Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2024, 17:24
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Downloads MZ/PE file
-
Manipulates Digital Signatures 1 IoCs
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
description ioc Process File opened for modification C:\Windows\System32\WINTRUST.dll cheatengine-x86_64-SSE4-AVX2.exe -
Stops running service(s) 3 TTPs
-
Executes dropped EXE 8 IoCs
pid Process 4292 CheatEngine75.exe 3996 CheatEngine75.exe 3940 CheatEngine75.exe 3916 CheatEngine75.tmp 2276 CheatEngine75.tmp 5096 CheatEngine75.tmp 1928 CheatEngine75.exe 2032 CheatEngine75.tmp -
Loads dropped DLL 2 IoCs
pid Process 5096 CheatEngine75.tmp 2276 CheatEngine75.tmp -
Modifies file permissions 1 TTPs 2 IoCs
pid Process 1372 icacls.exe 3272 icacls.exe -
Checks for any installed AV software in registry 1 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed CheatEngine75.tmp Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed CheatEngine75.tmp Key opened \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\SOFTWARE\Avira\Browser\Installed CheatEngine75.tmp -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\system32\ncryptsslp.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\windows.ui.core.textinput.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\atlthunk.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\dcomp.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\ntdll.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\SHLWAPI.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\WINTRUST.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\shcore.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\psapi.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\GLU32.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\webio.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\dxgi.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\winhttp.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\MSASN1.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\rometadata.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\iertutil.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\WS2_32.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\WindowManagementAPI.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\msctf.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\system32\windowsudk.shellcommon.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\twinapi.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\combase.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\opengl32.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\winmm.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\wininet.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\TextShaping.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\NTASN1.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\GDI32.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\cfgmgr32.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\ncrypt.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\uiautomationcore.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\Wldp.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\IMM32.DLL cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\KERNEL32.DLL cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\netutils.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\DEVOBJ.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\fwpuclnt.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\d3d11.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\version.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\OLEAUT32.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\windows.staterepositorycore.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\SspiCli.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\WINNSI.DLL cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\system32\schannel.DLL cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\cryptnet.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\wintypes.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\bcrypt.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\CRYPTBASE.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\d2d1.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\Windows.UI.Immersive.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\system32\directmanipulation.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\CRYPTSP.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\oleaut32.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\ws2_32.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\msimg32.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\clbcatq.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\profapi.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\NSI.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\system32\mswsock.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\win32u.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\imm32.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\CoreMessaging.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SYSTEM32\mskeyprotect.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\System32\twinapi.appcore.dll cheatengine-x86_64-SSE4-AVX2.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Cheat Engine 7.5\dll\cryptbase.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\TextShaping.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\XInput1_4.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\ncryptsslp.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\Windows.UI.Immersive.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\RoMetadata.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\shell32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\OnDemandConnRouteHelper.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\combase.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\urlmon.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\ntdll.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\kernel32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\nsi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\winnsi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\webio.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\ntdll.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\LFS.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\UxTheme.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\DLL\winnsi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\atlthunk.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\combase.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\webio.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\vccorlib140_app.DLL cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dxgi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\nsi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\urlmon.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\msctf.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\dbghelp.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\ntmarta.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\bcrypt.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dhcpcsvc6.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\sqlite3.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\wininet.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\tcc64-64.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\twinapi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\dnsapi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\UxTheme.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\tcc64-32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\rasadhlp.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\ntasn1.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\DUser.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\oleaut32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\ole32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dbghelp.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\profapi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dpapi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\shlwapi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\version.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\lua53-64.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\wininet.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\sspicli.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\shell32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\ocx\hhctrl.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\bcrypt.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\tcc64-32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\LFS.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\dll\webio.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\RmClient.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\Windows.Graphics.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\shell32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\imm32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\Windows.StateRepositoryClient.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\msvcp_win.pdb cheatengine-x86_64-SSE4-AVX2.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\RmClient.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\Windows.Web.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\DLL\kernel32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\rpcrt4.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\Kernel.Appcore.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\profapi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\msvcrt.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputHost.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\urlmon.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\LayoutData.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\Windows.Storage.ApplicationData.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\bcryptprimitives.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\OneCoreUAPCommonProxyStub.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\netutils.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\profext.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\propsys.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\ucrtbase.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\vccorlib140_app.amd64.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\srvcli.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\UiaManager.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\RoMetadata.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\sechost.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\propsys.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\d3d11.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\profapi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\directmanipulation.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\gdi32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\CoreMessaging.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\dcomp.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\InputHost.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\InputApp.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\win32u.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\UxTheme.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\WinTypes.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\CoreUIComponents.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\cfgmgr32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\bcrypt.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextShaping.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dcomp.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\WindowManagementAPI.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\Bcp47mrm.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\DictationManager.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\msvcp_win.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\win32u.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\userenv.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\shlwapi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\ntdll.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\vcruntime140_app.amd64.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\twinapi.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\shcore.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\Bcp47mrm.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\UiaManager.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\policymanager.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\DLL\imm32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\DWrite.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\symbols\dll\cryptbase.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\profext.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputApp.dll cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\user32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\Windows.Graphics.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\ws2_32.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\iertutil.pdb cheatengine-x86_64-SSE4-AVX2.exe File opened for modification C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\dll\Windows.StateRepositoryClient.pdb cheatengine-x86_64-SSE4-AVX2.exe -
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 460 sc.exe 3896 sc.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 CheatEngine75.tmp Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ CheatEngine75.tmp -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531827928748847" chrome.exe -
Modifies registry class 12 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon\ = "C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe,0" CheatEngine75.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell CheatEngine75.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.CT CheatEngine75.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine" CheatEngine75.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine CheatEngine75.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine" CheatEngine75.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon CheatEngine75.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER CheatEngine75.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine" CheatEngine75.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command CheatEngine75.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open CheatEngine75.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe\" \"%1\"" CheatEngine75.tmp -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 576183.crdownload:SmartScreen msedge.exe -
Runs net.exe
-
Runs regedit.exe 1 IoCs
pid Process 2304 regedit.exe -
Script User-Agent 4 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 98 Cheat Engine 7.5 : luascript-ceshare HTTP User-Agent header 98 Cheat Engine 7.5 : luascript-CEVersionCheck HTTP User-Agent header 88 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 91 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2108 msedge.exe 2108 msedge.exe 544 msedge.exe 544 msedge.exe 836 identity_helper.exe 836 identity_helper.exe 3272 msedge.exe 3272 msedge.exe 2504 chrome.exe 2504 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 4972 cheatengine-x86_64-SSE4-AVX2.exe 2304 regedit.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe -
Suspicious use of AdjustPrivilegeToken 30 IoCs
description pid Process Token: SeDebugPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeTcbPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeTcbPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeLoadDriverPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeCreateGlobalPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeLockMemoryPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: 33 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeSecurityPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeTakeOwnershipPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeManageVolumePrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeBackupPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeCreatePagefilePrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeShutdownPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeRestorePrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: 33 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeIncBasePriorityPrivilege 4972 cheatengine-x86_64-SSE4-AVX2.exe Token: SeShutdownPrivilege 2504 chrome.exe Token: SeCreatePagefilePrivilege 2504 chrome.exe Token: SeShutdownPrivilege 2504 chrome.exe Token: SeCreatePagefilePrivilege 2504 chrome.exe Token: SeShutdownPrivilege 2504 chrome.exe Token: SeCreatePagefilePrivilege 2504 chrome.exe Token: SeShutdownPrivilege 2504 chrome.exe Token: SeCreatePagefilePrivilege 2504 chrome.exe Token: SeShutdownPrivilege 2504 chrome.exe Token: SeCreatePagefilePrivilege 2504 chrome.exe Token: SeShutdownPrivilege 2504 chrome.exe Token: SeCreatePagefilePrivilege 2504 chrome.exe Token: SeShutdownPrivilege 2504 chrome.exe Token: SeCreatePagefilePrivilege 2504 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 5096 CheatEngine75.tmp 4972 cheatengine-x86_64-SSE4-AVX2.exe 544 msedge.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe 4972 cheatengine-x86_64-SSE4-AVX2.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 544 msedge.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe 2504 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 544 wrote to memory of 4828 544 msedge.exe 59 PID 544 wrote to memory of 4828 544 msedge.exe 59 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 1964 544 msedge.exe 91 PID 544 wrote to memory of 2108 544 msedge.exe 90 PID 544 wrote to memory of 2108 544 msedge.exe 90 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92 PID 544 wrote to memory of 1852 544 msedge.exe 92
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d1vdn3r1396bak.cloudfront.net/installer/14543666/54392654779591⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:544 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8df1046f8,0x7ff8df104708,0x7ff8df1047182⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:1852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:82⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5372 /prefetch:82⤵PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:1340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 /prefetch:82⤵PID:1380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3272
-
-
C:\Users\Admin\Downloads\CheatEngine75.exe"C:\Users\Admin\Downloads\CheatEngine75.exe"2⤵
- Executes dropped EXE
PID:4292 -
C:\Users\Admin\AppData\Local\Temp\is-3IQNH.tmp\CheatEngine75.tmp"C:\Users\Admin\AppData\Local\Temp\is-3IQNH.tmp\CheatEngine75.tmp" /SL5="$7006A,29019897,780800,C:\Users\Admin\Downloads\CheatEngine75.exe"3⤵
- Executes dropped EXE
PID:3916
-
-
-
C:\Users\Admin\Downloads\CheatEngine75.exe"C:\Users\Admin\Downloads\CheatEngine75.exe"2⤵
- Executes dropped EXE
PID:3996 -
C:\Users\Admin\AppData\Local\Temp\is-VGSTN.tmp\CheatEngine75.tmp"C:\Users\Admin\AppData\Local\Temp\is-VGSTN.tmp\CheatEngine75.tmp" /SL5="$B01CA,29019897,780800,C:\Users\Admin\Downloads\CheatEngine75.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2276
-
-
-
C:\Users\Admin\Downloads\CheatEngine75.exe"C:\Users\Admin\Downloads\CheatEngine75.exe"2⤵
- Executes dropped EXE
PID:3940 -
C:\Users\Admin\AppData\Local\Temp\is-GTFGS.tmp\CheatEngine75.tmp"C:\Users\Admin\AppData\Local\Temp\is-GTFGS.tmp\CheatEngine75.tmp" /SL5="$90218,29019897,780800,C:\Users\Admin\Downloads\CheatEngine75.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
PID:5096 -
C:\Users\Admin\AppData\Local\Temp\is-SADQB.tmp\CheatEngine75.exe"C:\Users\Admin\AppData\Local\Temp\is-SADQB.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST4⤵
- Executes dropped EXE
PID:1928 -
C:\Users\Admin\AppData\Local\Temp\is-O6UT5.tmp\CheatEngine75.tmp"C:\Users\Admin\AppData\Local\Temp\is-O6UT5.tmp\CheatEngine75.tmp" /SL5="$10304,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-SADQB.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST5⤵
- Executes dropped EXE
- Modifies registry class
PID:2032 -
C:\Windows\SYSTEM32\net.exe"net" stop BadlionAntic6⤵PID:440
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BadlionAntic7⤵PID:1156
-
-
-
C:\Windows\SYSTEM32\net.exe"net" stop BadlionAnticheat6⤵PID:1996
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BadlionAnticheat7⤵PID:2464
-
-
-
C:\Windows\SYSTEM32\sc.exe"sc" delete BadlionAntic6⤵
- Launches sc.exe
PID:460
-
-
C:\Windows\SYSTEM32\sc.exe"sc" delete BadlionAnticheat6⤵
- Launches sc.exe
PID:3896
-
-
C:\Users\Admin\AppData\Local\Temp\is-N42CU.tmp\_isetup\_setup64.tmphelper 105 0x3FC6⤵PID:4360
-
-
C:\Windows\system32\icacls.exe"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)6⤵
- Modifies file permissions
PID:1372
-
-
C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP6⤵PID:2932
-
-
C:\Program Files\Cheat Engine 7.5\windowsrepair.exe"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s6⤵PID:2872
-
-
C:\Windows\system32\icacls.exe"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)6⤵
- Modifies file permissions
PID:3272
-
-
-
-
C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"4⤵PID:3504
-
C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"5⤵
- Manipulates Digital Signatures
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4972
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:12⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:12⤵PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11180635178765676708,1679420859491356790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:12⤵PID:4600
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1604
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3516
-
C:\Windows\regedit.exe"C:\Windows\regedit.exe"1⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:2304
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2504 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8cfc29758,0x7ff8cfc29768,0x7ff8cfc297782⤵PID:3856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1868,i,8139720241757768167,9552369754478622847,131072 /prefetch:82⤵PID:1624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1868,i,8139720241757768167,9552369754478622847,131072 /prefetch:22⤵PID:4272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1868,i,8139720241757768167,9552369754478622847,131072 /prefetch:82⤵PID:1980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1868,i,8139720241757768167,9552369754478622847,131072 /prefetch:12⤵PID:1896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1868,i,8139720241757768167,9552369754478622847,131072 /prefetch:12⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4740 --field-trial-handle=1868,i,8139720241757768167,9552369754478622847,131072 /prefetch:12⤵PID:3064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1868,i,8139720241757768167,9552369754478622847,131072 /prefetch:82⤵PID:3596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1868,i,8139720241757768167,9552369754478622847,131072 /prefetch:82⤵PID:3360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1868,i,8139720241757768167,9552369754478622847,131072 /prefetch:82⤵PID:4056
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD58e37bbaad8f98686418e9e4f3d9e405b
SHA1db988f44d346d7b7cea93f6095f5d532c217ac07
SHA2564e68fbbe6fdbe21d4aaccc6a968c61a9423feb61d4ed997bf67bf45d47be265b
SHA512c337d3a593cf183af5c0b57974ac85c50bdf4197c593ea5fc19f385ed90cffa3784582effca8792226e250577dbd5ed62556f93af78f45986911254acb03cf95
-
Filesize
371B
MD547b86d23c1be3d396a48a74f820620bb
SHA16cb2cc87d1ab60318408104f4f230c63a957027b
SHA256bdc71db3277ae028e92e75e0072e177c49c5b6457d08ce0f42af80bd1747d7b5
SHA512290145ab35a07c08cce2c90bb0e638d057b5848e93e315e101ca122640b4c86704e805403e4093d49df5cb8745dd5dee10c64cd95f0d0d9d9eb0d08f65545f28
-
Filesize
6KB
MD5393f9a69601bf671dc93ba1471a0b291
SHA18e512bc2053c7b835f1251e0d1f493d2e16c4a5e
SHA256c824c395133d26fb058cb3b1bef8abca025fdae0db06624bf45863355f61f55c
SHA5121c29fc2a7e8b51f88f52969077fbafbd2d408730bfddb3cb25c5ea92e743e0bb9eb879b24ee3364da174126a58249317212f387860223707430fc55681244da1
-
Filesize
15KB
MD5fbfec63e54959c70c167beb8a0375d36
SHA1afb3050260ed411d3fa06a58303de23689a9f131
SHA25629bbe889e5f7edb6e6d2f1c6c6078fe3faa23b43190964af9843fe234e404e93
SHA512792f220ae169e0e995f2344ff18738f27d63c321a94631091e92d2743a35152dfc3be7acbaeb0f645caa6726a3692b9705434a8bb1ee677c6297857755fdb669
-
Filesize
256KB
MD55b844ff8fe98d9ce10c956ae0ee2cf75
SHA1ba5df7e1e01f681d16badff66647c6db6dfd7128
SHA256d572c81aad9a21c0cd5cf891d864e151ef9781faa9e35cb65329dfdd9e2ac6a5
SHA512dbac87d4cfdb1ec839d74f0e5a0f26cb705d046e34bc0b2a381ce817a75070da8ce703aa68912f8b7bad976d150ff68bb12fa49a942461a70ac2030b9d1f64b5
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
152B
MD53bde7b7b0c0c9c66bdd8e3f712bd71eb
SHA1266bd462e249f029df05311255a15c8f42719acc
SHA2562ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a
SHA5125fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818
-
Filesize
152B
MD59cafa4c8eee7ab605ab279aafd19cc14
SHA1e362e5d37d1a79e7b4a8642b068934e4571a55f1
SHA256d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166
SHA512eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD56994204d7ff9b79552bd0e3a71d63a1d
SHA11f7580059fbc0bed8f6201dc6d202ade9095336b
SHA2567626d2fc2bb15e559def98aaedb949af30a6e424246353910c36b4e672eb8586
SHA51212e3222a1a4c2b419c090499be32c0e66c365a75d0faaed354aab297f5398fd3fc7e356052bee39e374276a14f889b22eeb9c050829adf365a845fb71b52bddc
-
Filesize
497B
MD50ea8ab10d1a6b85e261401c587ecc212
SHA15b9c5c87e46b15cdc0bb63ec695dc6f5f00d0c39
SHA256d1d028df3892ab541a6462b02a39993c1815c96a7635552903147edb11051ebd
SHA51223a9f5a9e8f67187a4baa7ba5304acc6623c5dfc90b9de85a70051d307b8dcd16c9ac131f7f208f7a9149312e075c73278e925c3530068670da013b4ae314415
-
Filesize
6KB
MD5ce488cbafe7496a2b6b438cfdb2665ee
SHA1484a1ae0787b22e9fa375e1ef2d68750555e79e2
SHA256a0d3d81241b102d72fddcf18acd201d36a4af5afd1ae48ffdd5710531c69f770
SHA5124c4477c888ceb7c31cd40d7970fc8ed18b5a7884db2ed14b43ca12b89a796a46eca72b5eae95f2c304a1e3b58a5c13648fde1a7a85243e45adf79f0bd16a5d2c
-
Filesize
6KB
MD5b14575cb532d0fa31f2b5f5f2fd80c41
SHA1cd1c52e3b7b76c19b07c5f18af9537bcfd9f9b18
SHA2568c8af890cca353f77403ac147fa0c426130978b7c1aa24a7b1e5100fa34320aa
SHA51239047a3cf09e493fe7fbf0b00136cd326a28ccb227ade767920deac558f15b78e3458df10a10ddd71546afabdf7e5bb3dec7e574d686a0f6ca35a99563213829
-
Filesize
6KB
MD56850a3f30f6ba2073137c48e257861ee
SHA18921b2ffe55da50d27e78ebf1d5c5fb54371a7ae
SHA256ab17f2168c2e17f3b3364cd373a2373a19d457c5ac2fd0ea8104c4a4d9c5f9b0
SHA5121c7fd940352232cee814c309d9f09327bf2bace262d3c332887f088a86d2b86afcf058f091262ea104beacaaec43017d0aeb23b43845b9b7a36714fc81f67ea5
-
Filesize
6KB
MD524282f6f5ab5e62f5fb5a64e382e6f58
SHA100f19477a96d18577bb39793d1cfe16f83dd187a
SHA25619fc00952da360eddb3b238759e1d000e51517cd633193d5d4acae1062f44d6d
SHA512558dee76a8a1ee01a1c0393a6fb12a6139605488697f503e0a5da4970dcb4163d0170167fa280a8ab008b2570cfb5363eb804e2cd52347a27536baa50219fb5c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bfc4df9914669fd30e6b525a98b95eb9
SHA1cd4a0dc2636a827be7a33fcec7f6510b55ef0553
SHA256192a6e2bb28b42ed63f59a3be426745e56adbd4558a5203a0e4a54200cfc1173
SHA5122224d1838dc8cf2b688632389cad3968ff8deb21ef9b2e327fc391ae9d4aa0727c4f6cf07628cf7c73878ec7483155afe08f12f0a68ba162efb1e12730ae5ee4
-
Filesize
11KB
MD52b2271a2c599f25688bbbd07ff386787
SHA1ed43d0ef125858525fb36b037e87690f477c0815
SHA256e1212c1c0ed5bada92d26685a1d76be5ad01615861befdedbf69375be0f7810d
SHA5120bd8fff37e47521c0f26e340fbf2ac60a93233b1daa07c27110014e7991420f318e0e0cf775361e5d2918f7be707c8539bd867c7805c5e783a6f7b9873c3b596
-
Filesize
12KB
MD504e7355ca706297cb61df2bcde754c56
SHA1cea8b0fa8026ecddb35494fa9ff4130686875a6d
SHA2566c659a3735bd6736c10ed855570774817e5a41e12e126aa31cc883f5b746e07f
SHA5126dd7657b675dcbdb1b9689e63b6cda381cd8804025b125abd18e68ca54d8c7f7bdd16538484d8fdfe89fb7e6486fa82c7160da246ad84274dd87b69787870bb5
-
Filesize
860KB
MD5b1e2aad85c2575bdc2abfa75dc2e717e
SHA12c389114b629f52271d3ece852a26c692e89dc5e
SHA256eacfcceffe26cb55692757bd34ee5ee8eda3bc138ca040153f2bd4f76f645c27
SHA5120977303082ae66e83860920ccf98b90338334ea25fc56e41f1662cc92ab7ff46441c060055c03d5ede687572fc161f005c2e24f0410fc7d049d77376891e14ea
-
Filesize
128KB
MD5274a94988b06f423bc742710e09a12cb
SHA1451cf5eae1e24b5c5a5e233dceef7c9d8f4fbc75
SHA256de19e34239514a2d4baac00c4aa0dfb21e6e17f30f340d3ba826b99375d1baf9
SHA512da2004b07434a713ef045c09ff81df73661a48de8a0404be0424ce9f5bc697dc2f6ef81bde74df14e1c6e1a3ae4b67d28e705055a94287eec50208fec78ae1c1
-
Filesize
2.0MB
MD5b83f5833e96c2eb13f14dcca805d51a1
SHA19976b0a6ef3dabeab064b188d77d870dcdaf086d
SHA25600e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401
SHA5128641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb
-
Filesize
3.1MB
MD59aa2acd4c96f8ba03bb6c3ea806d806f
SHA19752f38cc51314bfd6d9acb9fb773e90f8ea0e15
SHA2561b81562fdaeaa1bc22cbaa15c92bab90a12080519916cfa30c843796021153bb
SHA512b0a00082c1e37efbfc2058887db60dabf6e9606713045f53db450f16ebae0296abfd73a025ffa6a8f2dcb730c69dd407f7889037182ce46c68367f54f4b1dc8d
-
Filesize
13.8MB
MD5aaf178ee05845d9190799a835721f151
SHA1148bb6fda501af11d6a5c0e6ee6d59c9e2de9ac4
SHA25672b1219ef5d9076313e04ad0331f0c41796fbdf8fcd8363294b84865bacbb5bc
SHA512bf14a08a43e98bac320b82d7bf187c1c8e606f029a92df551eaeac2dc9d2053df6b9a91927ad007763e735f61309796fc41927e41a5c8d8fee688f8cba40abb2
-
Filesize
13.4MB
MD52e945628c7be11942a0ad5ef1a592b04
SHA1c85e5862e44f2f0123467576bac4bc5466947613
SHA2564b9095a6714678817b79aff50068bcb04b18e7c0912f05d9dadaaedbed326d63
SHA512a2e3646fca2c550fbd80abbe84b5e2396bf52a31343aa3a609cfebf22abb98fd7c6fdffeb7682f759db022a9b162c3467bf3dcdb55ff112e3b87ed563318bed2
-
Filesize
47KB
MD54cfff8dc30d353cd3d215fd3a5dbac24
SHA10f4f73f0dddc75f3506e026ef53c45c6fafbc87e
SHA2560c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856
SHA5129d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139
-
Filesize
246KB
MD51df360d73bf8108041d31d9875888436
SHA1c866e8855d62f56a411641ece0552e54cbd0f2fb
SHA256c1b1d7b4806955fe39a8bc6ce5574ab6ac5b93ad640cecfebe0961360c496d43
SHA5123991b89927d89effca30cc584d5907998c217cf00ca441f2525ef8627ffff2032d104536f8b6ab79b83f4e32a7aab993f45d3930d5943cbfb5e449c5832abe14
-
Filesize
1.1MB
MD55fd5f31b52c1685529bf313c61e78ad3
SHA16346bd0366f3b9b8270694dd109aac7a705c0a3f
SHA256c98c66279fa2fb71fd7feacdd82769cbafe30e69bd525325aa5b6676ea736e0d
SHA5126cf429f33a45112757b0e56197edaf2dd879aace4a3f05cdac4abf2fe108e0684c6e30ab000fbb7a8b0f37bc78634598d10fc00c303979c21512dd91b4a2df8e
-
Filesize
1.5MB
MD5ea8ee8160d3ba4ce465810bbc5c51b15
SHA11f692268aea6ea9e3b2eadd7de805b200e0712e7
SHA2563a7fc448f79ab56bc6443969d495bfa75a67c0df47537a3eaf363c9855082269
SHA512a26dba499eda92ce72fe08e0196a2832df98c8271dccf7bf93d42c954fb3b3f6c95a4d6c876f4683963cef77f2b06db3bdbac19e196bd3234a4dd66ad602238c
-
Filesize
832KB
MD5c42ae648004778181e88b79531184ee1
SHA1561ed141ca3f204703123edacaf2e4cdd05c552e
SHA256c6c82fcc377c044790487f9c3be1a5fcabcdfec1775b29a2cddb5352f6e65e03
SHA5126f46cacb9a9d97a15ba2e5701e01a5f46b361a369eef767a5d5c013ab6ac8ab5e016de3fc4357e78a08985078fdae350aa1dabb17620c7b6803bb6ff4e527fca
-
Filesize
6.3MB
MD5d2d1bfe90bef84f2c172059aed1ce33f
SHA1a6e26f008b7198067c238a11874b4165fbf74f4c
SHA256f8953082b0c43c74e6655e00f34e27f5359b18d341e182cf0d3466796bef2931
SHA512795ba8c1d5047b2ab981dd4c474f986ca8b091e704609c840e838e4fc6e968b6b7742e33791c9313073259e71b6fe7d6e61409dce4081416c8f5050c82e07d25
-
Filesize
2.5MB
MD5d97216ea169a50086d5c659b0a7944ef
SHA11560f72d1b7febfabbfd1b645370f23eba6cfcec
SHA25692102f730cdd69c16fd81adc9ce67a0c75290d45bbdc83972f1d00c4820a63ae
SHA5123efeb0f45805dfd27be254e3ad0f7780e0b7f1fdf251e21c2ad4864b183b936a8339c64aef57e65a55e79530af4eb0992c3ce64532a1974c630f84a9a8651b08
-
Filesize
2.6MB
MD554099ffe3f25cf2c961d80455016d500
SHA1b05323e121ec042f26be79d2a2c1362135be0646
SHA25694ea388f33b97a767c9c5b80998957ed632a007d6b230bd24ef5d285f563e573
SHA5126e512c7a8702a27f1c7bd4d5bdfeb129be88ad4fbd1f2a52875f23043203d1c24700149b82de22f8a5f0fb9f9c71b7bf73cd393ab3127a420e50c6d7ac6e55d6
-
Filesize
2.4MB
MD53fcb6ba6c47f4760c21cee63eaa93c72
SHA1f9aeeb84949188c32eb7ef6901bf4812043f0c5c
SHA25619a2cbb06e1d0230d7e0b57434caf60299fb7ea6ee4aeb113be6f3cae5344150
SHA51263582867caf371360b2adcec999eaa4b2780c4aab47198ffd5025f9e05879f06164131ec1de3c88f6a391bb5a238528d935d22399077c63720703fe8e63e2182
-
Filesize
2.4MB
MD59c043159ae7943de6df2175f5f9c4852
SHA18426e8e6beaadf108add87ccc69b3f159d5a5e9d
SHA25643c7f9a0664352f36ec076956652391980a6eb287df84b651983a1e8cf760bb2
SHA512e1192a21ac9d218b1a4d94c9726dbeb6a847b213cbbae2ac9a9d18035b5fc21e286659cda2f72391b33502cb733b2f20ba7f91df1fe7a372c106f7135cdde90e