51ff26567bfe2b75737897f14e6bb17ec89f52b525f6577097f1647d31

C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll

MD5 0daf9f07847cceb0f0760bf5d770b8c1
SHA1 992cc461f67acea58a866a78b6eefb0cbcc3aaa1
SHA256 a2ac2ba27b0ed9acc3f0ea1bef9909a59169bc2eb16c979ef8e736a784bf2fa4
SHA512 b4dda28721de88a372af39d4dfba6e612ce06cc443d6a6d636334865a9f8ca555591fb36d9829b54bc0fb27f486d4f216d50f68e1c2df067439fe8ebbf203b6a

C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll

MD5 0eaac872aadc457c87ee995bbf45a9c1
SHA1 5e9e9b98f40424ad5397fc73c13b882d75499d27
SHA256 6f505cc5973687bbda1c2d9ac8a635d333f57c12067c54da7453d9448ab40b8f
SHA512 164d1e6ef537d44ac4c0fd90d3c708843a74ac2e08fa2b3f0fdd4a180401210847e0f7bb8ec3056f5dc1d5a54d3239c59fb37914ce7742a4c0eb81578657d24b

C:\Program Files\Cheat Engine 7.5\overlay.fx

MD5 650c02fc9f949d14d62e32dd7a894f5e
SHA1 fa5399b01aadd9f1a4a5632f8632711c186ec0de
SHA256 c4d23db8effb359b4aa4d1e1e480486fe3a4586ce8243397a94250627ba4f8cc
SHA512 f2caaf604c271283fc7af3aa9674b9d647c4ac53dffca031dbf1220d3ed2e867943f5409a95f41c61d716879bed7c888735f43a068f1cc1452b4196d611cb76d

C:\Program Files\Cheat Engine 7.5\languages\language.ini

MD5 af5ed8f4fe5370516403ae39200f5a4f
SHA1 9299e9998a0605182683a58a5a6ab01a9b9bc037
SHA256 4aa4f0b75548d45c81d8e876e2db1c74bddfd64091f102706d729b50a7af53a5
SHA512 f070049a2fae3223861424e7fe79cbae6601c9bee6a56fadde4485ad3c597dc1f3687e720177ab28564a1faab52b6679e9315f74327d02aa1fb31e7b8233a80f

C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe

MD5 9af96706762298cf72df2a74213494c9
SHA1 4b5fd2f168380919524ecce77aa1be330fdef57a
SHA256 65fa2ccb3ac5400dd92dda5f640445a6e195da7c827107260f67624d3eb95e7d
SHA512 29a0619093c4c0ecf602c861ec819ef16550c0607df93067eaef4259a84fd7d40eb88cd5548c0b3b265f3ce5237b585f508fdd543fa281737be17c0551163bd4

memory/2912-739-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png

MD5 5cff22e5655d267b559261c37a423871
SHA1 b60ae22dfd7843dd1522663a3f46b3e505744b0f
SHA256 a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9
SHA512 e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

MD5 f921416197c2ae407d53ba5712c3930a
SHA1 6a7daa7372e93c48758b9752c8a5a673b525632b
SHA256 e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e
SHA512 0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce

memory/1592-914-0x0000000000400000-0x000000000071B000-memory.dmp

C:\Program Files\Cheat Engine 7.5\autorun\alternateSpeedhack.LUA

MD5 459b793e0dc43a993f03d8b612f67cec
SHA1 f14ae9afbe97af534a11bf98ac1cc096269f1474
SHA256 e2cbb4c2f46305bb07d84222231012fd4c800fe8e1b43e0aa1af9b6c5d111f7f
SHA512 1740068e3419d153ecbd9d1a6aada20aabe71915e7422dce1a83e616e8d2a1084922a81741591a682531e1f8146e437d8688521c7707a4909e5721768a3f956e

memory/3592-921-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_comments.lua

MD5 0d4d1b597712015ef1b0ec8adc26495f
SHA1 3584779c06619f545b47a27703aa2f47455d50de
SHA256 89c8fccc16d2aa0a3004dc1b477a5c1dcbba539769b2a4558f7c7d9b9809b133
SHA512 ae26bbb2c3f74c143a01ec3b296a26699c679d51bc68c8c7b8c460616d1a0aa065500ebca83e972a720bd7a3c5a7b63a673eaecef1391a2e717208ef8da0796f

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_account.lua

MD5 0b5180bd64689788ebeaa8e705a264ac
SHA1 43a5cc401ee6c4ff4a94697112b1bc1d4345fc19
SHA256 8fd38a5e6c0408ca77e0e7a0ee179b4391758ec6da94ea289e3a2cbc1ab1ec59
SHA512 cc26e2e36b93bf89aa16c744b2db60d855de616db7a67f4fb24135545104459338c3edeab42bb316b1ecb0db9e31970b1415a1bf638ea3e53ae31471330aeadb

C:\Program Files\Cheat Engine 7.5\autorun\bigendian.lua

MD5 e76fcd2ecd5b956d4579a676aa3eea01
SHA1 49ecba5ccc531a40ad7805a126d38b44b4a36576
SHA256 0339ba0043af5c058cf3a19de9f90312d18f6bb2728f454ef403b531bd57ae42
SHA512 8443c213d4a626a358631f76a0cc4c106543ce58c94d34a96b88574b3e32ae742f28878b259a17823ca07ec521b06e32e572e7bc77e10951bc0984b07c0571c6

C:\Program Files\Cheat Engine 7.5\autorun\autosave.lua

MD5 40d6bfe593194cf938e19622a3c13a5e
SHA1 761257e8ef492431cf0e04dbca396fabb25fe1ae
SHA256 c4cef60489b067c8e7abcdd5594643a27d0720b21523753dd462d53024287116
SHA512 1d1aaa9de74b0bb08cc4ceced5dbfa4c589347eac098d7ae013d5a1beaae0eeaca4d314e2591560c6df14a93dd4e9316ca317d21efadcca57d11eee72f4c6e16

C:\Program Files\Cheat Engine 7.5\autorun\addtonewgroup.lua

MD5 3e20f1013fb48a67fe59bede7b8e341b
SHA1 8c8a4cb49c3b29db2c47f84aafd0416101722bfe
SHA256 96e4429192f9ab26f8bf9f9429f36b388aa69c3624781c61ea6df7e1bca9b49b
SHA512 99cf3f88c8b06da0dbe8085dee796bec7a9533990a55fbce7524a4f941b5ecf0e8ec975a4b032eb2aaabd116c0804995a75036c98a5e4058f25d78d08a11f3f2

memory/2912-925-0x0000000003630000-0x0000000003770000-memory.dmp

memory/2912-926-0x0000000003630000-0x0000000003770000-memory.dmp

memory/2912-928-0x0000000003630000-0x0000000003770000-memory.dmp

memory/2912-929-0x0000000003630000-0x0000000003770000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bb9ec43635cba8cbebe54c26922a2171
SHA1 d9c56909742882ff252820fa2519772b09d68223
SHA256 70bd5e198084c681f4d0f4bb3180a32e70e3ec1d0fc69bbc9019673b72389d9a
SHA512 1e1f2e4f653dc61d372522467a6e4617c374b4870d593faeaf6157a52c1fffd22e5f3ad401d9d950182ec16d74f34a3126634c02d2d64ce241a9f6c95cf6fd31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ee25884d-632b-482c-8520-e15823cfb776.tmp

MD5 7aac37634f7bdb3e18e659efd1f7cf21
SHA1 9034ac94d9a3c326e6baa401b75239b0f3458caf
SHA256 2556b0141baa1fd15294914dbd8996ee91763a13062cf07d0192e53a85fa0ade
SHA512 9bebea429d1144e186699db8ce1d18f921f118c47cbc0767c07234364faf12496623df968b78fe075a5b26772a37572370f2e68e9eb0eced2cbf4eedd58ac586

memory/2912-953-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/2912-954-0x0000000003630000-0x0000000003770000-memory.dmp

memory/2912-965-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/5100-966-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7defe24c8871f776a34c3eef787ac96a
SHA1 4afd25b281bfc45b807e597603c46e01f0d04d58
SHA256 dac125ff8c424c8abe8e5d3eea7930f4adffb482cbf127119aef62f7b7963b54
SHA512 217ccc033f17408f4e033899a7f71b4b9424258989b9d407fbfada94a07ddcf6d7856497baf2773d0f2988f47f0fd5cf843286b46bb1cad6015bdd1adaec74b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36e8f1ccf7798cbf2022014677a4ecf5
SHA1 5afbc332421a7059bacc6beaa908d7a298c0971a
SHA256 aee71ad7df7d063a24076e2d6be7c8af764ca680b527e6dbc909d475dcf996df
SHA512 da0e8288c39a9c516014ac69abd61e7f4ea6657cd25d7ab9c1466f09ce04ef41ceafe81d01d49576574bca79d7d430a13158a73caabc2a694e06e4266bdca080

memory/1924-993-0x00000000008E0000-0x00000000008E1000-memory.dmp

memory/1664-997-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

memory/1924-1014-0x0000000000400000-0x000000000071B000-memory.dmp

memory/1664-1016-0x0000000000400000-0x000000000071B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cd554cc05384df6ce89c2905bfe98cbf
SHA1 95f389d917e58c01acdb24b2b3ed7b2aeb43043d
SHA256 5801c829449fad8fa58c6c0e7e948d8ee580977e19858067fc80c51f1b9032c3
SHA512 146edca93465dfa4c1f7f38380a1f036642506e1dc98134492931dd0e18fd9e6d10b0af372c2d8847b26228e9d5f5cbe9c4c609ea777d33d601e1240ce0be91f