hxxps://dl1[.]filesoul[.]com/c064261d2c912zalmo237f3ac48f6d2f8dd8f15091fb029f1867/Cheat-Engine-6-4[.]exe

Analysis

max time kernel
87s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dl1.filesoul.com/c064261d2c912zalmo237f3ac48f6d2f8dd8f15091fb029f1867/Cheat-Engine-6-4.exe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	Cheat Engine.exe

Executes dropped EXE 6 IoCs

pid	Process
1032	Cheat-Engine-6-4.exe
1328	Cheat-Engine-6-4.tmp
2592	Kernelmoduleunloader.exe
2620	ceregreset.exe
2788	Cheat Engine.exe
4372	cheatengine-x86_64.exe

Loads dropped DLL 3 IoCs

pid	Process
1328	Cheat-Engine-6-4.tmp
1616	RunDll32.exe
4372	cheatengine-x86_64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 42 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\imm32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\version.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\uxtheme.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\bcryptPrimitives.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\gdi32full.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\oleaut32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\imagehlp.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\apphelp.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\user32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\shell32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\ws2_32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\opengl32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\psapi.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\clbcatq.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\explorerframe.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\profapi.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\RPCRT4.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\KERNELBASE.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\advapi32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\msvcrt.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\sechost.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\comdlg32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\GLU32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\msimg32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\KERNEL32.DLL	cheatengine-x86_64.exe
File opened for modification	C:\Windows\system32\shfolder.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\Wldp.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\PROPSYS.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\kernel.appcore.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\SHLWAPI.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\windows.storage.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\MSCTF.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\msvcp_win.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\combase.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\win32u.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\GDI32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\ole32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\shcore.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\wsock32.dll	cheatengine-x86_64.exe
File opened for modification	C:\Windows\SYSTEM32\hhctrl.ocx	cheatengine-x86_64.exe
File opened for modification	C:\Windows\System32\ucrtbase.dll	cheatengine-x86_64.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Cheat Engine 6.4\is-VFTTK.tmp	Cheat-Engine-6-4.tmp
File created	C:\Program Files (x86)\Cheat Engine 6.4\autorun\dlls\src\Java\CEJVMTI\is-HJ8O5.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dll\rpcrt4.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\is-8CHCI.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\TextShaping.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dll\Kernel.Appcore.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\is-NHE0F.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\msvcrt.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\sechost.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\shlwapi.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\glu32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\exe\cheatengine-x86_64.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\imm32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dll\comctl32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\msimg32.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-JVR9K.tmp	Cheat-Engine-6-4.tmp
File created	C:\Program Files (x86)\Cheat Engine 6.4\autorun\dlls\src\Mono\MonoDataCollector\is-8VVM8.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\lua5.1-64.dll	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\win32\is-0QK1P.tmp	Cheat-Engine-6-4.tmp
File created	C:\Program Files (x86)\Cheat Engine 6.4\is-NTSV7.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\shell32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\shell32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\DLL\kernel32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dll\gdi32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dll\ws2_32.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\is-P82PU.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\unins000.dat	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dll\ole32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dll\bcryptprimitives.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\msctf.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\is-SLREH.tmp	Cheat-Engine-6-4.tmp
File created	C:\Program Files (x86)\Cheat Engine 6.4\languages\is-58NL0.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\gdi32full.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\Plugins\example-c\is-DTR36.tmp	Cheat-Engine-6-4.tmp
File created	C:\Program Files (x86)\Cheat Engine 6.4\Plugins\DebugEventLog\src\is-93GU3.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\kernel32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dll\shfolder.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-N06VM.tmp	Cheat-Engine-6-4.tmp
File created	C:\Program Files (x86)\Cheat Engine 6.4\plugins\example-c\is-0S0R0.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dll\win32u.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\ExplorerFrame.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dbghelp.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\languages\is-KJ960.tmp	Cheat-Engine-6-4.tmp
File created	C:\Program Files (x86)\Cheat Engine 6.4\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-CKNEL.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\rpcrt4.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\Plugins\example-lazarus\is-O5TFO.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\ntdll.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\rpcrt4.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\shfolder.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\psapi.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\dll\WLDP.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\msctf.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\is-1S0SV.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\imagehlp.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\comctl32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\wsock32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\msimg32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\lua5.1-64.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\hhctrl.pdb	cheatengine-x86_64.exe
File created	C:\Program Files (x86)\Cheat Engine 6.4\autorun\dlls\src\Common\is-7TJ0J.tmp	Cheat-Engine-6-4.tmp
File created	C:\Program Files (x86)\Cheat Engine 6.4\Plugins\example-c\is-NQ9G5.tmp	Cheat-Engine-6-4.tmp
File created	C:\Program Files (x86)\Cheat Engine 6.4\Plugins\example-c\is-LJ2UL.tmp	Cheat-Engine-6-4.tmp
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\advapi32.pdb	cheatengine-x86_64.exe
File opened for modification	C:\Program Files (x86)\Cheat Engine 6.4\symbols\dll\comctl32.pdb	cheatengine-x86_64.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32.dll	cheatengine-x86_64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620601210656754"	chrome.exe

Modifies registry class 13 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine"	Cheat-Engine-6-4.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine"	Cheat-Engine-6-4.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open	Cheat-Engine-6-4.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine"	Cheat-Engine-6-4.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine	Cheat-Engine-6-4.tmp
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER	Cheat-Engine-6-4.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CT	Cheat-Engine-6-4.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon	Cheat-Engine-6-4.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon\ = "C:\\Program Files (x86)\\Cheat Engine 6.4\\Cheat Engine.exe,0"	Cheat-Engine-6-4.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command	Cheat-Engine-6-4.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell	Cheat-Engine-6-4.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files (x86)\\Cheat Engine 6.4\\Cheat Engine.exe\" \"%1\""	Cheat-Engine-6-4.tmp

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeCreatePagefilePrivilege	1468	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1328	Cheat-Engine-6-4.tmp
4372	cheatengine-x86_64.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe
4332	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 4256	1468	chrome.exe	83
PID 1468 wrote to memory of 4256	1468	chrome.exe	83
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 4180	1468	chrome.exe	84
PID 1468 wrote to memory of 1436	1468	chrome.exe	85
PID 1468 wrote to memory of 1436	1468	chrome.exe	85
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86
PID 1468 wrote to memory of 3692	1468	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dl1.filesoul.com/c064261d2c912zalmo237f3ac48f6d2f8dd8f15091fb029f1867/Cheat-Engine-6-4.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40a9ab58,0x7ffe40a9ab68,0x7ffe40a9ab78
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4528 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4752 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4652 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4060 --field-trial-handle=1744,i,1147740576431933564,873205793835986296,131072 /prefetch:8
  2⤵
  PID:1068

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2032

C:\Users\Admin\Downloads\Cheat-Engine-6-4.exe
"C:\Users\Admin\Downloads\Cheat-Engine-6-4.exe"
1⤵
- Executes dropped EXE
PID:1032
- C:\Users\Admin\AppData\Local\Temp\is-0KAO7.tmp\Cheat-Engine-6-4.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0KAO7.tmp\Cheat-Engine-6-4.tmp" /SL5="$20260,8784541,54272,C:\Users\Admin\Downloads\Cheat-Engine-6-4.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  PID:1328
- - C:\Windows\SysWOW64\RunDll32.exe
    RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\is-7KRQ1.tmp\OCSetupHlp.dll",_OCPID736OpenCandy2@16 1328,3F7F9D1CEA2E4015A25F4E6BD602574C,8E36B2E4F92F40BEA7B30F3B02BF888F,E9E17E27674C453686198C2311855284
    3⤵
    - Loads dropped DLL
    PID:1616
- - C:\Program Files (x86)\Cheat Engine 6.4\Kernelmoduleunloader.exe
    "C:\Program Files (x86)\Cheat Engine 6.4\Kernelmoduleunloader.exe" /SETUP
    3⤵
    - Executes dropped EXE
    PID:2592
- - C:\Program Files (x86)\Cheat Engine 6.4\ceregreset.exe
    "C:\Program Files (x86)\Cheat Engine 6.4\ceregreset.exe" -silent -dontdeletecustomtypes
    3⤵
    - Executes dropped EXE
    PID:2620
- - C:\Program Files (x86)\Cheat Engine 6.4\Cheat Engine.exe
    "C:\Program Files (x86)\Cheat Engine 6.4\Cheat Engine.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:2788
  - - C:\Program Files (x86)\Cheat Engine 6.4\cheatengine-x86_64.exe
      "C:\Program Files (x86)\Cheat Engine 6.4\cheatengine-x86_64.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Drops file in Program Files directory
      Drops file in Windows directory
      Suspicious use of FindShellTrayWindow
      PID:4372

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Cheat Engine 6.4\Cheat Engine.exe

Filesize
322KB

MD5
b52d2784f9ace0503ca667dc697f73c3

SHA1
09bee5b8b9fb2b3b4f7692d73d6f89779db1f035

SHA256
4bef808025989ca38ee39546cde79fb7704656b073c7f2a3e2467654eb5e16dd

SHA512
a796b4345f36ed0fc058d7ca2280683348c3bbf15e77d2ebe1fe79f916ee9b645f738bf4c0ce7804c1c4aa95b9bdeb48ca1461160cd73d2fcc545629fe3a1455

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\Kernelmoduleunloader.exe

Filesize
172KB

MD5
6eaa6b762a0ebc8eeb3a0a25f7fa1111

SHA1
52f168cd3f3d80b53b4b2e19cb525dc62249458e

SHA256
847d202ef864d0309e32ca683d26a9e90d696ce4f28accebc41913738f03de10

SHA512
5cfb1a07319a5269b6a10f6558ad9ebd417a9f80a7c6616b96c3a33b82cd9cdc1c7b8d4bac4b9de44cfa3d408d01dd11f677eb8da27648c03894937ec6d39190

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\autorun\java.lua

Filesize
60KB

MD5
53a3ae0ad10a6dad6bd9606a1f953095

SHA1
9f14d03e8c748d31867b40c8ccdc50d04dfa7e34

SHA256
25dc51de784c296a874fdcfda46850281c4537d23751c5cd7c52c15915379503

SHA512
bdf011d2d31661c980d24987bfbefe8fa679d7a193e7f0592eabefe0dd517e5bffe67c9ba152cedfceb19d76d922d57a4f7760b1081dc9b7369a9c75db879edb

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\autorun\javaClassEditor.lua

Filesize
51KB

MD5
75b48d50fc26b234a49a3570b1e70ad8

SHA1
c98d992b1904aceab5a05c6142467242bc7c4745

SHA256
19ba8f9355e1db731367c9aad908d8bbd68cbddd4a8e1232394b29a930f48afc

SHA512
d11b593e5382e2f5effc6eaa6cf119e1b38dd2d3b22a929b5b8fafe5826d626756ee40054a560aff61c4c2e8431fe443b318d34b502125a5ff4072554eb8e1da

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\autorun\javaclass.lua

Filesize
17KB

MD5
c4e3bdfef873442c140ca8495bf0fef3

SHA1
0b66da27b1c4d2f09dd449a2cb2acc41844c802d

SHA256
f990ae2b2f997f0d0c44715e962efebc007236d600a77d132d095e43949089a4

SHA512
43fd16340118cd1989e81f9a3e19ba68a1669489e48bea17d59490a48b9fbe11e32218b15e04db3c11ec4582f6632b3483619ce589340736fd356b163a502193

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\autorun\monoscript.lua

Filesize
33KB

MD5
1430f6ebbe31a6130ad112ca056ec68b

SHA1
eb67cb5455bd9639a6566c48765ee79f547fb4a8

SHA256
2cb414909949a1817e93e8884c0f794f0ea1c5f6498a5c261f3619df23a0608e

SHA512
994ad4d79b8b873ce795e8e72de8571a08ae0f954926b15f209122ca6fdf878ee894656b1de9b3df91f520e258999253610b2264ef0675494e9a31fe8957ba9f

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\ceregreset.exe

Filesize
182KB

MD5
633d0232652deb85e80e74f9f4402759

SHA1
6932a484e1146dc8655565c7bf6d788415d2308b

SHA256
a223bb9eed1fdc78347bdd97473264efc998913a07c8a5eb63d61cc035aac808

SHA512
627a8fd9acb7b803e248231b5a74cfa9f5cc392d7514d0daf13cc6f138c18dfcebaadc7f1a3d3b57f6bd9b860673cdc4d9a4242766d1a6732849d0110d1c6ff1

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\cheatengine-x86_64.exe

Filesize
9.6MB

MD5
1748f63933e6202e82691341cafb986b

SHA1
f4a34bfeaf9cc4fac59d2df09928215864efb597

SHA256
65730edab718f812ecc9c0ec41032dffc961a163bf9ce0ba6ca61e99da83c31d

SHA512
337956fa1b90fd869d93c611d5e81e2473b66956eb9da2dbef982cac56494924026b4b7e9b345c8014e6740241b3021615d8566fb66008adee6f62522be92612

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\commonmodulelist.txt

Filesize
1KB

MD5
c1a63bc903a2daa0589cfab264910256

SHA1
f4da320ac0bbb620b50d6491db353103ad373a31

SHA256
eb7df0e8e995a30c85485001219070ecfe5db30889adfea239f59257c6c326f5

SHA512
0dd4d0d07fbb738ef3a85c4ecd0a00f23cb67374d2f3fe26531d8aa4821fbbad915c24f5240c5afa1b4c941d081bda1fa3d72049cd11d3738336e0a3f70f74c6

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\defines.lua

Filesize
5KB

MD5
d8f9b4a10a48ebd8936255f6215c8a43

SHA1
7d8ff0012fa9d9dcf189c6df963f1c627f2ccb76

SHA256
d4347332b232622283e7dd3781f64966bd1097d06cca7052b467cf99e62898f2

SHA512
67db5dc65fef66fe3a1920c5f406091d17eeae27266039af392a166d63686b8fc61b94684f2b97762995aefa42d2d15148213ecef64cc0df04de19320abba97a

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\languages\language.ini

Filesize
282B

MD5
3845e5e5419b2b9ea302ba7385c95408

SHA1
eed139a5b4d7c9ad5be1b3fb7c4451db19efff1f

SHA256
07f4b71ab682e3528d600a33f87e38fff90f02d38336de6500d7738becc46a61

SHA512
283a4009c5a2108fdf78c1538b3824c529430870c5a5daa0dd6496bc8bb0f103ffc25319e9fb6cbcec82057942e0c4b84612c25a4f88d5ecd71b3da6a0f104b7

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\lua5.1-64.dll

Filesize
340KB

MD5
32718a4ec812b81fd70d4246a94c8731

SHA1
5f5fc4855240a3971bb1dee238793334b16dec51

SHA256
1cb952ca2bcd5646164ae0d1415de6b6bd1841de4609481716fcc67bbb6d872e

SHA512
a593a5906e4eb75197a01414a1e0bcaaf3309022d76139525507725ae4404836d262ce6ab4100a7ce0d8f9cb282eafc555041f83a60bd8aabf54a35a82a73941

Download Submit
C:\Program Files (x86)\Cheat Engine 6.4\main.lua

Filesize
103KB

MD5
b1efb12c0d7838f2cbb59b2ba0afe301

SHA1
7969709898131624230f8cbc3700e6d0fe8d4c35

SHA256
3b39d35d7b7e9216a7a91c030045f69c61650ebef378d7745b40fabfcdc768c0

SHA512
205bda5bbc9c642fc4fb98f9eb46754a11ca8572d91b66568d4861a08961f9ed58e7e15e9b2b87c76a2266e42b1fcacc552cd8662f765cfcf2d5571a2758be14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0fc9cf98e1147ac4707cc658287cc3b9

SHA1
04fbec6313a8e545d84a525261035dcb62ff9bf0

SHA256
96e3e5e8ab9359715e2a1c8695b016f24a01e717f6eedccaa5c1ab8eb99323c8

SHA512
fcd9f1be56565305cc43c8e340ec83fe895d1900a29ef6a19b050f9eaece786170fac2c1e3cbf6b04375979cac5adc31749f021bd47e23c31c4e104044984f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
24d9fd688b046a73f807d1f4b83e25e4

SHA1
653e55312fd97e3dc7302f2c753a10031a9171eb

SHA256
b761521f250fe6f7888c5218ed2a3252e81930cbd20afe715f0cd0738a531ffb

SHA512
ef678ffa2f04bb8a9616f2ff9bedca22e1059e73d92ad529cb5fc6096fe998fafd1c4cd6b0457ee4f67b515de7ebb96d7e3efe157e56f2ca6aa6fb2c3132ffa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a5daf4d03c9eb28d97f5f82947991639

SHA1
529c2ab26105fa9aaede30482ecdfc806eebe1e9

SHA256
c508557bd64eab6334c14100405f2753cc98ef6b17e1864f01d3d49d9853952d

SHA512
adc456d4a900f63b4416c2b5578705cd38305499a0cd6d3f419ef6918735470d4e67a5bf2206d713d39493b465fcdb7520658b6256a70f30b229a5ce8fb1c6ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0ae09063aab5fd9bf44d71d732786a6f

SHA1
339ec08109ddfc2fc97aaf9174e7910df97ff6b1

SHA256
c14e159eeb1877d92a04a6dccb8b8a4e81a36e2497fcca81ecc7fbe62d4c66fd

SHA512
5a60390bdef4816c885eea26ce656763b4962574f9ca495009f8b4b768179aef7f80127f484734fc15e45372f156959fe03f4d4c6125cf49d511785d63aff2bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
8c717748ebf3b8e6b1ed9810c19ddd15

SHA1
6119119f4e5e883f2bc557c59bebfb94700e89b9

SHA256
8ac09bd8511f3a6c4b348246be3fad31c1dea60c7d942ca4e339d4981d49c142

SHA512
e97c53a628c8d0ff84a7ed75ef294865045be3f8a2d105f29e9f904f94f3db1321d5a3e2d1aaa7529ac68098fe0d87ea6746188b3a8331998fc9c0239a7d805a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0KAO7.tmp\Cheat-Engine-6-4.tmp

Filesize
693KB

MD5
8d88c3e4029d2413fc1566fd149209e5

SHA1
5dcf62da61596658d45fe720014a099494dffa0c

SHA256
b990f900c68dc63a8173793a9d086a6c9cecc872a9a8cfd2bd60f3fe38e71dc8

SHA512
f9da62acd633ae1927d3792e1f5c827eecf10a9a23ae83223a271c5e98ef55207d24ed89c987a2e709a51f29bd6ff381821cb0034b03ecc1e89c28088446b75d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7KRQ1.tmp\OCSetupHlp.dll

Filesize
819KB

MD5
dd30ea676e597d0e76503634c6d72e0b

SHA1
27fc33c268917da954a37c871f522fb199c3fe6b

SHA256
01569b565d25992e15ea64caf6cbfdfae6c023bdaa1b63c9fcb1ae7f73a91d42

SHA512
bd9f78c6acf546b0d0c43ec7e123e57c34d0c466f1e88c0fc184d606f31a83f6852d6155d9671ed636aab39f0a494fae786596a161fcf2a00edf677758b0ab44

Download Submit
C:\Users\Admin\Downloads\Cheat-Engine-6-4.exe

Filesize
8.6MB

MD5
58e286356ed95579127915341d05544a

SHA1
8cb06bca312ed2bfa02c7f9344f2717d02ecd931

SHA256
f6b24a4bf25e9393b6030a0c694be62eefdda6b37ea0b9249f53aeba4891e784

SHA512
7e8deb2fbc1513e81c7e2a89d82cd5b5b59e7abac94ab9227b0cd247825942cd29614b653ea6b11952e0c363ea598de85bff849762db8fa298e65897725b4712

Download Submit
memory/1032-359-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1032-55-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1032-57-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/1032-84-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1328-85-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1328-92-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1328-336-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1328-358-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1328-67-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2592-193-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4332-363-0x0000020CA2DD0000-0x0000020CA2DD1000-memory.dmp

Filesize
4KB

Download
memory/4332-361-0x0000020CA2DD0000-0x0000020CA2DD1000-memory.dmp

Filesize
4KB

Download
memory/4332-373-0x0000020CA2DD0000-0x0000020CA2DD1000-memory.dmp

Filesize
4KB

Download
memory/4332-372-0x0000020CA2DD0000-0x0000020CA2DD1000-memory.dmp

Filesize
4KB

Download
memory/4332-371-0x0000020CA2DD0000-0x0000020CA2DD1000-memory.dmp

Filesize
4KB

Download
memory/4332-370-0x0000020CA2DD0000-0x0000020CA2DD1000-memory.dmp

Filesize
4KB

Download
memory/4332-369-0x0000020CA2DD0000-0x0000020CA2DD1000-memory.dmp

Filesize
4KB

Download
memory/4332-368-0x0000020CA2DD0000-0x0000020CA2DD1000-memory.dmp

Filesize
4KB

Download
memory/4332-367-0x0000020CA2DD0000-0x0000020CA2DD1000-memory.dmp

Filesize
4KB

Download
memory/4332-362-0x0000020CA2DD0000-0x0000020CA2DD1000-memory.dmp

Filesize
4KB

Download