Malware Analysis Report

2024-11-13 13:25

Sample ID 240613-gpwv6awgnh
Target CheatEngine75_0fa34a97.exe
SHA256 93bc218fa7956dc4eb8d19f7fe8c8ebb2e0b60f06ff221bbab6e62b56fc94f6a
Tags
discovery evasion execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

93bc218fa7956dc4eb8d19f7fe8c8ebb2e0b60f06ff221bbab6e62b56fc94f6a

Threat Level: Likely malicious

The file CheatEngine75_0fa34a97.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution

Stops running service(s)

Modifies file permissions

Drops file in System32 directory

Drops file in Program Files directory

Checks installed software on the system

Launches sc.exe

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Runs net.exe

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:59

Reported

2024-06-13 06:04

Platform

win11-20240508-en

Max time kernel

299s

Max time network

246s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CheatEngine75_0fa34a97.exe"

Signatures

Stops running service(s)

evasion execution

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\bcryptPrimitives.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\system32\explorerframe.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\PROPSYS.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\KERNELBASE.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\sechost.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\imm32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\shell32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\comdlg32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\KERNEL32.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\combase.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\GDI32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\uxtheme.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\hhctrl.ocx C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\gdi32full.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\SHLWAPI.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\msimg32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\msvcp_win.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\msvcrt.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\opengl32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\GLU32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\clbcatq.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\ntdll.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\wininet.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\imm32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\user32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\advapi32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\psapi.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\version.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\msvcp_win.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\shell32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\hhctrl.ocx C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\KERNELBASE.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\uxtheme.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\sechost.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\wsock32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\wininet.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\win32u.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\bcryptPrimitives.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\oleaut32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ucrtbase.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\KERNEL32.DLL C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\apphelp.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\wintypes.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ucrtbase.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ole32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\shcore.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\MSCTF.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ws2_32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\dxcore.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\gdi32full.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ole32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\windows.storage.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\comdlg32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\RPCRT4.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\opengl32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\kernel.appcore.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\clbcatq.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\version.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\ntdll.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\ws2_32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\msimg32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\shcore.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\System32\SHLWAPI.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\SYSTEM32\winmm.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Cheat Engine 7.5\include\winapi\is-MIS34.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\kernelbase.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\win32u.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\apphelp.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\CoreMessaging.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\win32\sqlite3.dll C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-4O49N.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\combase.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\dnsapi.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\opengl32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\dnsapi.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\is-TR5G2.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\forms\is-UNP82.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\advapi32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\is-NLEBT.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-IRT1R.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\languages\is-KB533.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\forms\is-A7FC1.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\is-PUJME.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\oleaut32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-O6IP6.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\ntdll.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\wininet.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-9MA8N.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\kernelbase.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\combase.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\DLL\kernel32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\lua53-32.dll C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-UMO97.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-EHR6L.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-FD8PP.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-PFMD8.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\netutils.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-EE3D9.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\psapi.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\tcc64-64.dll C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\CheatEngine.chm C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\libmikmod64.dll C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\DLL\kernel32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\iertutil.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\lua53-64.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-B8DEP.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\is-CV0CI.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\msvcp_win.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\include\is-N9O4H.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\opengl32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File created C:\Program Files\Cheat Engine 7.5\is-6MSAN.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\propsys.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\XInput1_4.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\psapi.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\DLL\kernel32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\devobj.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-SSFCE.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\autorun\is-9M0PT.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\symbols\dll\kernelbase.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\dll\user32.pdb C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
File created C:\Program Files\Cheat Engine 7.5\is-CE11P.tmp C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command\ = "\"C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CT\ = "CheatEngine" C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\ = "Cheat Engine" C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\DefaultIcon\ = "C:\\Program Files\\Cheat Engine 7.5\\Cheat Engine.exe,0" C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine" C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.CT C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A

Runs net.exe

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTcbPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTcbPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: 33 N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeManageVolumePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: 33 N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTcbPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTcbPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: 33 N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeManageVolumePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: 33 N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1468 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\CheatEngine75_0fa34a97.exe C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp
PID 1468 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\CheatEngine75_0fa34a97.exe C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp
PID 1468 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\CheatEngine75_0fa34a97.exe C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp
PID 3048 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe
PID 3048 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe
PID 3048 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe
PID 2468 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp
PID 2468 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp
PID 2468 wrote to memory of 4052 N/A C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp
PID 4052 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\SYSTEM32\net.exe
PID 4052 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\SYSTEM32\net.exe
PID 2148 wrote to memory of 1104 N/A C:\Windows\SYSTEM32\net.exe C:\Windows\system32\net1.exe
PID 2148 wrote to memory of 1104 N/A C:\Windows\SYSTEM32\net.exe C:\Windows\system32\net1.exe
PID 4052 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\SYSTEM32\net.exe
PID 4052 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\SYSTEM32\net.exe
PID 1584 wrote to memory of 4304 N/A C:\Windows\SYSTEM32\net.exe C:\Windows\system32\net1.exe
PID 1584 wrote to memory of 4304 N/A C:\Windows\SYSTEM32\net.exe C:\Windows\system32\net1.exe
PID 4052 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\SYSTEM32\sc.exe
PID 4052 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\SYSTEM32\sc.exe
PID 4052 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\SYSTEM32\sc.exe
PID 4052 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\SYSTEM32\sc.exe
PID 4052 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Users\Admin\AppData\Local\Temp\is-EOD7A.tmp\_isetup\_setup64.tmp
PID 4052 wrote to memory of 1248 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Users\Admin\AppData\Local\Temp\is-EOD7A.tmp\_isetup\_setup64.tmp
PID 4052 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\system32\icacls.exe
PID 4052 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\system32\icacls.exe
PID 4052 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
PID 4052 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
PID 4052 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
PID 4052 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
PID 4052 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
PID 4052 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
PID 4052 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\system32\icacls.exe
PID 4052 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp C:\Windows\system32\icacls.exe
PID 3048 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
PID 3048 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
PID 3048 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
PID 4852 wrote to memory of 2036 N/A C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
PID 4852 wrote to memory of 2036 N/A C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
PID 1904 wrote to memory of 1496 N/A C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
PID 1904 wrote to memory of 1496 N/A C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
PID 1496 wrote to memory of 1160 N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1160 N/A C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 3388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 3388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1160 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\CheatEngine75_0fa34a97.exe

"C:\Users\Admin\AppData\Local\Temp\CheatEngine75_0fa34a97.exe"

C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp

"C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp" /SL5="$70250,29019897,780800,C:\Users\Admin\AppData\Local\Temp\CheatEngine75_0fa34a97.exe"

C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe

"C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST

C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp

"C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp" /SL5="$102DA,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST

C:\Windows\SYSTEM32\net.exe

"net" stop BadlionAntic

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop BadlionAntic

C:\Windows\SYSTEM32\net.exe

"net" stop BadlionAnticheat

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop BadlionAnticheat

C:\Windows\SYSTEM32\sc.exe

"sc" delete BadlionAntic

C:\Windows\SYSTEM32\sc.exe

"sc" delete BadlionAnticheat

C:\Users\Admin\AppData\Local\Temp\is-EOD7A.tmp\_isetup\_setup64.tmp

helper 105 0x3A4

C:\Windows\system32\icacls.exe

"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)

C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe

"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP

C:\Program Files\Cheat Engine 7.5\windowsrepair.exe

"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s

C:\Windows\system32\icacls.exe

"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"

C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"

C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe

"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.cheatengine.org/?referredby=CE7.50

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb4ecb3cb8,0x7ffb4ecb3cc8,0x7ffb4ecb3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5012 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12717078450294745094,3276956705460132959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 d1zlukw2pqueen.cloudfront.net udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 d1zlukw2pqueen.cloudfront.net udp
US 8.8.8.8:53 d1zlukw2pqueen.cloudfront.net udp
US 8.8.8.8:53 cheatengine.org udp
US 8.8.8.8:53 cheatengine.org udp
US 8.8.8.8:53 www.cheatengine.org udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.cheatengine.org udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.cheatengine.org udp
US 8.8.8.8:53 www.cheatengine.org udp

Files

memory/1468-0-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/1468-2-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-QFBSH.tmp\CheatEngine75_0fa34a97.tmp

MD5 14e34c5e0e3c320b904b9500e8fa96cf
SHA1 47cf88e6ddc1683135194b9d8b1cc32c78277f5e
SHA256 7398bd01e78df0d69169402f7fecf781c23f61127ba68290d146582ebadbf2ef
SHA512 6d99202dafd3209622e6fa217407bccd0b4157550d873bff36f06a279c499c9e98cb01d235c337d76d86c9e3c369d89712450fe1353eb18b2b7c108abd67ad59

memory/3048-6-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\zbShieldUtils.dll

MD5 b83f5833e96c2eb13f14dcca805d51a1
SHA1 9976b0a6ef3dabeab064b188d77d870dcdaf086d
SHA256 00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401
SHA512 8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb

memory/1468-13-0x0000000000400000-0x00000000004CC000-memory.dmp

memory/3048-14-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/3048-16-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\logo.png

MD5 1df360d73bf8108041d31d9875888436
SHA1 c866e8855d62f56a411641ece0552e54cbd0f2fb
SHA256 c1b1d7b4806955fe39a8bc6ce5574ab6ac5b93ad640cecfebe0961360c496d43
SHA512 3991b89927d89effca30cc584d5907998c217cf00ca441f2525ef8627ffff2032d104536f8b6ab79b83f4e32a7aab993f45d3930d5943cbfb5e449c5832abe14

memory/3048-23-0x0000000004540000-0x0000000004680000-memory.dmp

memory/3048-24-0x0000000000400000-0x00000000006EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-1GS87.tmp\CheatEngine75.exe

MD5 e0f666fe4ff537fb8587ccd215e41e5f
SHA1 d283f9b56c1e36b70a74772f7ca927708d1be76f
SHA256 f88b0e5a32a395ab9996452d461820679e55c19952effe991dee8fedea1968af
SHA512 7f6cabd79ca7cdacc20be8f3324ba1fdaaff57cb9933693253e595bfc5af2cb7510aa00522a466666993da26ddc7df4096850a310d7cff44b2807de4e1179d1a

memory/2468-34-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/2468-32-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-4HH14.tmp\CheatEngine75.tmp

MD5 9aa2acd4c96f8ba03bb6c3ea806d806f
SHA1 9752f38cc51314bfd6d9acb9fb773e90f8ea0e15
SHA256 1b81562fdaeaa1bc22cbaa15c92bab90a12080519916cfa30c843796021153bb
SHA512 b0a00082c1e37efbfc2058887db60dabf6e9606713045f53db450f16ebae0296abfd73a025ffa6a8f2dcb730c69dd407f7889037182ce46c68367f54f4b1dc8d

C:\Users\Admin\AppData\Local\Temp\is-EOD7A.tmp\_isetup\_setup64.tmp

MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA512 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

C:\Program Files\Cheat Engine 7.5\windowsrepair.exe

MD5 9a4d1b5154194ea0c42efebeb73f318f
SHA1 220f8af8b91d3c7b64140cbb5d9337d7ed277edb
SHA256 2f3214f799b0f0a2f3955dbdc64c7e7c0e216f1a09d2c1ad5d0a99921782e363
SHA512 6eef3254fc24079751fc8c38dda9a8e44840e5a4df1ff5adf076e4be87127075a7fea59ba7ef9b901aaf10eb64f881fc8fb306c2625140169665dd3991e5c25b

C:\Program Files\Cheat Engine 7.5\is-M7UQH.tmp

MD5 22653019de4a66b1140d146fbc674ea2
SHA1 8b8d4c716e4460e4b7ddce0b086aa77dd7fcadd8
SHA256 526cff2e58b6ee3a3af1162981a2997d052047d5beae0958a8fe2013c3d42cd9
SHA512 be6b926353892177a9779b6c4e1a5f744fac27a6ee3f06cf53d1bade3a11f0d4d7db59fb79cb017ffd4ed8597e696b78e91c79e7210ec3bac5451bf7acbca0e0

C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll

MD5 6e00495955d4efaac2e1602eb47033ee
SHA1 95c2998d35adcf2814ec7c056bfbe0a0eb6a100c
SHA256 5e24a5fe17ec001cab7118328a4bff0f2577bd057206c6c886c3b7fb98e0d6d9
SHA512 2004d1def322b6dd7b129fe4fa7bbe5d42ab280b2e9e81de806f54313a7ed7231f71b62b6138ac767288fee796092f3397e5390e858e06e55a69b0d00f18b866

C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll

MD5 19b2050b660a4f9fcb71c93853f2e79c
SHA1 5ffa886fa019fcd20008e8820a0939c09a62407a
SHA256 5421b570fbc1165d7794c08279e311672dc4f42cb7ae1cbddcd7eea0b1136fff
SHA512 a93e47387ab0d327b71c3045b3964c7586d0e03dddb2e692f6671fb99659e829591d5f23ce7a95683d82d239ba7d11fb5a123834629a53de5ce5dba6aa714a9a

C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll

MD5 e9b5905d495a88adbc12c811785e72ec
SHA1 ca0546646986aab770c7cf2e723c736777802880
SHA256 3eb9cd27035d4193e32e271778643f3acb2ba73341d87fd8bb18d99af3dffdea
SHA512 4124180b118149c25f8ea8dbbb2912b4bd56b43f695bf0ff9c6ccc95ade388f1be7d440a791d49e4d5c9c350ea113cf65f839a3c47d705533716acc53dd038f8

C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll

MD5 8d487547f1664995e8c47ec2ca6d71fe
SHA1 d29255653ae831f298a54c6fa142fb64e984e802
SHA256 f50baf9dc3cd6b925758077ec85708db2712999b9027cc632f57d1e6c588df21
SHA512 79c230cfe8907df9da92607a2c1ace0523a36c3a13296cb0265329208edc453e293d7fbedbd5410decf81d20a7fe361fdebddadbc1dc63c96130b0bedf5b1d8a

C:\Program Files\Cheat Engine 7.5\allochook-i386.dll

MD5 19d52868c3e0b609dbeb68ef81f381a9
SHA1 ce365bd4cf627a3849d7277bafbf2f5f56f496dc
SHA256 b96469b310ba59d1db320a337b3a8104db232a4344a47a8e5ae72f16cc7b1ff4
SHA512 5fbd53d761695de1dd6f0afd0964b33863764c89692345cab013c0b1b6332c24dcf766028f305cc87d864d17229d7a52bf19a299ca136a799053c368f21c8926

C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll

MD5 daa81711ad1f1b1f8d96dc926d502484
SHA1 7130b241e23bede2b1f812d95fdb4ed5eecadbfd
SHA256 8422be70e0ec59c962b35acf8ad80671bcc8330c9256e6e1ec5c07691388cd66
SHA512 9eaa8e04ad7359a30d5e2f9256f94c1643d4c3f3c0dff24d6cd9e31a6f88cb3b470dd98f01f8b0f57bb947adc3d45c35749ed4877c7cbbbcc181145f0c361065

C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll

MD5 9f50134c8be9af59f371f607a6daa0b6
SHA1 6584b98172cbc4916a7e5ca8d5788493f85f24a7
SHA256 dd07117ed80546f23d37f8023e992de560a1f55a76d1eb6dfd9d55baa5e3dad6
SHA512 5ccafa2b0e2d20034168ee9a79e8efff64f12f5247f6772815ef4cb9ee56f245a06b088247222c5a3789ae2dcefadbc2c15df4ff5196028857f92b9992b094e0

C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll

MD5 dd71848b5bbd150e22e84238cf985af0
SHA1 35c7aa128d47710cfdb15bb6809a20dbd0f916d8
SHA256 253d18d0d835f482e6abbaf716855580eb8fe789292c937301e4d60ead29531d
SHA512 0cbf35c9d7b09fb57d8a9079eab726a3891393f12aee8b43e01d1d979509e755b74c0fb677f8f2dfab6b2e34a141f65d0cfbfe57bda0bf7482841ad31ace7790

C:\Program Files\Cheat Engine 7.5\winhook-i386.dll

MD5 de625af5cf4822db08035cc897f0b9f2
SHA1 4440b060c1fa070eb5d61ea9aadda11e4120d325
SHA256 3cdb85ee83ef12802efdfc9314e863d4696be70530b31e7958c185fc4d6a9b38
SHA512 19b22f43441e8bc72507be850a8154321c20b7351669d15af726145c0d34805c7df58f9dc64a29272a4811268308e503e9840f06e51ccdcb33afd61258339099

C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll

MD5 f9c562b838a3c0620fb6ee46b20b554c
SHA1 5095f54be57622730698b5c92c61b124dfb3b944
SHA256 e08b035d0a894d8bea64e67b1ed0bce27567d417eaaa133e8b231f8a939e581d
SHA512 a20bc9a442c698c264fef82aa743d9f3873227d7d55cb908e282fa1f5dcff6b40c5b9ca7802576ef2f5a753fd1c534e9be69464b29af8efec8b019814b875296

C:\Program Files\Cheat Engine 7.5\libipt-32.dll

MD5 df443813546abcef7f33dd9fc0c6070a
SHA1 635d2d453d48382824e44dd1e59d5c54d735ee2c
SHA256 d14911c838620251f7f64c190b04bb8f4e762318cc763d993c9179376228d8ca
SHA512 9f9bea9112d9db9bcecfc8e4800b7e8032efb240cbbddaf26c133b4ce12d27b47dc4e90bc339c561714bc972f6e809b2ec9c9e1facc6c223fbac66b089a14c25

C:\Program Files\Cheat Engine 7.5\libipt-64.dll

MD5 4a3b7c52ef32d936e3167efc1e920ae6
SHA1 d5d8daa7a272547419132ddb6e666f7559dbac04
SHA256 26ede848dba071eb76c0c0ef8e9d8ad1c53dfab47ca9137abc9d683032f06ebb
SHA512 36d7f8a0a749de049a830cc8c8f0d3962d8dce57b445f5f3c771a86dd11aaa10da5f36f95e55d3dc90900e4dbddd0dcc21052c53aa11f939db691362c42e5312

C:\Program Files\Cheat Engine 7.5\d3dhook.dll

MD5 2a2ebe526ace7eea5d58e416783d9087
SHA1 5dabe0f7586f351addc8afc5585ee9f70c99e6c4
SHA256 e2a7df4c380667431f4443d5e5fc43964b76c8fcb9cf4c7db921c4140b225b42
SHA512 94ed0038068abddd108f880df23422e21f9808ce04a0d14299aacc5d573521f52626c0c2752b314cda976f64de52c4d5bcac0158b37d43afb9bc345f31fdbbc0

C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll

MD5 42e2bf4210f8126e3d655218bd2af2e4
SHA1 78efcb9138eb0c800451cf2bcc10e92a3adf5b72
SHA256 1e30126badfffb231a605c6764dd98895208779ef440ea20015ab560263dd288
SHA512 c985988d0832ce26337f774b160ac369f2957c306a1d82fbbffe87d9062ae5f3af3c1209768cd574182669cd4495dba26b6f1388814c0724a7812218b0b8dc74

C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll

MD5 61ba5199c4e601fa6340e46bef0dff2d
SHA1 7c1a51d6d75b001ba1acde2acb0919b939b392c3
SHA256 8783f06f7b123e16042bb0af91ff196b698d3cd2aa930e3ea97cfc553d9fc0f4
SHA512 8ce180a622a5788bb66c5f3a4abfde62c858e86962f29091e9c157753088ddc826c67c51ff26567bfe2b75737897f14e6bb17ec89f52b525f6577097f1647d31

C:\Program Files\Cheat Engine 7.5\d3dhook64.dll

MD5 2af7afe35ab4825e58f43434f5ae9a0f
SHA1 b67c51cad09b236ae859a77d0807669283d6342f
SHA256 7d82694094c1bbc586e554fa87a4b1ed6ebc9eb14902fd429824dcd501339722
SHA512 23b7c6db0cb9c918ad9f28fa0e4e683c7e2495e89a136b75b7e1be6380591da61b6fb4f7248191f28fd3d80c4a391744a96434b4ab96b9531b5ebb0ec970b9d0

C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll

MD5 43dac1f3ca6b48263029b348111e3255
SHA1 9e399fddc2a256292a07b5c3a16b1c8bdd8da5c1
SHA256 148f12445f11a50efbd23509139bf06a47d453e8514733b5a15868d10cc6e066
SHA512 6e77a429923b503fc08895995eb8817e36145169c2937dacc2da92b846f45101846e98191aeb4f0f2f13fff05d0836aa658f505a04208188278718166c5e3032

C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll

MD5 5f1a333671bf167730ed5f70c2c18008
SHA1 c8233bbc6178ba646252c6566789b82a3296cab5
SHA256 fd2a2b4fe4504c56347c35f24d566cc0510e81706175395d0a2ba26a013c4daf
SHA512 6986d93e680b3776eb5700143fc35d60ca9dbbdf83498f8731c673f9fd77c8699a24a4849db2a273aa991b8289e4d6c3142bbde77e11f2faf603df43e8fea105

C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll

MD5 0daf9f07847cceb0f0760bf5d770b8c1
SHA1 992cc461f67acea58a866a78b6eefb0cbcc3aaa1
SHA256 a2ac2ba27b0ed9acc3f0ea1bef9909a59169bc2eb16c979ef8e736a784bf2fa4
SHA512 b4dda28721de88a372af39d4dfba6e612ce06cc443d6a6d636334865a9f8ca555591fb36d9829b54bc0fb27f486d4f216d50f68e1c2df067439fe8ebbf203b6a

C:\Program Files\Cheat Engine 7.5\overlay.fx

MD5 650c02fc9f949d14d62e32dd7a894f5e
SHA1 fa5399b01aadd9f1a4a5632f8632711c186ec0de
SHA256 c4d23db8effb359b4aa4d1e1e480486fe3a4586ce8243397a94250627ba4f8cc
SHA512 f2caaf604c271283fc7af3aa9674b9d647c4ac53dffca031dbf1220d3ed2e867943f5409a95f41c61d716879bed7c888735f43a068f1cc1452b4196d611cb76d

C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll

MD5 0eaac872aadc457c87ee995bbf45a9c1
SHA1 5e9e9b98f40424ad5397fc73c13b882d75499d27
SHA256 6f505cc5973687bbda1c2d9ac8a635d333f57c12067c54da7453d9448ab40b8f
SHA512 164d1e6ef537d44ac4c0fd90d3c708843a74ac2e08fa2b3f0fdd4a180401210847e0f7bb8ec3056f5dc1d5a54d3239c59fb37914ce7742a4c0eb81578657d24b

C:\Program Files\Cheat Engine 7.5\languages\language.ini

MD5 af5ed8f4fe5370516403ae39200f5a4f
SHA1 9299e9998a0605182683a58a5a6ab01a9b9bc037
SHA256 4aa4f0b75548d45c81d8e876e2db1c74bddfd64091f102706d729b50a7af53a5
SHA512 f070049a2fae3223861424e7fe79cbae6601c9bee6a56fadde4485ad3c597dc1f3687e720177ab28564a1faab52b6679e9315f74327d02aa1fb31e7b8233a80f

C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe

MD5 9af96706762298cf72df2a74213494c9
SHA1 4b5fd2f168380919524ecce77aa1be330fdef57a
SHA256 65fa2ccb3ac5400dd92dda5f640445a6e195da7c827107260f67624d3eb95e7d
SHA512 29a0619093c4c0ecf602c861ec819ef16550c0607df93067eaef4259a84fd7d40eb88cd5548c0b3b265f3ce5237b585f508fdd543fa281737be17c0551163bd4

C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png

MD5 5cff22e5655d267b559261c37a423871
SHA1 b60ae22dfd7843dd1522663a3f46b3e505744b0f
SHA256 a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9
SHA512 e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50

C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe

MD5 f921416197c2ae407d53ba5712c3930a
SHA1 6a7daa7372e93c48758b9752c8a5a673b525632b
SHA256 e31b233ddf070798cc0381cc6285f6f79ea0c17b99737f7547618dcfd36cdc0e
SHA512 0139efb76c2107d0497be9910836d7c19329e4399aa8d46bbe17ae63d56ab73004c51b650ce38d79681c22c2d1b77078a7d7185431882baf3e7bef473ac95dce

memory/4052-682-0x0000000000400000-0x000000000071B000-memory.dmp

C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.vcproj

MD5 9ee34d72f0c9e158fcebb31cd8878d6c
SHA1 3f06d5e6e886961af80fa823e2d52ce5cd0b84d8
SHA256 cafe34e86117a15c4e0b40f12bcbb79cb6ef8f0ab8ed10def567357ab11637cd
SHA512 fb41af029142289de950ba7bc1512a586e9c9e2414f46bb755936637978d40eca5d8e671369be61acd38e841bcd11c264e2de55fbc087e91b4a7529ffe91a55b

memory/2468-714-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.h

MD5 20af26e2ab559ddc6ca1929834da003e
SHA1 7ae93554fbcec9851f68f16a2eaed9c3f299ce5f
SHA256 18c5fb7cb71eb7b2d1835ce44b24e09213aa885c1407e4e2401fbd2d74970d8e
SHA512 b9ff67e715e0489d761424266eda7049f40fe38e0ee4f595b1d4b43e6e9f829074827dc4ebbf9ff368be02a90a9343117930c88ed5fbb8e3d8eebda43a857d90

C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.cpp

MD5 021aa48bed78c67e3a7969be8bc0bb5b
SHA1 cca95a2d7d82ed610245d3ae88dd19c339c402ac
SHA256 c9ef523d9abcac32bc86cc5e316c03749b64ec4bce0343289c05e9366639696d
SHA512 d3e10547d368d50863cc781e1831c5fa6264faa9cc64af6114e7f4e21d361849bbee0784f0d653bc824079e43bdd8ae8d02b5574520497b07e0022cbaaef3c32

C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\Pipe.h

MD5 956c9c67fe3fa489547c1767afb50ec4
SHA1 bc76c3e7df811b582ee153c43b986c8ed107e72a
SHA256 65df81aa1a72667285733ff7515632d7c003b2c21b37d623fc3f6663738137c0
SHA512 3fd906cb79b534fc63336005a605ee092fb8b028ad660882c3324f72d794cb1198c13fc23390b1fa1e0e895c1963f293b3411ec4599d67a5b8b8fdfd77840200

C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\Pipe.cpp

MD5 9f6258b7c0fafde9b1d0ed44ffea7070
SHA1 fdbf716e6fd03bb3d2671f854a997ea46efae26f
SHA256 d020d9cf2563f8b6021593fa604e9cfbe54bcb8b7361ccdbc220e543a6995045
SHA512 dd00a5f40caa128ccaed782e6aba697dbd24ca194f051ef1fa542b3acaaa618e08c822ecec45eac4a37fb29c889dc4df5bb99ca6f328f010c4f4931d88a3ee7b

C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll

MD5 4237719534b21bb179480ed8bb23c0cc
SHA1 a1c8db76137b6131b7b8fe379841cb3df62f3b7d
SHA256 15ee5851ff1b33e369b43c66d44e3d1452a212c2a37f337b680fe8bd88df8748
SHA512 4ace9a2ca9beaf64a3b097922300e6bf46729375cb4dfa4bc3d81b0420ff28cd45c2cfdb9c05e4885ddd39cb6bf160d932be4711c219302d684d23afeadb4f72

C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll

MD5 c5b870ce07da5206d8a81e139920b7dc
SHA1 f868450ed5f886f084c00345c75143c65fd9338e
SHA256 eb26b38a604cf98b95a39fd249c0771e351061a9894d22284cdfe984e8fc7a6c
SHA512 7dfb3e9940ec0d14b42c77483f71274701c46483e65ee57a0853a31f688cc5c3d0c0af2050229ba196d9beff9813f259e3f92eec9d8352cc0e416feb4eb1a6be

C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll

MD5 ed7867296697880928f297914d80f211
SHA1 1cc9b65d8f94a04ea59b7511df522fcb68c275e9
SHA256 3dc9ea4350e99e6216da0840c53ed8ccca39ba7df7a4146b47affcab128a4432
SHA512 044fdeccb4a46edf37bbef8e6cbb36ac586a2aa505b34f71977a2e404fff088a60ff8277d0251b23c7f5d090a337b4cb5af1fea1a638b408eec6f334bc416ad8

C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll

MD5 cefc5c56720ca850ccb20faf47733bd2
SHA1 55f25cf4a7de12607b085e8cfdba0383f0207e9d
SHA256 f107dd69b4115864d289f364fafc0e045fd3e9fc4bde5586ce8c1bcf59cc65a7
SHA512 1b6fba56feac4f4345b2f6ced82a3dddacc3c0cb6f49c1d30105a8156b8de851e34b9e31478c658c60d907c9f26237d2efb7c2ab85adb49905fdcca6349a4dee

C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll

MD5 b02fa5c8eefbcd010aaac97a94ff62bb
SHA1 fd88f2fc529515252cbcab507f322b080853c38b
SHA256 7bd0d77fd790215bb67337f9f210b05aaab0193d105b8ff86ec422e9875eb033
SHA512 1d18cb2cffbf83ef949c2a34fa28c4e011c623c62ce743c7f320db1acfbd41bea2ea6d3f0d93a34874973fc43367d6562c630f8b7912b22be7ccc61851001a18

C:\Program Files\Cheat Engine 7.5\autorun\ceshare.lua

MD5 26c0e56abebfb550a9d208d6191816e0
SHA1 8f2392846633ac48a0168afe9f20afc124699f4c
SHA256 a825f660df2e6c13dbece0a0f8dc306129bd784f8dc4efc37e67e9cdd00ce65f
SHA512 4fc8a18e2f24374953694cb9230d9ddba7a1b69b3ba5574ae143cb79b8d0f7cd94e9dd7337ec58ea40769a4b552a583c466781ac7eff50c9199eab39ad2076a9

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\link.png

MD5 0212208fd406500388f08bc4189cc57e
SHA1 79a82f1ac86d6c4be3c3e4b0a790bfd4e2f6b27e
SHA256 a85170d26b9344dca793c3b2326ec709d2f2d01578e78b855e82b14795b0025c
SHA512 33e7e2ae0b3d36d8e909cffc993e6b36923e8775e780832f5d689c15d04712ea412b62cc709c53128d9acad34f1922cb9fee90304da2f879bebeb4f3a67b9523

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\UpdateOrNew.FRM

MD5 5ad30685c039c115c346d24223c3eae4
SHA1 814c5b02040e87906e7a64f4355b8a35101bdacf
SHA256 bd3e07decc17007796403191246ab0f3585f51532fbf16d496e541c3107d7e0e
SHA512 de29c279573c7cc542e8a9ac427594e067d47de390a7d41ac2e7ccddd646550b5ed6d2ecae39b2c7b798649b6d61ba5bd259fd0a8814d35b508d3ae96dd19bc1

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\PublishCheat.FRM

MD5 d6fcb383a27920083054dd42003bec4d
SHA1 3941a986929680d50b8b74e61323d1d6c20aec27
SHA256 a8611471651393e17090167c5b6cade46eae9fee8841db0816bf36a4f43fbe16
SHA512 405cbb3823344bc321e135c8084710352506a342ff22a2c356b0629eb6e929ac44c0098bd6e90256bc0814a7693d367e6e4aea8bf277b122654e19a185d52938

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\Permissions.FRM

MD5 7ffd1e1b425636cfa08cda89429c69a6
SHA1 ec6a75fca2bc4f2e8cb7ab9644d1bedb1d686221
SHA256 44e9bc08a3f919da8689c4703e77324568f3902e95f8f3f92ccf234bcf7bf649
SHA512 dba72b7a8f1a3d72101e4f735e0cea1be8e72236a81e6fc2ce18e7f93715b5c1f21aa384790c7e0097a23aeb6d52e954ce7c7adf7c6189a855dcd6fadade7c9b

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\InitialSetup.FRM

MD5 23cc858da49a7bda9e9fe3abf8d86d1d
SHA1 9d869496104acfff0c5cb572628085666dc53486
SHA256 d5786540891c411bc34a5505a6cee0e747df2e5cd410abfeb94e6d4169c85069
SHA512 b5650ab1ae463f97f5681dd3fdff7015c963703a7437ac5f71a158f3e0bdc045e69151897d0ec75aa9dd4ccac5475e6e492ce46a296bcab8c4c329720e3c002a

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\CommentsOrRequests.FRM

MD5 cd4d7aee15163ab407b4f18d8f93dcc3
SHA1 676e3eea53646f221dcb4c9b7dcc2cb5315f36bc
SHA256 d8de8120c14da094feddb24c46c3e729d99696ccce9c2d479797ffbbf34bd20b
SHA512 17ede3db62a9d2abfb8d2715e5ed816a7badf1eb7ead79e5b48ab6db7dcd8215b40cdd03d4a3cfd5ede4567fa5092d9f7406fb25bc82dcaa26cbea57c2207f69

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\BrowseCheats.FRM

MD5 d4f5fe5a2f5feeb3d97b2fdf4ae7e6bc
SHA1 eef59c5a8aacd86f993e2bb3f8e5892817a9f7eb
SHA256 9cb25c63ab41be2ba3984df20686dd27bf937e029ebfaa56ebe88bac6dfc53b6
SHA512 b00e9467a5203b04a958a69b20152ad5907e5337a43e3ff8f9209a01d7874dd477bb8596e93b3acaf7354ee7ce76e742f4a72f598473a9c8cc36bbdbb240bb43

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_requests.lua

MD5 6cf99831e2aaafb97e975eae06a705ff
SHA1 b6e71f7d3c779575598b65a6e4fb341344a3ddd2
SHA256 e9d57acb17502ac169deb37f211e472f68cd6e8a69e071d384b989fa45e9fa7f
SHA512 f6467c4c9dcab563dbb5a337c76616208d1a1058d704b222e616e5a0809a156b1a29198919f4bf0d40c55a6e972439722c02aac8a156c53572b6d7ef80986405

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_querycheats.lua

MD5 623b89f1e13c54a1f560b254317948b5
SHA1 b90e2de7a5cff0b14738f2fb4f6a3a4e1ee1a17c
SHA256 0c6e90c2525f1560acea3f4bdae056d11df1c2f675c2335594dc80bb910a1b17
SHA512 f80cd50f860a5f8d5c6d6ab7ba8691b443da91573f3f0fc8d5b82b79556c5ac02accc610870ea61a886ecb8a4491457965d082f8f41df781ded1db84f7157a3f

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_publish.lua

MD5 87cd08b16891e0dbe3d47bb71ca91691
SHA1 55d98338b4aa0df3566cd2e721b3d3f86a3836aa
SHA256 6bfd35aa64ab566ddb68d0675ad3b4a093649010a9c30df3a30a7f9dc2ed7702
SHA512 847becf1d3066a3e185001035b68496b91876bdeb323734782c41fc9b2bdf665bf33c728cebbe78e820654d87b1969c09b5d1faed7498538cb5f761984108614

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_processlistextention.lua

MD5 607a7c1ab93026d94916f21779d0d645
SHA1 3d5a64b256fc44086e6e190ea0bc45b5999e1979
SHA256 ea61eea6289c2feba7b7d0cc24db5277e383102f24784e6bf7254af41829599c
SHA512 d6749e2dbe46466a1cb1c464ce3f237836ef6b572ef897c7f5c9d12f80a6c0c7a5dfea54c3499a91e14b29c8bbf0809cce433c379f9e5dc0072e436f641c59ad

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_permissions.lua

MD5 65c8d4eddfe05267a72eae3ddb2cf02a
SHA1 eef2928d355c8b669f8854da37162ba1fe32740a
SHA256 15b0c7682e5e8d2e2c2b8cb00c0c03b7dfa9439ac80c37f8e96a4f86652246f9
SHA512 1c151d5a44482362430fbc6ed4550671ad96e768942e4ec2a4c487182bed9d0326a0d40a1ac43f2c8a3de1e18e33b055ce7126d80fee9b5b7091ed83a22a41ad

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_fulltablelist.lua

MD5 665bb2e55e2a13157d1dbfef05d1b905
SHA1 408fea33f574bd0fa9e4cb71958363398e0699bc
SHA256 da6ecce3db7d305813ffe80ca994663d43f1068f0fb67399a4c66d1f28684bfa
SHA512 8fe95e22680e1e802d0ceeecbbd6b098526468b8cf4d838301d2833247d94e4f3b3a4b76a68f9faaa2177b42ff2ffea2df46ef56a4a0ce501d126135ce8ee985

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_comments.lua

MD5 0d4d1b597712015ef1b0ec8adc26495f
SHA1 3584779c06619f545b47a27703aa2f47455d50de
SHA256 89c8fccc16d2aa0a3004dc1b477a5c1dcbba539769b2a4558f7c7d9b9809b133
SHA512 ae26bbb2c3f74c143a01ec3b296a26699c679d51bc68c8c7b8c460616d1a0aa065500ebca83e972a720bd7a3c5a7b63a673eaecef1391a2e717208ef8da0796f

C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_account.lua

MD5 0b5180bd64689788ebeaa8e705a264ac
SHA1 43a5cc401ee6c4ff4a94697112b1bc1d4345fc19
SHA256 8fd38a5e6c0408ca77e0e7a0ee179b4391758ec6da94ea289e3a2cbc1ab1ec59
SHA512 cc26e2e36b93bf89aa16c744b2db60d855de616db7a67f4fb24135545104459338c3edeab42bb316b1ecb0db9e31970b1415a1bf638ea3e53ae31471330aeadb

C:\Program Files\Cheat Engine 7.5\autorun\bigendian.lua

MD5 e76fcd2ecd5b956d4579a676aa3eea01
SHA1 49ecba5ccc531a40ad7805a126d38b44b4a36576
SHA256 0339ba0043af5c058cf3a19de9f90312d18f6bb2728f454ef403b531bd57ae42
SHA512 8443c213d4a626a358631f76a0cc4c106543ce58c94d34a96b88574b3e32ae742f28878b259a17823ca07ec521b06e32e572e7bc77e10951bc0984b07c0571c6

C:\Program Files\Cheat Engine 7.5\autorun\autosave.lua

MD5 40d6bfe593194cf938e19622a3c13a5e
SHA1 761257e8ef492431cf0e04dbca396fabb25fe1ae
SHA256 c4cef60489b067c8e7abcdd5594643a27d0720b21523753dd462d53024287116
SHA512 1d1aaa9de74b0bb08cc4ceced5dbfa4c589347eac098d7ae013d5a1beaae0eeaca4d314e2591560c6df14a93dd4e9316ca317d21efadcca57d11eee72f4c6e16

C:\Program Files\Cheat Engine 7.5\autorun\alternateSpeedhack.LUA

MD5 459b793e0dc43a993f03d8b612f67cec
SHA1 f14ae9afbe97af534a11bf98ac1cc096269f1474
SHA256 e2cbb4c2f46305bb07d84222231012fd4c800fe8e1b43e0aa1af9b6c5d111f7f
SHA512 1740068e3419d153ecbd9d1a6aada20aabe71915e7422dce1a83e616e8d2a1084922a81741591a682531e1f8146e437d8688521c7707a4909e5721768a3f956e

C:\Program Files\Cheat Engine 7.5\autorun\addtonewgroup.lua

MD5 3e20f1013fb48a67fe59bede7b8e341b
SHA1 8c8a4cb49c3b29db2c47f84aafd0416101722bfe
SHA256 96e4429192f9ab26f8bf9f9429f36b388aa69c3624781c61ea6df7e1bca9b49b
SHA512 99cf3f88c8b06da0dbe8085dee796bec7a9533990a55fbce7524a4f941b5ecf0e8ec975a4b032eb2aaabd116c0804995a75036c98a5e4058f25d78d08a11f3f2

memory/3048-718-0x0000000004540000-0x0000000004680000-memory.dmp

memory/3048-720-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/3048-727-0x0000000000400000-0x00000000006EE000-memory.dmp

memory/1468-729-0x0000000000400000-0x00000000004CC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1c7e2f451eb3836d23007799bc21d5f
SHA1 11a25f6055210aa7f99d77346b0d4f1dc123ce79
SHA256 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800
SHA512 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6876cbd342d4d6b236f44f52c50f780f
SHA1 a215cf6a499bfb67a3266d211844ec4c82128d83
SHA256 ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e
SHA512 dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce46573bfa8fc5ca7b8d41a6351a40c1
SHA1 9be1d452118501074aa66e422949b4a8965a6074
SHA256 63695d7287c55ee656622d931e66debc74bf4a7f16210a56d438e63c9d9c0561
SHA512 23fbac8a231abbc0d5b7f6cbc5fe664981ee27d33455e9b414d54805b38fdee65d146f0bd4778d5c88305ebfcec831233475fd8ced5d927329417acaea496e77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9f5631c52a89be5d364515a094b3e156
SHA1 ad02265958381c7571cd3a9418ba245319802c98
SHA256 209de727a475156c9ea2c77cb3d222c157968e52f1f2df4e7b7c890551390545
SHA512 549173bbca3bbb10b970a177ec8cf95deb720e0c776f2ce83b3bdeeca5c5579938bd967d8bec30ef0754104befcfaea61aa2dcc226ac0a7e98b4b53bf6799798

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 286b8211a8ca2ee4763040a8937937e6
SHA1 c88a19531349d769d5bddf100d58e1d52de934ec
SHA256 2b9f9c50362cb60513acd705138ae9990e744e3ed708c165b44f7b5ca6acf0e1
SHA512 ce1c408da41fcd8b019f3858e9673b2e39875667acc570696aa6bbbe57c0ee8162f3d008d801bb52c4eeb0ba05585d1757bbb66cf487c76e908f960d290bb199

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5a077a539d9ff50239797ba5fde6779
SHA1 9d3928d01aa664c95855f3c641231cfde9897045
SHA256 e36d234b5f454eac1a47bbfb71058a60e5fbb057f05837c339e0c606c1a7f822
SHA512 ad3060a6c2bd323aa9466253663c436707273d662614e47a818321666340099a0c0fa56ebecefa6d48530608fcffb73c016682ad880b32a2ec9b574cf32e085b