Analysis Overview
Threat Level: Likely malicious
The file https://www.cheatengine.org/downloads.php was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Stops running service(s)
Checks computer location settings
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Checks for any installed AV software in registry
Checks installed software on the system
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Launches sc.exe
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Modifies data under HKEY_USERS
Checks processor information in registry
Script User-Agent
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: LoadsDriver
Runs net.exe
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 20:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 20:41
Reported
2024-02-22 20:46
Platform
win10v2004-20240221-uk
Max time kernel
258s
Max time network
211s
Command Line
Signatures
Downloads MZ/PE file
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\Control Panel\International\Geo\Nation | C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CheatEngine75.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-L1HQA.tmp\_isetup\_setup64.tmp | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\windowsrepair.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\unins000.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| N/A | N/A | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp | N/A |
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SYSTEM32\GLU32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\KERNEL32.DLL | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\KERNELBASE.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\win32u.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\advapi32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\shell32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\comdlg32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\bcryptPrimitives.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\ntdll.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ole32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\shcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\SHLWAPI.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\opengl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\msimg32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\version.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\kernel.appcore.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\apphelp.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\oleaut32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ucrtbase.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\RPCRT4.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\msvcrt.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\psapi.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\clbcatq.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\MSCTF.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\user32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\sechost.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\PROPSYS.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\GDI32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\hhctrl.ocx | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\Wldp.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\msvcp_win.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\ws2_32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\uxtheme.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\gdi32full.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\imm32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\wininet.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\System32\combase.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\wsock32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\winmm.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\system32\explorerframe.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\windows.storage.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\sechost.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-V85GM.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\sec_api\is-GA2O2.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\languages\is-6B6N5.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-EOIQ6.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-VC4KD.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-5HT9K.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\kernelbase.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\libipt-32.dll | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-AT83Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-N989P.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\sys\is-KDLNV.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\plugins\is-MQAEI.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\badassets\is-4LCTT.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\ntmarta.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-OEAUD.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-5JMJO.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-8DL0M.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\oleaut32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\ucrtbase.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\Kernel.Appcore.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\Windows.Storage.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\winapi\is-G3ED3.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-DAAS2.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\plugins\is-RUFQV.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-MEGF1.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\shlwapi.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-C9NL5.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\webio.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\plugins\is-35TR2.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\wsock32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-LUH11.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-P3FDL.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\ole32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\propsys.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\crypt32.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dll\webio.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\sys\is-ML91V.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-M1JNQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\is-R55LK.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-TQS4U.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\lua53-64.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\sec_api\is-8ULEE.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-DEEEI.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-FEJED.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\devobj.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\dhcpcsvc.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\d3dhook.dll | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\is-J7TQR.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\winapi\is-QOKFR.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-4F27Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\symbols\dll\combase.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-EJH6E.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\include\is-OCL66.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\is-G2QGD.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File created | C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\is-TL9TM.tmp | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\rpcrt4.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| File opened for modification | C:\Program Files\Cheat Engine 7.5\DLL\dhcpcsvc.pdb | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll | C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "97" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531081112625001" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open | C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine" | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command | C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine" | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine" | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon\ = "C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe,0" | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.CT | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open | C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell | C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine | C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp | N/A |
Runs net.exe
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Cheat Engine 7.5 : luascript-ceshare | N/A | N/A |
| HTTP User-Agent header | Cheat Engine 7.5 : luascript-CEVersionCheck | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.cheatengine.org/downloads.php
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91a0b9758,0x7ff91a0b9768,0x7ff91a0b9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4788 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4852 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3748 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3904 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5764 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5032 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6260 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6776 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6812 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Users\Admin\Downloads\CheatEngine75.exe
"C:\Users\Admin\Downloads\CheatEngine75.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6484 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3780 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp
"C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp" /SL5="$50240,29019897,780800,C:\Users\Admin\Downloads\CheatEngine75.exe"
C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe
"C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp
"C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp" /SL5="$10270,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
C:\Windows\SYSTEM32\net.exe
"net" stop BadlionAntic
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop BadlionAntic
C:\Windows\SYSTEM32\net.exe
"net" stop BadlionAnticheat
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop BadlionAnticheat
C:\Windows\SYSTEM32\sc.exe
"sc" delete BadlionAntic
C:\Windows\SYSTEM32\sc.exe
"sc" delete BadlionAnticheat
C:\Users\Admin\AppData\Local\Temp\is-L1HQA.tmp\_isetup\_setup64.tmp
helper 105 0x480
C:\Windows\system32\icacls.exe
"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
C:\Windows\system32\icacls.exe
"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Cheat Engine 7.5\unins000.exe
"C:\Program Files\Cheat Engine 7.5\unins000.exe"
C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp
"C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp" /SECONDPHASE="C:\Program Files\Cheat Engine 7.5\unins000.exe" /FIRSTPHASEWND=$2031E
C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2828 --field-trial-handle=1896,i,2357582354941181564,3530339545966035160,131072 /prefetch:2
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa396f055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.cheatengine.org | udp |
| US | 104.20.175.30:443 | www.cheatengine.org | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | c6.patreon.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.freeware.de | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 104.16.6.49:443 | c6.patreon.com | tcp |
| DE | 89.31.143.90:443 | www.freeware.de | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.175.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.patreon.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | c5.patreon.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.6.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.143.31.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 104.16.6.49:443 | c5.patreon.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | d1vdn3r1396bak.cloudfront.net | udp |
| DE | 52.222.190.142:443 | d1vdn3r1396bak.cloudfront.net | tcp |
| DE | 52.222.190.142:443 | d1vdn3r1396bak.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.190.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.92.85.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1zlukw2pqueen.cloudfront.net | udp |
| DE | 54.230.55.64:443 | d1zlukw2pqueen.cloudfront.net | tcp |
| DE | 54.230.55.64:443 | d1zlukw2pqueen.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 64.55.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cheatengine.org | udp |
| US | 104.20.175.30:443 | cheatengine.org | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | tcp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | tcp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | tcp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | tcp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons3.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.214.133.66:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.152:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 66.133.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.128.123.92.in-addr.arpa | udp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_2500_CZRHUCGZFMQIZPFA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9209224a5e97b6a5da5ffa4555646118 |
| SHA1 | 9307155a661b69c23c134d52e74139c9388349eb |
| SHA256 | 6e6d0f9c62a7bb7d6e6f67558c65d5dbfeab98c29b13e5c3477b67676f246822 |
| SHA512 | b375dc2d4db1d12ac0ea96b392dfe9c0441b69225b25ab65225960368620321cf909203e78906e50b0a911408de8a47eeeb8dfb9738ea8abeb2b7114a7da88dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4412cbdb00bbeda05892e773bfc497da |
| SHA1 | 2bb667a9d37b6f70c01046f5f715b9e5dc8eaa8f |
| SHA256 | eaebdaa975ccb747799d934754765a20bb472cce64a0c4d9ff7da862ee4a0952 |
| SHA512 | 7c6e5b8bbe4359140c83a8513897f05c0dd77e13f290b30d0de07ffbb2f4791de6f6868216a453b915a84136955e0ec6ad01568911668c3b586a7cb09ccf23d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | abf4c15d886059e167efa067ebf40b0d |
| SHA1 | 2fa6d89ee9f7308ac8d0bb9042760b321cea443c |
| SHA256 | 9f316d52519c6adf1e5ba6280765396e69e8798b8f23d54de94141638a80650f |
| SHA512 | 51c13b021118f17ad3dc65a4408c709c62523adb332c9ef9c17345047cded6cee5f6743dcd61a7d52c90cc921ab9171c9ce8b9dd50ed6a5e308e5d938e47a543 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3d7556432e72d6f4fddac54f18947d59 |
| SHA1 | 3a54e008a2445217f246876e039656416e892108 |
| SHA256 | 9773923a8ddeabeb1091dd47d6067b902b654922ef41a72b59fc7ad554704fd8 |
| SHA512 | aa4be71b406b8a01ebb6ea201613548202416639fb9c57f3f9dbeb6f8392f0e9cd01eef82bce4116ae45067e181e8b87f64f19639acfcf1300a747e4882c3812 |
C:\Users\Admin\Downloads\CheatEngine75.exe
| MD5 | bd08f41ab8c972b822c4168146cc7f85 |
| SHA1 | f5b6eb541c01378bb3aa2876d5e4152aede74c07 |
| SHA256 | f4caa29bfbd76c368bfc5ec0aec9624050e76a3e03605489720f73969311ae21 |
| SHA512 | 09a0c48dc891e7bba81d99a50d65c9e5badfc69dfc52f7b093d1d98e32f03df1a43623ae2147062ace3fc8c10863131de201d19a23ba47bc9cb394c025799fdc |
C:\Users\Admin\Downloads\CheatEngine75.exe
| MD5 | 9e0d0f2143ab1dba54a864c3b408bc4a |
| SHA1 | 9c988770379cfa30fea4229cf3d5057ea6e494ca |
| SHA256 | c811ab0b546f4123c335aadc9d95fad5ce73bbe173dfe6b98375851c982f0414 |
| SHA512 | bbd48c38166e3124506f3c544fc956e558a103d3accaabb3fe1f1d0a97f36e410c2fbe37391ce54c0463cbec223c7bd834737a2e1512170eafa1ef5e60725347 |
C:\Users\Admin\Downloads\CheatEngine75.exe
| MD5 | 81a9fc0754871ed63b5ff2a89f1522a4 |
| SHA1 | f9c84b3ea5473a35b4bc295fd3c9f4f6d0753199 |
| SHA256 | 82821b67081fab74fcd73627481768309f1f0858fcd606cebc935cf3a0529012 |
| SHA512 | 615d05b0d6c7e9399e4c00f72aa2f8344dd89d9c6642a7af80c60cf701a7c39c0638e4f1ff9a1618005319f5dbe4f739c7b8f372a94c0717a2d499898bc9294d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | df7cb5a22eb491d7cd6a4bff1e1a0d60 |
| SHA1 | 98b5296d8aa8a561fbcb58673b562b04f5a8c2ec |
| SHA256 | ec8a60be6a7e67096534cd376b48f7b6e813449027da667791d86907db10beda |
| SHA512 | 6e8c7f7e5851f6b6ddf10033c0d4429346ad9d3ae899f1adaaeb665195a412b63166dc0ca28149dfb23a935f837dd03232bfa0ada7b7aecd3c68a52c4394698d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 98004270a5a7c38161ec03e9cacdf879 |
| SHA1 | 145ebcacc42fbaa549d82a6dd764d13342c30c88 |
| SHA256 | 91fa104efcf12d92b2ba8b7aa6b26d4ead3c20bb2169878db91e7ec30d2a775b |
| SHA512 | e01eb769b96c4a0cc6b31ad64605fced9a8e725c1105c79649076733055a044be722f255a05fa119f155faf01b6e9e4fff1da189aeeede2a7bf3bed04a6cfae0 |
memory/5100-180-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp
| MD5 | 7129f8621edfe8fadf493a03b8a5184b |
| SHA1 | 70b0680e4774f385d73a62364607c007cbe7ca79 |
| SHA256 | 73321d725a8fba21f3a80a03eb672835292d35a615372abed503ae7eae7b6ea4 |
| SHA512 | a288a887c21dd84868a74e50f086f6e75a593cafee96b4e3856e3a62c21c685f8762dd55c9a9fb586c4158e4ad7e7dcc6ec8d04d0b99b81d8401ee6261534ff8 |
C:\Users\Admin\AppData\Local\Temp\is-E8KUQ.tmp\CheatEngine75.tmp
| MD5 | 655998981d3bda8f12790eb94b17b20e |
| SHA1 | 987b0deea8b5d8d248c013efb21d60a1b3d7a8d3 |
| SHA256 | 1ceec8e5f022913c2106aabbe22bbe07f627cef9df69fcea2b6b9702426d7c90 |
| SHA512 | cf8f81f118932a7baf9288a1d20a6aed2ba346ca6e0c0891d442398ed82371beedc2d19fb236fe341fa0e469be8ba43493dadefb4a8510b04696112f1743c8d2 |
memory/2912-186-0x00000000026F0000-0x00000000026F1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 14addf3155d24666005275efe7cd0a57 |
| SHA1 | c048cd20bee6170130241a308e52f0450c9a2249 |
| SHA256 | 182f28e5ef92b5fbd1bdf44b9ce2484ff45edaaae7a7276b5f6e9f21d4f244ce |
| SHA512 | 11c30804bfcf7cc0fa5152f5e8475b0e3dbcebd7fb0fd8687e13e8a836f5025c1f6e9e362fa6d0ea6f614e57a47ab5cfddee9822d06b9e8a13f2d258336c39d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57efde.TMP
| MD5 | da983df3b7a0752e45701120f804217a |
| SHA1 | 081c6f5c1945c1f8429c1126ee694af0d7401a32 |
| SHA256 | afb2f4921b48ec9fcc3abe3e25cfbac4fd0b43cff104d70808fb09efae4a3ba8 |
| SHA512 | bdb673a93e7361d34e5b0d3a81b76590cdb583be66cbddf29229304e5e9c4aa6246b2ad4656b73071f65da2b8cdcf07119fdb6481c87ffa519b9a3b69388ca80 |
memory/5100-198-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\zbShieldUtils.dll
| MD5 | b83f5833e96c2eb13f14dcca805d51a1 |
| SHA1 | 9976b0a6ef3dabeab064b188d77d870dcdaf086d |
| SHA256 | 00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401 |
| SHA512 | 8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb |
C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\logo.png
| MD5 | 1df360d73bf8108041d31d9875888436 |
| SHA1 | c866e8855d62f56a411641ece0552e54cbd0f2fb |
| SHA256 | c1b1d7b4806955fe39a8bc6ce5574ab6ac5b93ad640cecfebe0961360c496d43 |
| SHA512 | 3991b89927d89effca30cc584d5907998c217cf00ca441f2525ef8627ffff2032d104536f8b6ab79b83f4e32a7aab993f45d3930d5943cbfb5e449c5832abe14 |
memory/2912-227-0x0000000003630000-0x0000000003770000-memory.dmp
memory/2912-228-0x0000000003630000-0x0000000003770000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\RAV_Cross.png
| MD5 | 5521662b178569ab52d6880a1faa8e95 |
| SHA1 | 62a6bad33b1bbd84aeb252be0680a07e6f93175d |
| SHA256 | 0232788928f14e3452016edb1af8a9decf37c0e6004f26cea3300b76dee645d3 |
| SHA512 | cbb9b36d09121d3e7948567b72ab4335fd6c8f0d4b2063878beadc8d3f5025fcb56d04e62386f6ed698153b9249131d986a826786981def1bb9e2fc01948c36c |
memory/2912-232-0x0000000003630000-0x0000000003770000-memory.dmp
memory/2912-233-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/2912-234-0x0000000003630000-0x0000000003770000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\WebAdvisor.png
| MD5 | 68dba223cf90bea8f73a12bf024498ae |
| SHA1 | c047063530956e8294a6947946587be58d07e21f |
| SHA256 | e54730e552186e2b59888a96a7b3784d759e7c8c6601f708d310f070abe89d5a |
| SHA512 | 8b69288da171dc853ffdd1dac925b7416498b5da9bc91db44ff2063ac7a991d814366eef74a04171f760a80b704e120e903f51b4595eb119c60f0bf78c398a51 |
memory/2912-238-0x0000000003630000-0x0000000003770000-memory.dmp
memory/2912-239-0x0000000003630000-0x0000000003770000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\Opera_new.png
| MD5 | df3a8146855b69ff6b41cb17a70ec306 |
| SHA1 | 7180aed1bce08399f086aca0996a7da807431552 |
| SHA256 | ed7ef8a251494d3e39ff3d1632bc01a90ecc723d5e838dbaa7a3612580cef321 |
| SHA512 | 9f5c907fab39f5564efa2774e8a4f317835a35f64b6a2e03ba380803604529a17d80f89279490a8ce2752ecd2f42709835791ee23ca6d45dbb9c768ccb26bc3c |
memory/2912-243-0x0000000003630000-0x0000000003770000-memory.dmp
memory/2912-245-0x0000000003630000-0x0000000003770000-memory.dmp
memory/2912-246-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe
| MD5 | ae696147a3f0e72bff1b029b00cf1459 |
| SHA1 | 3093a57f2c22bb915d63f31be012621e558ba7be |
| SHA256 | 97a2003401bdcd8b7e6984af092708af9a0eb7844345ceeaf2415c96645905b9 |
| SHA512 | 13926a592c8dc7d17cb19b6b0affb5c6a9a22dfe52b10cb2fb0632cb8875cb8dfbae3a61fd90c7e5744e8e703aa86a26a85e16c1ad62a1ab4da175741020d451 |
C:\Users\Admin\AppData\Local\Temp\is-GEHCT.tmp\CheatEngine75.exe
| MD5 | 52da770a0f3d6daae1fa6eff9cbdfef4 |
| SHA1 | de2843595ce02d87d9950d72c3cfb7a220f357ef |
| SHA256 | 55408a1a7f71207c4f08dc54ae2f165939ba5c333a2dd98643de6409e897fc12 |
| SHA512 | 82f7af6f6da85dd0e1ddc106a19c440cbf8ec4ab94342d3f15f13e821fe15e0a597f20ba2cadf581af0365a9ea26f50fcd5c8f36eaaf85d09e01d7d2c4a0ce8b |
memory/2912-253-0x00000000026F0000-0x00000000026F1000-memory.dmp
memory/3592-252-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp
| MD5 | 0add6967280653b9ba99d2ea45b3055a |
| SHA1 | 9d7488cf8b7ee223ea4421fd2360f6341d236352 |
| SHA256 | b886aaedcac83a2b8abc1a23061bcb07ec35b8baf30317811741866f7d804686 |
| SHA512 | ce972f98878e8c14ed3332309eb40974b25e33042173557617325ecb26cf5ab469dcd1a2a1c38844f7637a5fb5255663b18e267798333b4883e621f32bd403ac |
C:\Users\Admin\AppData\Local\Temp\is-BIL5N.tmp\CheatEngine75.tmp
| MD5 | 9aa2acd4c96f8ba03bb6c3ea806d806f |
| SHA1 | 9752f38cc51314bfd6d9acb9fb773e90f8ea0e15 |
| SHA256 | 1b81562fdaeaa1bc22cbaa15c92bab90a12080519916cfa30c843796021153bb |
| SHA512 | b0a00082c1e37efbfc2058887db60dabf6e9606713045f53db450f16ebae0296abfd73a025ffa6a8f2dcb730c69dd407f7889037182ce46c68367f54f4b1dc8d |
memory/1592-261-0x00000000008F0000-0x00000000008F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-L1HQA.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
| MD5 | 9a4d1b5154194ea0c42efebeb73f318f |
| SHA1 | 220f8af8b91d3c7b64140cbb5d9337d7ed277edb |
| SHA256 | 2f3214f799b0f0a2f3955dbdc64c7e7c0e216f1a09d2c1ad5d0a99921782e363 |
| SHA512 | 6eef3254fc24079751fc8c38dda9a8e44840e5a4df1ff5adf076e4be87127075a7fea59ba7ef9b901aaf10eb64f881fc8fb306c2625140169665dd3991e5c25b |
C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll
| MD5 | 6e00495955d4efaac2e1602eb47033ee |
| SHA1 | 95c2998d35adcf2814ec7c056bfbe0a0eb6a100c |
| SHA256 | 5e24a5fe17ec001cab7118328a4bff0f2577bd057206c6c886c3b7fb98e0d6d9 |
| SHA512 | 2004d1def322b6dd7b129fe4fa7bbe5d42ab280b2e9e81de806f54313a7ed7231f71b62b6138ac767288fee796092f3397e5390e858e06e55a69b0d00f18b866 |
C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll
| MD5 | 19b2050b660a4f9fcb71c93853f2e79c |
| SHA1 | 5ffa886fa019fcd20008e8820a0939c09a62407a |
| SHA256 | 5421b570fbc1165d7794c08279e311672dc4f42cb7ae1cbddcd7eea0b1136fff |
| SHA512 | a93e47387ab0d327b71c3045b3964c7586d0e03dddb2e692f6671fb99659e829591d5f23ce7a95683d82d239ba7d11fb5a123834629a53de5ce5dba6aa714a9a |
C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll
| MD5 | e9b5905d495a88adbc12c811785e72ec |
| SHA1 | ca0546646986aab770c7cf2e723c736777802880 |
| SHA256 | 3eb9cd27035d4193e32e271778643f3acb2ba73341d87fd8bb18d99af3dffdea |
| SHA512 | 4124180b118149c25f8ea8dbbb2912b4bd56b43f695bf0ff9c6ccc95ade388f1be7d440a791d49e4d5c9c350ea113cf65f839a3c47d705533716acc53dd038f8 |
C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll
| MD5 | 8d487547f1664995e8c47ec2ca6d71fe |
| SHA1 | d29255653ae831f298a54c6fa142fb64e984e802 |
| SHA256 | f50baf9dc3cd6b925758077ec85708db2712999b9027cc632f57d1e6c588df21 |
| SHA512 | 79c230cfe8907df9da92607a2c1ace0523a36c3a13296cb0265329208edc453e293d7fbedbd5410decf81d20a7fe361fdebddadbc1dc63c96130b0bedf5b1d8a |
C:\Program Files\Cheat Engine 7.5\allochook-i386.dll
| MD5 | 19d52868c3e0b609dbeb68ef81f381a9 |
| SHA1 | ce365bd4cf627a3849d7277bafbf2f5f56f496dc |
| SHA256 | b96469b310ba59d1db320a337b3a8104db232a4344a47a8e5ae72f16cc7b1ff4 |
| SHA512 | 5fbd53d761695de1dd6f0afd0964b33863764c89692345cab013c0b1b6332c24dcf766028f305cc87d864d17229d7a52bf19a299ca136a799053c368f21c8926 |
C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll
| MD5 | daa81711ad1f1b1f8d96dc926d502484 |
| SHA1 | 7130b241e23bede2b1f812d95fdb4ed5eecadbfd |
| SHA256 | 8422be70e0ec59c962b35acf8ad80671bcc8330c9256e6e1ec5c07691388cd66 |
| SHA512 | 9eaa8e04ad7359a30d5e2f9256f94c1643d4c3f3c0dff24d6cd9e31a6f88cb3b470dd98f01f8b0f57bb947adc3d45c35749ed4877c7cbbbcc181145f0c361065 |
C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll
| MD5 | 9f50134c8be9af59f371f607a6daa0b6 |
| SHA1 | 6584b98172cbc4916a7e5ca8d5788493f85f24a7 |
| SHA256 | dd07117ed80546f23d37f8023e992de560a1f55a76d1eb6dfd9d55baa5e3dad6 |
| SHA512 | 5ccafa2b0e2d20034168ee9a79e8efff64f12f5247f6772815ef4cb9ee56f245a06b088247222c5a3789ae2dcefadbc2c15df4ff5196028857f92b9992b094e0 |
C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll
| MD5 | dd71848b5bbd150e22e84238cf985af0 |
| SHA1 | 35c7aa128d47710cfdb15bb6809a20dbd0f916d8 |
| SHA256 | 253d18d0d835f482e6abbaf716855580eb8fe789292c937301e4d60ead29531d |
| SHA512 | 0cbf35c9d7b09fb57d8a9079eab726a3891393f12aee8b43e01d1d979509e755b74c0fb677f8f2dfab6b2e34a141f65d0cfbfe57bda0bf7482841ad31ace7790 |
C:\Program Files\Cheat Engine 7.5\winhook-i386.dll
| MD5 | de625af5cf4822db08035cc897f0b9f2 |
| SHA1 | 4440b060c1fa070eb5d61ea9aadda11e4120d325 |
| SHA256 | 3cdb85ee83ef12802efdfc9314e863d4696be70530b31e7958c185fc4d6a9b38 |
| SHA512 | 19b22f43441e8bc72507be850a8154321c20b7351669d15af726145c0d34805c7df58f9dc64a29272a4811268308e503e9840f06e51ccdcb33afd61258339099 |
C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll
| MD5 | f9c562b838a3c0620fb6ee46b20b554c |
| SHA1 | 5095f54be57622730698b5c92c61b124dfb3b944 |
| SHA256 | e08b035d0a894d8bea64e67b1ed0bce27567d417eaaa133e8b231f8a939e581d |
| SHA512 | a20bc9a442c698c264fef82aa743d9f3873227d7d55cb908e282fa1f5dcff6b40c5b9ca7802576ef2f5a753fd1c534e9be69464b29af8efec8b019814b875296 |
C:\Program Files\Cheat Engine 7.5\libipt-32.dll
| MD5 | df443813546abcef7f33dd9fc0c6070a |
| SHA1 | 635d2d453d48382824e44dd1e59d5c54d735ee2c |
| SHA256 | d14911c838620251f7f64c190b04bb8f4e762318cc763d993c9179376228d8ca |
| SHA512 | 9f9bea9112d9db9bcecfc8e4800b7e8032efb240cbbddaf26c133b4ce12d27b47dc4e90bc339c561714bc972f6e809b2ec9c9e1facc6c223fbac66b089a14c25 |
C:\Program Files\Cheat Engine 7.5\libipt-64.dll
| MD5 | 4a3b7c52ef32d936e3167efc1e920ae6 |
| SHA1 | d5d8daa7a272547419132ddb6e666f7559dbac04 |
| SHA256 | 26ede848dba071eb76c0c0ef8e9d8ad1c53dfab47ca9137abc9d683032f06ebb |
| SHA512 | 36d7f8a0a749de049a830cc8c8f0d3962d8dce57b445f5f3c771a86dd11aaa10da5f36f95e55d3dc90900e4dbddd0dcc21052c53aa11f939db691362c42e5312 |
C:\Program Files\Cheat Engine 7.5\d3dhook.dll
| MD5 | 2a2ebe526ace7eea5d58e416783d9087 |
| SHA1 | 5dabe0f7586f351addc8afc5585ee9f70c99e6c4 |
| SHA256 | e2a7df4c380667431f4443d5e5fc43964b76c8fcb9cf4c7db921c4140b225b42 |
| SHA512 | 94ed0038068abddd108f880df23422e21f9808ce04a0d14299aacc5d573521f52626c0c2752b314cda976f64de52c4d5bcac0158b37d43afb9bc345f31fdbbc0 |
C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll
| MD5 | 5f1a333671bf167730ed5f70c2c18008 |
| SHA1 | c8233bbc6178ba646252c6566789b82a3296cab5 |
| SHA256 | fd2a2b4fe4504c56347c35f24d566cc0510e81706175395d0a2ba26a013c4daf |
| SHA512 | 6986d93e680b3776eb5700143fc35d60ca9dbbdf83498f8731c673f9fd77c8699a24a4849db2a273aa991b8289e4d6c3142bbde77e11f2faf603df43e8fea105 |
C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll
| MD5 | 43dac1f3ca6b48263029b348111e3255 |
| SHA1 | 9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1 |
| SHA256 | 148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066 |
| SHA512 | 6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032 |
C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll
| MD5 | 42e2bf4210f8126e3d655218bd2af2e4 |
| SHA1 | 78efcb9138eb0c800451cf2bcc10e92a3adf5b72 |
| SHA256 | 1e30126badfffb231a605c6764dd98895208779ef440ea20015ab560263dd288 |
| SHA512 | c985988d0832ce26337f774b160ac369f2957c306a1d82fbbffe87d9062ae5f3af3c1209768cd574182669cd4495dba26b6f1388814c0724a7812218b0b8dc74 |
C:\Program Files\Cheat Engine 7.5\d3dhook64.dll
| MD5 | 2af7afe35ab4825e58f43434f5ae9a0f |
| SHA1 | b67c51cad09b236ae859a77d0807669283d6342f |
| SHA256 | 7d82694094c1bbc586e554fa87a4b1ed6ebc9eb14902fd429824dcd501339722 |
| SHA512 | 23b7c6db0cb9c918ad9f28fa0e4e683c7e2495e89a136b75b7e1be6380591da61b6fb4f7248191f28fd3d80c4a391744a96434b4ab96b9531b5ebb0ec970b9d0 |
C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll
| MD5 | 61ba5199c4e601fa6340e46bef0dff2d |
| SHA1 | 7c1a51d6d75b001ba1acde2acb0919b939b392c3 |
| SHA256 | 8783f06f7b123e16042bb0af91ff196b698d3cd2aa930e3ea97cfc553d9fc0f4 |
| SHA512 | 8ce180a622a5788bb66c5f3a4abfde62c858e86962f29091e9c157753088ddc826c67c51ff26567bfe2b75737897f14e6bb17ec89f52b525f6577097f1647d31 |
C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll
| MD5 | 0daf9f07847cceb0f0760bf5d770b8c1 |
| SHA1 | 992cc461f67acea58a866a78b6eefb0cbcc3aaa1 |
| SHA256 | a2ac2ba27b0ed9acc3f0ea1bef9909a59169bc2eb16c979ef8e736a784bf2fa4 |
| SHA512 | b4dda28721de88a372af39d4dfba6e612ce06cc443d6a6d636334865a9f8ca555591fb36d9829b54bc0fb27f486d4f216d50f68e1c2df067439fe8ebbf203b6a |
C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll
| MD5 | 0eaac872aadc457c87ee995bbf45a9c1 |
| SHA1 | 5e9e9b98f40424ad5397fc73c13b882d75499d27 |
| SHA256 | 6f505cc5973687bbda1c2d9ac8a635d333f57c12067c54da7453d9448ab40b8f |
| SHA512 | 164d1e6ef537d44ac4c0fd90d3c708843a74ac2e08fa2b3f0fdd4a180401210847e0f7bb8ec3056f5dc1d5a54d3239c59fb37914ce7742a4c0eb81578657d24b |
C:\Program Files\Cheat Engine 7.5\overlay.fx
| MD5 | 650c02fc9f949d14d62e32dd7a894f5e |
| SHA1 | fa5399b01aadd9f1a4a5632f8632711c186ec0de |
| SHA256 | c4d23db8effb359b4aa4d1e1e480486fe3a4586ce8243397a94250627ba4f8cc |
| SHA512 | f2caaf604c271283fc7af3aa9674b9d647c4ac53dffca031dbf1220d3ed2e867943f5409a95f41c61d716879bed7c888735f43a068f1cc1452b4196d611cb76d |
C:\Program Files\Cheat Engine 7.5\languages\language.ini
| MD5 | af5ed8f4fe5370516403ae39200f5a4f |
| SHA1 | 9299e9998a0605182683a58a5a6ab01a9b9bc037 |
| SHA256 | 4aa4f0b75548d45c81d8e876e2db1c74bddfd64091f102706d729b50a7af53a5 |
| SHA512 | f070049a2fae3223861424e7fe79cbae6601c9bee6a56fadde4485ad3c597dc1f3687e720177ab28564a1faab52b6679e9315f74327d02aa1fb31e7b8233a80f |
C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
| MD5 | 9af96706762298cf72df2a74213494c9 |
| SHA1 | 4b5fd2f168380919524ecce77aa1be330fdef57a |
| SHA256 | 65fa2ccb3ac5400dd92dda5f640445a6e195da7c827107260f67624d3eb95e7d |
| SHA512 | 29a0619093c4c0ecf602c861ec819ef16550c0607df93067eaef4259a84fd7d40eb88cd5548c0b3b265f3ce5237b585f508fdd543fa281737be17c0551163bd4 |
memory/2912-739-0x0000000000400000-0x00000000006EE000-memory.dmp
C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png
| MD5 | 5cff22e5655d267b559261c37a423871 |
| SHA1 | b60ae22dfd7843dd1522663a3f46b3e505744b0f |
| SHA256 | a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9 |
| SHA512 | e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50 |
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
| MD5 | f921416197c2ae407d53ba5712c3930a |
| SHA1 | 6a7daa7372e93c48758b9752c8a5a673b525632b |
| SHA256 | e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e |
| SHA512 | 0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce |
memory/1592-914-0x0000000000400000-0x000000000071B000-memory.dmp
C:\Program Files\Cheat Engine 7.5\autorun\alternateSpeedhack.LUA
| MD5 | 459b793e0dc43a993f03d8b612f67cec |
| SHA1 | f14ae9afbe97af534a11bf98ac1cc096269f1474 |
| SHA256 | e2cbb4c2f46305bb07d84222231012fd4c800fe8e1b43e0aa1af9b6c5d111f7f |
| SHA512 | 1740068e3419d153ecbd9d1a6aada20aabe71915e7422dce1a83e616e8d2a1084922a81741591a682531e1f8146e437d8688521c7707a4909e5721768a3f956e |
memory/3592-921-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_comments.lua
| MD5 | 0d4d1b597712015ef1b0ec8adc26495f |
| SHA1 | 3584779c06619f545b47a27703aa2f47455d50de |
| SHA256 | 89c8fccc16d2aa0a3004dc1b477a5c1dcbba539769b2a4558f7c7d9b9809b133 |
| SHA512 | ae26bbb2c3f74c143a01ec3b296a26699c679d51bc68c8c7b8c460616d1a0aa065500ebca83e972a720bd7a3c5a7b63a673eaecef1391a2e717208ef8da0796f |
C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_account.lua
| MD5 | 0b5180bd64689788ebeaa8e705a264ac |
| SHA1 | 43a5cc401ee6c4ff4a94697112b1bc1d4345fc19 |
| SHA256 | 8fd38a5e6c0408ca77e0e7a0ee179b4391758ec6da94ea289e3a2cbc1ab1ec59 |
| SHA512 | cc26e2e36b93bf89aa16c744b2db60d855de616db7a67f4fb24135545104459338c3edeab42bb316b1ecb0db9e31970b1415a1bf638ea3e53ae31471330aeadb |
C:\Program Files\Cheat Engine 7.5\autorun\bigendian.lua
| MD5 | e76fcd2ecd5b956d4579a676aa3eea01 |
| SHA1 | 49ecba5ccc531a40ad7805a126d38b44b4a36576 |
| SHA256 | 0339ba0043af5c058cf3a19de9f90312d18f6bb2728f454ef403b531bd57ae42 |
| SHA512 | 8443c213d4a626a358631f76a0cc4c106543ce58c94d34a96b88574b3e32ae742f28878b259a17823ca07ec521b06e32e572e7bc77e10951bc0984b07c0571c6 |
C:\Program Files\Cheat Engine 7.5\autorun\autosave.lua
| MD5 | 40d6bfe593194cf938e19622a3c13a5e |
| SHA1 | 761257e8ef492431cf0e04dbca396fabb25fe1ae |
| SHA256 | c4cef60489b067c8e7abcdd5594643a27d0720b21523753dd462d53024287116 |
| SHA512 | 1d1aaa9de74b0bb08cc4ceced5dbfa4c589347eac098d7ae013d5a1beaae0eeaca4d314e2591560c6df14a93dd4e9316ca317d21efadcca57d11eee72f4c6e16 |
C:\Program Files\Cheat Engine 7.5\autorun\addtonewgroup.lua
| MD5 | 3e20f1013fb48a67fe59bede7b8e341b |
| SHA1 | 8c8a4cb49c3b29db2c47f84aafd0416101722bfe |
| SHA256 | 96e4429192f9ab26f8bf9f9429f36b388aa69c3624781c61ea6df7e1bca9b49b |
| SHA512 | 99cf3f88c8b06da0dbe8085dee796bec7a9533990a55fbce7524a4f941b5ecf0e8ec975a4b032eb2aaabd116c0804995a75036c98a5e4058f25d78d08a11f3f2 |
memory/2912-925-0x0000000003630000-0x0000000003770000-memory.dmp
memory/2912-926-0x0000000003630000-0x0000000003770000-memory.dmp
memory/2912-928-0x0000000003630000-0x0000000003770000-memory.dmp
memory/2912-929-0x0000000003630000-0x0000000003770000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bb9ec43635cba8cbebe54c26922a2171 |
| SHA1 | d9c56909742882ff252820fa2519772b09d68223 |
| SHA256 | 70bd5e198084c681f4d0f4bb3180a32e70e3ec1d0fc69bbc9019673b72389d9a |
| SHA512 | 1e1f2e4f653dc61d372522467a6e4617c374b4870d593faeaf6157a52c1fffd22e5f3ad401d9d950182ec16d74f34a3126634c02d2d64ce241a9f6c95cf6fd31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ee25884d-632b-482c-8520-e15823cfb776.tmp
| MD5 | 7aac37634f7bdb3e18e659efd1f7cf21 |
| SHA1 | 9034ac94d9a3c326e6baa401b75239b0f3458caf |
| SHA256 | 2556b0141baa1fd15294914dbd8996ee91763a13062cf07d0192e53a85fa0ade |
| SHA512 | 9bebea429d1144e186699db8ce1d18f921f118c47cbc0767c07234364faf12496623df968b78fe075a5b26772a37572370f2e68e9eb0eced2cbf4eedd58ac586 |
memory/2912-953-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/2912-954-0x0000000003630000-0x0000000003770000-memory.dmp
memory/2912-965-0x0000000000400000-0x00000000006EE000-memory.dmp
memory/5100-966-0x0000000000400000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7defe24c8871f776a34c3eef787ac96a |
| SHA1 | 4afd25b281bfc45b807e597603c46e01f0d04d58 |
| SHA256 | dac125ff8c424c8abe8e5d3eea7930f4adffb482cbf127119aef62f7b7963b54 |
| SHA512 | 217ccc033f17408f4e033899a7f71b4b9424258989b9d407fbfada94a07ddcf6d7856497baf2773d0f2988f47f0fd5cf843286b46bb1cad6015bdd1adaec74b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36e8f1ccf7798cbf2022014677a4ecf5 |
| SHA1 | 5afbc332421a7059bacc6beaa908d7a298c0971a |
| SHA256 | aee71ad7df7d063a24076e2d6be7c8af764ca680b527e6dbc909d475dcf996df |
| SHA512 | da0e8288c39a9c516014ac69abd61e7f4ea6657cd25d7ab9c1466f09ce04ef41ceafe81d01d49576574bca79d7d430a13158a73caabc2a694e06e4266bdca080 |
memory/1924-993-0x00000000008E0000-0x00000000008E1000-memory.dmp
memory/1664-997-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
memory/1924-1014-0x0000000000400000-0x000000000071B000-memory.dmp
memory/1664-1016-0x0000000000400000-0x000000000071B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cd554cc05384df6ce89c2905bfe98cbf |
| SHA1 | 95f389d917e58c01acdb24b2b3ed7b2aeb43043d |
| SHA256 | 5801c829449fad8fa58c6c0e7e948d8ee580977e19858067fc80c51f1b9032c3 |
| SHA512 | 146edca93465dfa4c1f7f38380a1f036642506e1dc98134492931dd0e18fd9e6d10b0af372c2d8847b26228e9d5f5cbe9c4c609ea777d33d601e1240ce0be91f |